Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting from search engines


  • This topic is locked This topic is locked
10 replies to this topic

#1 MikeySW

MikeySW

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 09 January 2010 - 04:09 PM

I was referred here by team member Swagger. I am struggling with a redirect from any search engine as well as in any browser. I read the getting started topic and have run both root repeal as well as dds, Here are the logs each program ran.

Here is the original topic moderated by Swagger:
http://www.bleepingcomputer.com/forums/ind...p;#entry1573126

Here is my dds.txt log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mikey at 15:03:36.73 on Sat 01/09/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2010.945 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mikey\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\users\mikey\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: mesawidum - {73b2551b-366b-4470-b4bb-3b0f399ebac8} - c:\windows\system32\tahisepi.dll
STS: mujuzedij: {73b2551b-366b-4470-b4bb-3b0f399ebac8} - c:\windows\system32\tahisepi.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mikey\appdata\roaming\mozilla\firefox\profiles\b4a0ji79.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-21 81920]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-27 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-21 656624]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-18 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-3 16472]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

=============== Created Last 30 ================

2010-01-09 16:05:51 214650235 ----a-w- c:\windows\MEMORY.DMP
2010-01-09 14:05:00 0 d-----w- c:\program files\CCleaner
2010-01-02 13:03:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 13:03:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:51:00 0 d-----w- c:\programdata\Malwarebytes
2010-01-01 12:51:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 12:40:58 0 d-----w- c:\users\mikey\appdata\roaming\Malwarebytes
2010-01-01 05:19:54 119808 ----a-w- C:\VundoFix.exe
2010-01-01 03:26:05 0 d-----w- C:\VundoFix Backups
2009-12-31 15:54:25 0 ----a-w- c:\windows\system32\wpa.db
2009-12-31 14:20:45 87 ----a-w- c:\windows\wininit.ini
2009-12-31 14:20:28 0 d-----w- c:\windows\pss
2009-12-31 13:52:42 0 ---ha-w- c:\windows\system32\pabesim
2009-12-28 22:17:11 773120 ----a-w- c:\windows\system32\drivers\cpllnqmh.sys
2009-12-27 18:09:11 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-27 18:09:11 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 14:57:21 0 d-----w- c:\users\mikey\appdata\roaming\LimeWire

==================== Find3M ====================

2009-12-07 00:17:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-05 14:16:24 171404 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 02:11:09 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-19 02:11:09 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-19 02:11:09 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-18 14:20:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 14:20:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11:14 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-22 17:05:24 1191936 ----a-w- c:\windows\system32\Restore7.exe
2009-10-22 17:03:34 307200 ----a-w- c:\windows\system32\IRestorePlugIn.dll
2009-10-22 17:03:22 831488 ----a-w- c:\windows\system32\STRecovery.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-21 17:00:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:04:34.11 ===============


I have also attached the attach.txt file as well.

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:18 PM

Posted 10 January 2010 - 04:53 PM

Hi Mike,

Step 1
Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes.
You can enable it again after you're clean.
Open Spybot and click on 'Mode' then click 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.

Reboot the computer.

Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2





  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Step 3
  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
    Now copy the lines in the codebox below.
    CODE
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
Combofix.txt
and both reports from OTL


Thanks.

BBPP6nz.png


#3 MikeySW

MikeySW
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 10 January 2010 - 10:01 PM

Ok, here are the logs as per your request.

Combofix:

ComboFix 10-01-04.01 - Mikey 01/10/2010 20:29:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2010.1240 [GMT -6:00]
Running from: c:\users\Mikey\Desktop\combo-fix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1476049067-3651887435-1591574181-500
c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\system32\drivers\cpllnqmh.sys
c:\windows\system32\oem6.inf
E:\Autorun.inf

Infected copy of c:\windows\system32\drivers\iastor.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINSTS
-------\Legacy_cpllnqmh
-------\Service_cpllnqmh


