Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log File help needed


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jasmine25

Jasmine25

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 14 July 2010 - 11:03 AM

I'm new here and I need help. I'm not sure where to post this, so I apologize in advance if this is the wrong forum. I've been online for about 3 1/2 hours now and about an hour ago, my browser started acting funny. It keeps redirecting me to ask.com, giving me search options from ask.com and telling me a site cannot be found(if I type in yahoo.com, it'll go to chameleontom.iamwired and firefox says that site is unsafe). I've tried running MalwareBytes and SuperAntiSpyware, but it keeps happening(SAS found a browser hijacker and removed it, but it keeps redirecting me). What can I do to fix this?

My browser keeps being redirected to either ask.com or something called chameleontome.iamwired and I can't figure out how to fix it. I tried running two different virus scans, but it still keeps redirecting me. Here is my HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:00:59 PM, on 7/14/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:Program Files (x86)Mozilla Firefoxplugin-container.exe
C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...15v1i5r4432s23o
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://bing.zugo.com/?cfg=2-80-0-Yibl
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:Program Files (x86)Common FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program Files (x86)eMachines GameseMachines Game ConsoleGameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:Program Files (x86)eMachinesRegistrationGregHSRW.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:Windowssystem32spoolDRIVERSx643lxddserv.exe
O23 - Service: lxdd_device - - C:Windowssystem32lxddcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:Windowssystem32nvvsvc.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:Program FileseMachineseMachines UpdaterUpdaterService.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 7323 bytes

If someone can help me out, please post. I am so frustrated.

Edited by hamluis, 14 July 2010 - 12:50 PM.
Merged posts ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:50 AM

Posted 19 July 2010 - 02:53 PM

Hi Jasmine25, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Jasmine25

Jasmine25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 22 July 2010 - 03:20 PM

Here is the OTL.Txt log:

OTL logfile created on: 7/22/2010 4:04:37 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jazz\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 223.85 Gb Free Space | 78.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Jazz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/22 16:04:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jazz\Downloads\OTL.exe
PRC - [2010/07/21 17:05:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/22 16:04:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jazz\Downloads\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/19 12:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/04/19 12:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2007/05/25 09:42:22 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/05/25 09:42:12 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2010/06/26 18:21:49 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/27 17:56:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 01:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...15v1i5r4432s23o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...15v1i5r4432s23o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.zugo.com/?cfg=2-80-0-Yibl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-80-0-Yi8i
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {cc73beb0-fbcc-f18c-bcf0-44900aa51d43}:4.6.6.6
FF - prefs.js..extensions.enabledItems: {0b521176-81b5-4849-b963-98c7a257827d}:3.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.38
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/21 17:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/21 17:05:39 | 000,000,000 | ---D | M]