((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-09 14:05 . 2010-01-09 14:05 -------- d-----w- c:\program files\CCleaner
2010-01-02 13:21 . 2010-01-02 13:21 -------- d-----w- c:\program files\Safari
2010-01-02 13:03 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 13:03 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 03:22 . 2010-01-02 03:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-01-01 12:51 . 2010-01-08 19:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 12:51 . 2010-01-01 12:51 -------- d-----w- c:\programdata\Malwarebytes
2010-01-01 12:40 . 2010-01-01 12:40 -------- d-----w- c:\users\Mikey\AppData\Roaming\Malwarebytes
2010-01-01 05:19 . 2009-12-31 18:08 119808 ----a-w- C:\VundoFix.exe
2010-01-01 03:26 . 2010-01-01 03:26 -------- d-----w- C:\VundoFix Backups
2009-12-31 14:11 . 2009-12-31 14:11 680 ----a-w- c:\users\Mikey\AppData\Local\d3d9caps.dat
2009-12-27 18:09 . 2010-01-11 02:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-27 18:09 . 2010-01-02 13:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 15:15 . 2009-12-21 15:15 -------- d-----w- c:\users\Mikey\AppData\Local\jZip
2009-12-21 14:57 . 2010-01-11 02:19 -------- d-----w- c:\users\Mikey\AppData\Roaming\LimeWire
2009-12-20 16:59 . 2009-12-20 16:59 -------- d-----w- c:\users\Mikey\AppData\Local\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 02:37 . 2009-11-10 11:15 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-09 16:02 . 2009-12-07 01:04 -------- d-----w- c:\users\Mikey\AppData\Roaming\uTorrent
2010-01-08 19:32 . 2010-01-08 19:32 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:18 . 2009-11-24 01:11 -------- d-----w- c:\users\owner\AppData\Roaming\LimeWire
2010-01-02 13:21 . 2009-12-07 00:49 -------- d-----w- c:\users\Mikey\AppData\Roaming\Apple Computer
2009-12-27 13:48 . 2009-07-21 14:35 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2009-12-24 20:25 . 2009-09-18 13:12 -------- d-----w- c:\program files\Google
2009-12-21 16:19 . 2009-11-03 11:26 -------- d-----w- c:\program files\PeerBlock
2009-12-09 22:56 . 2009-09-13 03:08 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 22:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 00:49 . 2009-12-07 00:49 101856 ----a-w- c:\users\Mikey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-07 00:17 . 2009-12-07 00:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-05 14:16 . 2009-12-05 14:16 171404 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-03 15:35 . 2009-08-27 03:15 6080 ----a-w- c:\users\owner\AppData\Local\d3d9caps.dat
2009-11-28 13:54 . 2009-08-27 03:07 101856 ----a-w- c:\users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-27 14:09 . 2009-11-19 02:13 -------- d-----w- c:\users\owner\AppData\Roaming\Apple Computer
2009-11-27 14:03 . 2009-10-28 14:15 -------- d-----w- c:\programdata\Apple
2009-11-26 12:54 . 2009-07-21 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-26 03:37 . 2009-07-21 14:32 -------- d-----w- c:\program files\Microsoft Works
2009-11-26 03:35 . 2009-11-26 03:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-24 01:11 . 2009-11-24 01:11 -------- d-----w- c:\program files\LimeWire
2009-11-24 01:11 . 2009-10-29 22:18 -------- d-----w- c:\users\owner\AppData\Roaming\uTorrent
2009-11-19 02:13 . 2009-11-19 02:12 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-19 02:13 . 2009-11-19 02:12 -------- d-----w- c:\program files\iTunes
2009-11-19 02:12 . 2009-11-19 02:12 -------- d-----w- c:\program files\iPod
2009-11-19 02:12 . 2009-10-28 14:15 -------- d-----w- c:\program files\Common Files\Apple
2009-11-19 02:12 . 2009-11-19 02:12 -------- d-----w- c:\programdata\Apple Computer
2009-11-19 02:12 . 2009-11-19 02:12 -------- d-----w- c:\program files\Bonjour
2009-11-19 02:12 . 2009-10-28 14:15 -------- d-----w- c:\program files\QuickTime
2009-11-18 14:20 . 2009-11-18 14:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 14:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 14:20 . 2009-11-18 14:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 02:11 . 2009-11-13 02:11 -------- d-----w- c:\users\owner\AppData\Roaming\DivX
2009-11-13 02:08 . 2009-11-13 02:08 -------- d-----w- c:\program files\DivX
2009-11-13 02:08 . 2009-07-21 14:34 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-13 02:08 . 2009-11-13 02:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-12 23:07 . 2009-11-12 23:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-09 12:31 . 2009-12-09 22:55 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 22:55 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 22:55 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 03:16 . 2009-11-06 03:16 73728 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-03 22:37 . 2009-11-03 22:37 131072 ----a-w- c:\users\owner\AppData\Roaming\Netscape\Plugins\npPxPlay.dll
2009-11-03 22:37 . 2009-11-03 22:37 131072 ----a-w- c:\users\owner\AppData\Roaming\Mozilla\Plugins\npPxPlay.dll
2009-11-03 02:42 . 2009-10-12 17:45 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 13:14 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11 . 2009-12-09 01:07 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 01:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-22 17:05 . 2009-11-18 01:30 1191936 ----a-w- c:\windows\system32\Restore7.exe
2009-10-22 17:03 . 2009-11-18 01:30 307200 ----a-w- c:\windows\system32\IRestorePlugIn.dll
2009-10-22 17:03 . 2009-11-18 01:30 831488 ----a-w- c:\windows\system32\STRecovery.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-21 17:00 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

c:\users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-21 14:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:f6,be,4d,66,33,45,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-18]
"EnableNotifications\\Ref"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1476049067-3651887435-1591574181-1000]
"EnableNotifications\\Ref"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1476049067-3651887435-1591574181-1001]
"EnableNotifications\\Ref"=dword:00000001

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [7/21/2009 11:05 AM 81920]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/27/2009 12:09 PM 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\SftService.exe [7/21/2009 8:36 AM 656624]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/18/2009 7:12 AM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:23 PM 21504]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/3/2009 5:26 AM 16472]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [11/4/2008 5:16 PM 22904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 13:12]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 13:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\b4a0ji79.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{73b2551b-366b-4470-b4bb-3b0f399ebac8} - c:\windows\system32\tahisepi.dll
SSODL-mesawidum-{73b2551b-366b-4470-b4bb-3b0f399ebac8} - c:\windows\system32\tahisepi.dll



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-10 20:45:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 02:44

Pre-Run: 107,076,325,376 bytes free
Post-Run: 107,305,586,688 bytes free

- - End Of File - - AFE933E1371398C8DF1423978DC34F13


>>>OTL.TXT<<<

OTL logfile created on: 1/10/2010 8:50:40 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\Mikey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 100.04 Gb Free Space | 74.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 7.95 Gb Free Space | 54.28% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Mikey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mikey\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Mikey\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe ()
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (wltrysvc) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usb_rndisx) -- C:\Windows\System32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 18:16:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 18:16:19 | 00,000,000 | ---D | M]

[2009/12/21 08:57:44 | 00,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\Mozilla\Extensions
[2009/12/21 08:57:44 | 00,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/10 16:27:43 | 00,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\b4a0ji79.default\extensions
[2009/10/27 09:32:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/01/10 20:46:39 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Users\Mikey\Desktop\OTL.exe
[2010/01/10 20:45:04 | 00,000,000 | ---D | C] -- C:\Users\Mikey\AppData\Local\temp
[2010/01/10 20:39:26 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/10 20:37:21 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/10 20:22:25 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/10 20:22:25 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/10 20:22:25 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/10 20:22:14 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/10 20:21:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/10 20:21:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/09 10:06:03 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/09 08:05:00 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/02 07:21:02 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/01/02 07:03:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/02 07:03:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/01 06:51:00 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/01 06:51:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/01 06:40:58 | 00,000,000 | ---D | C] -- C:\Users\Mikey\AppData\Roaming\Malwarebytes
[2009/12/31 23:19:54 | 00,119,808 | ---- | C] (Atribune.org) -- C:\VundoFix.exe
[2009/12/31 21:48:35 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mikey\Desktop\mbam-setup.exe
[2009/12/31 21:26:05 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/31 08:20:28 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/12/27 12:09:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/27 12:09:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/21 09:15:12 | 00,000,000 | ---D | C] -- C:\Users\Mikey\AppData\Local\jZip
[2009/12/21 08:58:01 | 00,000,000 | ---D | C] -- C:\Users\Mikey\Documents\LimeWire
[2009/12/21 08:57:21 | 00,000,000 | ---D | C] -- C:\Users\Mikey\AppData\Roaming\LimeWire
[2009/12/20 10:59:35 | 00,000,000 | ---D | C] -- C:\Users\Mikey\AppData\Local\Adobe

========== Files - Modified Within 30 Days ==========

[2010/01/10 20:49:23 | 04,718,592 | -HS- | M] () -- C:\Users\Mikey\NTUSER.DAT
[2010/01/10 20:46:40 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\Mikey\Desktop\OTL.exe
[2010/01/10 20:45:43 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/10 20:45:43 | 00,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/10 20:45:43 | 00,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/10 20:39:25 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/10 20:39:20 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/10 20:39:13 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/10 20:38:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/10 20:38:38 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 20:38:38 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 20:38:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/10 20:38:27 | 21,080,18688 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/10 20:37:55 | 00,524,288 | -HS- | M] () -- C:\Users\Mikey\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/10 20:37:55 | 00,065,536 | -HS- | M] () -- C:\Users\Mikey\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/10 20:37:55 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/10 20:23:01 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/10 20:16:20 | 01,666,484 | -H-- | M] () -- C:\Users\Mikey\AppData\Local\IconCache.db
[2010/01/10 20:12:41 | 03,819,182 | R--- | M] () -- C:\Users\Mikey\Desktop\combo-fix.exe
[2010/01/09 14:57:07 | 00,000,000 | ---- | M] () -- C:\Users\Mikey\Desktop\settings.dat
[2010/01/09 10:05:51 | 21,465,0235 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/08 18:08:45 | 00,371,844 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts1
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 13:18:53 | 00,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/01/02 07:40:00 | 00,371,260 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100108-180845.backup
[2010/01/02 07:03:18 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/02 07:01:22 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/02 07:01:22 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/31 12:08:22 | 00,119,808 | ---- | M] (Atribune.org) -- C:\VundoFix.exe
[2009/12/31 10:12:40 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mikey\Desktop\mbam-setup.exe
[2009/12/31 10:06:58 | 00,263,168 | ---- | M] () -- C:\Users\Mikey\Desktop\rkill.exe
[2009/12/31 09:54:25 | 00,000,000 | ---- | M] () -- C:\Windows\System32\wpa.db
[2009/12/31 08:20:45 | 00,000,087 | ---- | M] () -- C:\Windows\wininit.ini
[2009/12/31 08:14:31 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\pabesim
[2009/12/31 08:11:07 | 00,000,680 | ---- | M] () -- C:\Users\Mikey\AppData\Local\d3d9caps.dat
[2009/12/27 12:09:15 | 00,001,057 | ---- | M] () -- C:\Users\Mikey\Desktop\Spybot - Search & Destroy.lnk
[2009/12/24 14:25:32 | 00,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/21 12:08:38 | 00,000,104 | ---- | M] () -- C:\Users\Mikey\Desktop\Internet - Shortcut.lnk
[2009/12/21 08:58:02 | 00,001,668 | ---- | M] () -- C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/12/20 10:57:12 | 00,000,754 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2010/01/10 20:22:25 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/10 20:22:25 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/10 20:22:25 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/10 20:22:25 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/10 20:22:25 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/10 20:12:37 | 03,819,182 | R--- | C] () -- C:\Users\Mikey\Desktop\combo-fix.exe
[2010/01/09 14:57:07 | 00,000,000 | ---- | C] () -- C:\Users\Mikey\Desktop\settings.dat
[2010/01/09 11:20:50 | 21,080,18688 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/09 10:05:51 | 21,465,0235 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/02 07:21:07 | 00,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/01/02 07:03:18 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/02 07:01:22 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/01/02 07:01:22 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/01/01 06:44:42 | 00,263,168 | ---- | C] () -- C:\Users\Mikey\Desktop\rkill.exe
[2009/12/31 09:54:25 | 00,000,000 | ---- | C] () -- C:\Windows\System32\wpa.db
[2009/12/31 09:44:26 | 00,001,668 | ---- | C] () -- C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/12/31 08:20:45 | 00,000,087 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/31 08:11:07 | 00,000,680 | ---- | C] () -- C:\Users\Mikey\AppData\Local\d3d9caps.dat
[2009/12/31 07:52:42 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\pabesim
[2009/12/27 12:09:15 | 00,001,057 | ---- | C] () -- C:\Users\Mikey\Desktop\Spybot - Search & Destroy.lnk
[2009/12/24 14:25:32 | 00,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/21 12:08:38 | 00,000,104 | ---- | C] () -- C:\Users\Mikey\Desktop\Internet - Shortcut.lnk
[2009/12/20 10:57:12 | 00,000,754 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/11/17 19:30:09 | 00,447,728 | ---- | C] () -- C:\Windows\System32\STBackupEngine.dll
[2009/11/17 19:30:09 | 00,390,384 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/11/17 19:30:09 | 00,386,288 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/11/17 19:30:09 | 00,271,600 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/11/17 19:30:09 | 00,259,312 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/11/17 19:30:09 | 00,234,736 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/11/17 19:30:09 | 00,132,336 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/11/17 19:30:09 | 00,132,336 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/11/17 19:30:09 | 00,124,144 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/11/17 19:30:09 | 00,121,584 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/11/17 19:30:09 | 00,115,952 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/11/17 19:30:09 | 00,107,760 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/11/17 19:30:09 | 00,103,664 | ---- | C] () -- C:\Windows\System32\STXMLSystem.dll
[2009/11/17 19:30:09 | 00,099,568 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/11/17 19:30:09 | 00,095,472 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/11/17 19:30:09 | 00,083,184 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/11/17 19:30:09 | 00,079,088 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/11/17 19:30:09 | 00,074,992 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/11/17 19:30:09 | 00,071,408 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/11/17 19:30:09 | 00,058,608 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/11/17 19:30:09 | 00,000,060 | ---- | C] () -- C:\Windows\System32\winpeshl.ini
[2009/11/17 19:30:09 | 00,000,020 | ---- | C] () -- C:\Windows\System32\ST_LOG.INI
[2009/11/17 19:30:08 | 01,123,568 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/11/17 19:30:08 | 00,476,400 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/11/17 19:30:08 | 00,410,864 | ---- | C] () -- C:\Windows\System32\BackupApi.dll
[2009/11/17 19:30:08 | 00,115,952 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/09/13 18:47:51 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/07 09:29:44 | 04,455,865 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/09/06 08:52:04 | 00,828,611 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/09/02 14:23:04 | 00,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/09/02 14:22:58 | 00,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/09/02 14:22:40 | 00,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/09/02 14:22:10 | 00,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/09/02 14:22:06 | 00,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/09/02 10:38:44 | 00,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/09/02 10:35:12 | 00,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/09/02 10:01:48 | 00,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/08/25 12:07:36 | 00,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/07/21 08:26:56 | 00,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/07/21 08:26:55 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/07/21 08:19:29 | 00,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/06/02 11:11:26 | 00,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/06/02 11:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/01/10 16:17:32 | 00,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 16:16:56 | 00,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 16:16:50 | 00,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 16:16:14 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 16:15:54 | 00,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 16:15:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 16:15:32 | 00,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 16:15:28 | 00,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 16:15:12 | 00,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 16:14:08 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 16:14:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2007/10/13 03:30:20 | 00,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/10 11:10:12 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/01/10 20:41:13 | 00,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\LimeWire
[2010/01/09 10:02:47 | 00,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\uTorrent
[2010/01/10 20:37:55 | 00,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/31 12:08:22 | 00,119,808 | ---- | M] (Atribune.org) -- C:\VundoFix.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 11:43:58 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 11:43:58 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 11:43:58 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/11 11:43:58 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/11 11:43:58 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/05/07 16:40:38 | 00,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/08/31 12:15:54 | 00,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\storage\R197861\IaStor.sys
[2008/05/07 16:40:02 | 00,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/08/31 12:15:54 | 00,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iastor.sys
[2008/05/07 16:40:02 | 00,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008/08/31 12:15:54 | 00,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< End of report >


>>>Extras.txt<<<

OTL Extras logfile created on: 1/10/2010 8:50:40 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\Mikey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 100.04 Gb Free Space | 74.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 7.95 Gb Free Space | 54.28% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Mikey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-18]
"EnableNotifications" = 0
"EnableNotifications\Ref" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1476049067-3651887435-1591574181-1000]
"EnableNotifications" = 0
"EnableNotifications\Ref" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1476049067-3651887435-1591574181-1001]
"EnableNotifications" = 0
"EnableNotifications\Ref" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044350CA-78EE-49B5-9985-C48659DA84DC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{08F8B9C5-BED0-49A3-8B60-FB3F4F35A715}" = lport=445 | protocol=6 | dir=in | app=system |
"{0AD6D8F0-C2F4-4AEC-A21D-D30B77A1DBA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E6F52CE-87BF-4185-816B-9DBF10EBDF78}" = rport=139 | protocol=6 | dir=out | app=system |
"{14CD6DBE-07E7-4B4D-A3DF-9E618ABC9FA5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{29C009CC-12D6-4F74-9737-A8E135DE5AEA}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F0B94FD-0509-49B7-8A84-6FB828FF2C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30C462F1-4C3F-4070-B86E-A635FB57D30C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59B25EC7-48F4-4F8B-937F-32996DD5460C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{620AA6D2-2A48-46B8-899A-798E681E8F84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6261F6B6-EAB2-4982-A0DB-70532B0B471C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6CD229F4-8FC1-455F-ABCC-975EF0BE1C7B}" = lport=138 | protocol=17 | dir=in | app=system |
"{B765E23C-ADBF-4D7E-A918-26C3607E2C15}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA59EBBE-ABBE-436A-B5A7-E1B017871883}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{BA8A2AE7-4E95-432F-B4FB-865B154E71F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBC5A7F0-9E6D-4D35-BEB3-38E3BDFA5841}" = lport=139 | protocol=6 | dir=in | app=system |
"{D18A3233-C426-47FD-A4EE-229FC3F774DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0834318-6885-4620-BEBE-0847C0C6B247}" = lport=137 | protocol=17 | dir=in | app=system |
"{F9570618-E235-40D4-BBBE-86E04A20CF52}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B7887E-3782-4C66-A495-8063E3927EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06F9355E-7521-4030-827D-AC79D25C16F7}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |
"{10FC8C2E-01CD-4F29-963F-1EB16DA494E5}" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"{13052B07-1501-4ED8-8F6B-8CDB85821598}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{2598739C-2EEC-4529-ADE7-140EED68B135}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{2E0AAFA4-E1E0-4069-8E09-768417AC3AAA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2FC321A9-E1D0-463B-86D9-F1BBCE79F1C7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3285DDAA-C99F-4595-81B3-2B8EFADB50AC}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{3352D879-D859-4D3C-9C29-99AE2AD416E3}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{3A6A3512-076E-48C4-8B25-73AA8ED96FEF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3B778C60-CF15-4EC8-ABDF-58D58CFB38C4}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{418341C9-9987-436A-A76D-9EDF248F2128}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon86.exe |
"{479E5C39-0A6B-42B4-8899-BD06686DEBA7}" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"{4F54B17F-F87B-4359-B383-5DC37262A3A1}" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"{50D40D72-0A2F-4780-A90D-F6B533D7CA46}" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"{53704247-8F0B-4E06-A51D-60ED6188DF8F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5EBC19FD-5059-4D3B-9BC9-3815EC04AC42}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon86.exe |
"{61C868BB-6C75-45B5-A838-5E7958394102}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{634D19E9-4635-406B-9BA3-4B5C72414A62}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon86.exe |
"{641EF58A-BE9C-4DA7-A303-B4AAF99DCDEF}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6D885405-3567-4E63-B65A-D7C02C1F9B41}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon86.exe |
"{70C5FDDF-97E5-469A-9A88-E5348F674F14}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{7387BC19-FD9F-4456-A094-386648F1D3B4}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{752105DD-82FE-44C9-91EE-5D495EDF683E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{77160839-09A2-4728-A107-85347840B871}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7D12EFE0-752A-446A-B34A-256944AA629A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7DA327E1-87E6-407A-9362-148663922806}" = protocol=6 | dir=in | app=c:\windows\system32\bcmwltry.exe |
"{7DB054E2-8C0E-4080-9EB4-DBCE2CEC97CC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7DBC9F1D-8178-4D97-B578-7277ADFB96D2}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{8AB7D7D9-0140-47FC-A680-8A49E399B6E9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8CBF1C8F-1D21-4EE6-BC7C-0EE76412A985}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8CC9D452-5E4A-4AFC-9792-75C694CF6FFC}" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
"{8D1400C3-1039-48FB-A712-0279A4263CAB}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{9435412C-B3CA-4A99-B794-1B83D492EE01}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{9994354E-028A-447B-B587-DD5A74AAD825}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9D882556-3930-46CC-AA86-F45885A54699}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E73DA8C-E7EC-42F9-BC59-04D787F3ED3A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A338A7C1-8BC0-4F14-BEB4-810BF1C73722}" = protocol=17 | dir=in | app=c:\windows\system32\bcmwltry.exe |
"{A41E6FAE-55AC-45BE-B95B-EFBB963AA0F5}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |
"{A9DEEE55-4C0E-450D-ADD1-9CDDA975BCFC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AAF38F9F-088B-4F78-B3B9-067C5D42EAE7}" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"{B02D3BDE-6B54-4F89-B7F8-D547DFFF7938}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B1F4405B-5A7B-467F-9FCB-1FBFC4F124F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B22E626D-5C9A-4B4D-90EA-A812B816BDE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF0C1A0E-9958-45F3-B905-96091D30A06A}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{C17AFEAA-737E-425D-9FF0-0708C4C0B5A8}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{C519A98F-CA09-4978-B622-3A960558C45A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C77BD577-B25D-4F9B-988B-FAABCC3E9485}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{CF0EF45B-187F-477E-8C5F-E7FE3908C1EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D35D2417-56B7-40B9-8177-C51981F62046}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{D4B3B35B-3083-4604-B024-5F7B59B431D1}" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
"{D6D23393-9950-4C7D-95CE-40BB7102A0B4}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{D99BA508-85F2-4417-B331-A0782B143DD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7E2AEA3-D9BD-4697-B3F7-3DEFCBAED7F1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8763325-A99B-493D-8155-056DA9EEAC2B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC2A0F02-235C-43BE-951B-958275E76EB4}" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"{ED30C953-0F16-4DD1-A971-58460503B18C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F583084F-88D2-40DF-9275-7A7BE940FF5D}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{F5DD3B01-102B-4DDE-A6A0-A752F54ECE62}" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |
"{F77397A3-65AD-47CC-9AAF-5FB95C59E7BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7F6B39F-3457-4BBE-B262-804CC85A13B8}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F8A5384B-7807-46D9-9762-E38534AE99E0}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{F92A3D59-D21D-4C1E-A461-9BF65FAF313F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB107174-03D2-44D2-AFA7-26BA3FE768A8}" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B30B65-6615-46CF-ABB2-4AD33B9CE87A}" = OutSync
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Standard) 7.9.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoToAssist" = GoToAssist 8.0.0.514
"jZip" = jZip
"LimeWire" = LimeWire PRO 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Photodex Presenter" = Photodex Presenter
"ProShow Producer" = ProShow Producer
"RocketDock_is1" = RocketDock 1.3.5
"TVWiz" = Intel® TV Wizard
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2010 7:50:32 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xeb8, application start time
0x01ca918687cc701b.

Error - 1/9/2010 7:50:38 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0x14e8, application start time
0x01ca91868b3608bb.

Error - 1/10/2010 5:35:32 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2010 5:35:32 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xb00, application start time
0x01ca923cd6795711.

Error - 1/10/2010 5:36:52 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xd64, application start time
0x01ca923d05f12271.

Error - 1/10/2010 5:37:01 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xdc0, application start time
0x01ca923d0af8ea51.

Error - 1/10/2010 5:37:08 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xe3c, application start time
0x01ca923d0ed4c4f1.

Error - 1/10/2010 5:37:15 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xe8c, application start time
0x01ca923d13469631.

Error - 1/10/2010 5:37:23 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0x8a0, application start time
0x01ca923d1743c411.

Error - 1/10/2010 5:37:33 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 5.10.38.30, time stamp
0x491a499b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xda4, application start time
0x01ca923d1dcd9041.

[ System Events ]
Error - 11/14/2009 7:16:11 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2009 8:38:05 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2009 8:38:05 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2009 8:38:05 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2009 2:41:25 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2009 2:41:25 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2009 2:41:25 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/15/2009 8:16:08 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/15/2009 8:16:08 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/15/2009 8:16:08 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:18 PM

Posted 10 January 2010 - 11:07 PM

Hi Mike,

Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.


Step 1
Let's have a clean out.
Double click on OTL.exe to run it.
Copy the lines in the codebox below. (make sure you include the first lot of : )
CODE
:Otl
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

:Commands
[PURITY]
[EMPTYTEMP]
  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


  • Click the red Run Fix button.
  • Otl will reboot your system after the fix.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log in your next reply.

Step 2
Your uninstall list is showing 'Norton Internet Security'..... but nothing showing in your reports.
I can only assume that this came on the system as a trial program and has expired?
If this is the case, you need to install an antivirus program as soon as you can and run a complete scan of the computer:
But first you will need to uninstall 'Norton Internet Security' from your system.Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

Note*:
Upon installation MS Security Essentials will check that your OS is a legal copy.

In your next reply, please submit:
OTL report that comes up after the fix,
Let me know if there were any problems installing and running the new AV
Also let me know how the system is running now.


Thanks.

BBPP6nz.png


#5 MikeySW

MikeySW
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 11 January 2010 - 05:41 PM

Alright, I have ran OTL again and here is its report:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mikey
->Temp folder emptied: 404028 bytes
->Temporary Internet Files folder emptied: 88235 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41954910 bytes
->Apple Safari cache emptied: 17472320 bytes

User: owner
->Temp folder emptied: 35200 bytes
->Temporary Internet Files folder emptied: 224188 bytes
->Java cache emptied: 5253600 bytes
->FireFox cache emptied: 105858171 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3160 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 163.00 mb


OTL by OldTimer - Version 3.1.23.0 log created on 01112010_152230

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


---- Now I also installed Avira and here is its log. It says it found one virus and some questionable softwares:



Avira AntiVir Personal
Report file date: Monday, January 11, 2010 15:25

Scanning for 1521437 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : OWNER-PC

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:18:36
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 21:18:36
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 21:18:36
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 21:18:36
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 21:18:36
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 21:18:36
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 21:18:37
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 21:18:37
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 21:18:37
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 21:18:37
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 21:18:37
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 21:18:37
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 21:18:39
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 21:18:40
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 21:18:41
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 21:18:43
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 21:18:44
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 21:18:45
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 21:18:46
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 21:18:47
VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 21:18:48
VBASE022.VDF : 7.10.2.158 192000 Bytes 1/11/2010 21:18:49
VBASE023.VDF : 7.10.2.159 2048 Bytes 1/11/2010 21:18:49
VBASE024.VDF : 7.10.2.160 2048 Bytes 1/11/2010 21:18:50
VBASE025.VDF : 7.10.2.161 2048 Bytes 1/11/2010 21:18:50
VBASE026.VDF : 7.10.2.162 2048 Bytes 1/11/2010 21:18:50
VBASE027.VDF : 7.10.2.163 2048 Bytes 1/11/2010 21:18:50
VBASE028.VDF : 7.10.2.164 2048 Bytes 1/11/2010 21:18:50
VBASE029.VDF : 7.10.2.165 2048 Bytes 1/11/2010 21:18:50
VBASE030.VDF : 7.10.2.166 2048 Bytes 1/11/2010 21:18:51
VBASE031.VDF : 7.10.2.169 90112 Bytes 1/11/2010 21:18:51
Engineversion : 8.2.1.134
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 13:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/11/2010 21:19:01
AESCN.DLL : 8.1.3.0 127348 Bytes 1/11/2010 21:19:00
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 1/11/2010 21:19:00
AEPACK.DLL : 8.2.0.4 422263 Bytes 1/11/2010 21:18:58
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38
AEHEUR.DLL : 8.1.0.194 2228599 Bytes 1/11/2010 21:18:57
AEHELP.DLL : 8.1.9.0 237943 Bytes 1/11/2010 21:18:54
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/11/2010 21:18:53
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 1/11/2010 21:18:52
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, January 11, 2010 15:25

Starting search for hidden objects.
'96849' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'PDVDDXSrv.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SftService.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'scsiaccess.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AEstSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
69 processes with 69 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmartShopper7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentwiw.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Qoobox\Quarantine\C\Windows\System32\drivers\iaStor.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
Begin scan in 'E:\' <RECOVERY>

Beginning disinfection:
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4b9ea807.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4c40ff60.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4baca82b.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmartShopper7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4baca826.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentwiw.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4bb9a822.qua'!
C:\Qoobox\Quarantine\C\Windows\System32\drivers\iaStor.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to '4b9ea81b.qua'!


End of the scan: Monday, January 11, 2010 16:35
Used time: 44:59 Minute(s)

The scan has been done completely.

24509 Scanned directories
284090 Files were scanned
1 Viruses and/or unwanted programs were found
5 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
284082 Files not concerned
1924 Archives were scanned
2 Warnings
8 Notes
96849 Objects were scanned with rootkit scan
0 Hidden objects were found



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:18 PM

Posted 11 January 2010 - 06:24 PM

Hi Mike

Don't you just love it when a program finds something that another program has already removed.... and they want it for there own. hysterical.gif
It was good that you did the scan, it shows to me that you listened. thumbup.gif ( not everyone does)

2 more checks to make sure that we have covered everything.

Step 1
Because of a file removal in CF, i'd like to make sure you are covered against a possible USB infection.

Temporarily disable your anti-virus, script blocking and any real time protection programs before downloading this tool as it can be falsely flagged as malware.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Step 2
I'd like you to do an ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Click , and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the button.
  • Click
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

In your next reply, please submit:
Eset scan report
Does the system seem stable now?


Thanks.

BBPP6nz.png


#7 MikeySW

MikeySW
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 11 January 2010 - 09:46 PM

Unfortunately the flash detector didn't run for me. I would double click, give permission to the file but then it would seem to go to background yet nothing ever came up, even in task manager. I did complete my eset scan. It found a couple....

C:\Qoobox\Quarantine\C\Windows\System32\drivers\cpllnqmh.sys.vir a variant of Win32/Rootkit.Kryptik.AF trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_cpllnqmh_.sys.zip a variant of Win32/Rootkit.Kryptik.AF trojan deleted - quarantined


The system seems stable. I plan on rebooting after I send this and checking the google search perhaps tomorrow. I will reply again to let you know what I find. Also, let me know if I need to do anything else.

Mike

**Update as of 1/12 @ 904am**

Google searches are no longer being redirected and somehow through this process the "Dell Wireless Card is not responding" error window no longer pops up. 2 birds with the one stone as they say I guess. Although there were many stones thrown, I'm glad you were there giving me the right ones. I won't doubt these forums any longer, I greatly appreciate your help here, Starbuck...and good luck with Assassin's Creed 2 ;)

Edited by MikeySW, 12 January 2010 - 10:06 AM.


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:18 PM

Posted 12 January 2010 - 03:50 PM

Hi Mike,

QUOTE
I did complete my eset scan. It found a couple....

C:\Qoobox\Quarantine\C\Windows\System32\drivers\cpllnqmh.sys.vir a variant of Win32/Rootkit.Kryptik.AF trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_cpllnqmh_.sys.zip a variant of Win32/Rootkit.Kryptik.AF trojan deleted - quarantined
Those are nothing to worry about. 'Qoobox' is ComboFix's quarantine folder.

QUOTE
I'm glad you were there giving me the right ones. I won't doubt these forums any longer
Thanks for the comments. The Hjt team here at BC pride themselves on being just about the best there is. Any member of the team would have been glad to help you.

QUOTE
good luck with Assassin's Creed 2
It's one of those games that i was interested in but never had the time to play properly. The son plays it, so one day i'll get him to show me how to play it properly.

As everything is running normal again and the scans haven't thrown up anything new, we'll finish off.

Just a couple of things to point out before we finish off....
(a) You only have 'Service Pack 2 ' installed, this means your system is behind with some important system changes.
You really should think about updating to Service Pack 3.
(cool.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 17 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Now to finish off:

Step 1
  • Please double-click OTL.exe to run it.
  • You should see a CleanUp! button, press that button,


  • This will remove any programs we have asked you to download along with there associated folders.. plus itself.

Note:
MBAM will not be removed

Step 2
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Select the drive for cleaning then click OK (usually 'C' drive)
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Now the boring speech part: hysterical.gif
Not all parts are applicable to you.

To find out how you may have been infected....read this topic:
So how did i get infected?

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software
    Note*:
    Upon installation MS Security Essentials will check that your OS is a legal copy.

    Only install one AntiVirus program
  • Update your AntiVirus Software regularly
  • Use a 3rd party Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

    Only install one software Firewall
  • Scan regularly with a 'Stand Alone' Anti-Malware scanner:
    Installing another scanner that you can run once or twice a week is always beneficial.
    Something like:
    Malwarebytes Anti-Malware
    SUPERAntiSypware
    Remember to update these programs each time before running.
    You can install more than one of these if you only run them as stand alone programs.
  • Use an alternative browser:
    Some excellent alternatives to MS Internet Explorer are:

    Firefox
    For added security, add the NoScript extension to this browser:
    Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
    also consider adding:
    WOT - Safe Browsing Tool

    Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
    Btw: you don't have to make a contribution.

    Opera

    They offer better security, more stability, and better speed.
  • Keep a backup of your registry
    Keeping a regular backup of your registry will help when something goes wrong.
    Use a program like:
    Erunt

    A full tutorial on how to set up and use Erunt can be found here:
    Erunt tutorial
  • Keep your system clean of temp files etc, using a 'Cleaner':

    Cleaners are programs that will help to clean out your:
    Windows temp files
    Current user temp files
    Cookies
    Temporary Internet flies
    Browser history
    Recycle bin
    Etc.......
    In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
    Programs like:
    CCleaner
    TFC by OldTimer
    ATF Cleaner
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using and installing SpywareBlaster
  • Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing.

BBPP6nz.png


#9 MikeySW

MikeySW
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 14 January 2010 - 10:08 AM

Alright, I have cleaned OTL, created the restore point, removed all previous restore points and installed Outpost Firewall. The only snag I ran into is that I don't see a service pack 3 available for my Vista. The only updates I don't have involve ms office and IE8. If you're privy to a newer more stable and secure service pack please clue me in. Unless you are referring to Windows 7 as the Sp3.

Thanks again for the help, I greatly appreciate it.

Mike

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:18 PM

Posted 14 January 2010 - 10:23 AM

Hi Mike,

Take no notice of me.... must have had a dumb moment.
That'll teach me to work on 2 logs at once, sorry got your vista mixed up with the other OS ... which was XP.

BBPP6nz.png


#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:18 PM

Posted 19 January 2010 - 09:19 PM

As this topic has been resolved this thread will now be closed.

If you need this topic reopened, please contact one of the moderating team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users