[2010/02/23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\Jazz\AppData\Roaming\Mozilla\Extensions
[2010/02/23 13:10:05 | 000,000,000 | ---D | M] -- C:\Users\Jazz\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/02/23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\Jazz\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/22 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\Jazz\AppData\Roaming\Mozilla\Firefox\Profiles\y4y1n9rt.default\extensions
[2010/04/15 21:02:46 | 000,000,000 | ---D | M] (OpinionSquare) -- C:\Users\Jazz\AppData\Roaming\Mozilla\Firefox\Profiles\y4y1n9rt.default\extensions\{0b521176-81b5-4849-b963-98c7a257827d}
[2010/05/12 06:53:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jazz\AppData\Roaming\Mozilla\Firefox\Profiles\y4y1n9rt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/18 11:23:37 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Users\Jazz\AppData\Roaming\Mozilla\Firefox\Profiles\y4y1n9rt.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2010/07/22 12:47:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jazz\AppData\Roaming\Mozilla\Firefox\Profiles\y4y1n9rt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/11 10:47:50 | 000,002,168 | ---- | M] () -- C:\Users\Jazz\AppData\Roaming\Mozilla\Firefox\Profiles\y4y1n9rt.default\searchplugins\inbox-search.xml
[2010/04/29 09:12:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/20 14:59:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/29 08:37:12 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{cc73beb0-fbcc-f18c-bcf0-44900aa51d43}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Jazz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/16 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Jazz\Documents\BarnyardInvasionSaveData
[2010/07/14 11:53:31 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/07/14 11:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/14 11:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/07/14 11:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/14 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/07/14 11:33:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/14 10:55:55 | 000,000,000 | ---D | C] -- C:\Users\Jazz\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/14 10:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/14 10:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/13 23:19:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/06/30 20:18:05 | 000,000,000 | ---D | C] -- C:\Users\Jazz\AppData\Roaming\vlc
[2010/06/30 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\Jazz\AppData\Local\Graboid_Inc
[2010/06/30 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\Jazz\AppData\Local\Graboid
[2010/06/30 20:11:09 | 000,000,000 | ---D | C] -- C:\Users\Jazz\AppData\Roaming\MozillaControl
[2010/06/30 20:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12
[2010/06/30 20:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/30 20:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2010/06/30 08:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/06/29 20:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WindSolutions
[2010/06/28 20:53:43 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/06/28 20:53:43 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/06/28 20:53:43 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/06/28 20:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/28 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/28 20:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/28 20:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/28 18:28:16 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Jazz\Illustrator_15_LS1.exe
[2010/06/26 20:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/06/25 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\Jazz\AppData\Roaming\WildTangentv1002
[2010/06/24 00:09:47 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 00:09:47 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/24 00:09:47 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 00:09:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/24 00:09:47 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 00:09:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/24 00:09:47 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/24 00:09:47 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 07:21:02 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/23 07:17:42 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 07:17:42 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 07:17:42 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 07:17:42 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 07:17:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/23 07:17:41 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 07:17:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/22 19:05:17 | 000,000,000 | ---D | C] -- C:\Users\Jazz\AppData\Roaming\Artogon
[2010/06/22 18:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2010/03/19 15:27:08 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2010/03/19 15:27:08 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2010/03/19 15:27:08 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2010/03/19 15:27:08 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2010/03/19 15:27:08 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2010/03/19 15:27:08 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2010/03/19 15:27:07 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2010/03/19 15:27:07 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2010/03/19 15:27:07 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2010/03/19 15:27:07 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2010/03/19 15:27:07 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/22 16:10:06 | 003,932,160 | -HS- | M] () -- C:\Users\Jazz\NTUSER.DAT
[2010/07/22 14:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/21 21:46:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/21 21:46:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/21 21:39:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/21 21:39:28 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/21 21:38:25 | 006,291,456 | -H-- | M] () -- C:\Users\Jazz\AppData\Local\IconCache.db
[2010/07/21 15:52:50 | 000,000,246 | ---- | M] () -- C:\Users\Jazz\Documents\names.rtf
[2010/07/21 11:48:56 | 000,001,870 | ---- | M] () -- C:\Users\Jazz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/07/15 11:47:29 | 000,007,929 | ---- | M] () -- C:\Users\Jazz\Documents\HBAM4.rtf
[2010/07/15 09:02:54 | 000,000,717 | ---- | M] () -- C:\Users\Jazz\Documents\AN.rtf
[2010/07/14 13:42:00 | 000,000,816 | ---- | M] () -- C:\Users\Jazz\Documents\coding.rtf
[2010/07/14 12:56:47 | 000,002,971 | ---- | M] () -- C:\Users\Jazz\Desktop\HiJackThis.lnk
[2010/07/14 11:53:31 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/07/14 11:50:07 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/07/14 10:55:40 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/13 22:12:08 | 000,010,869 | ---- | M] () -- C:\Users\Jazz\Documents\Monsterchap7.rtf
[2010/07/13 20:44:24 | 000,010,685 | ---- | M] () -- C:\Users\Jazz\Documents\Monster7.rtf
[2010/07/12 20:49:51 | 000,010,726 | ---- | M] () -- C:\Users\Jazz\Documents\HBAM3.rtf
[2010/07/11 21:28:28 | 000,000,234 | ---- | M] () -- C:\Windows\ulead32.ini
[2010/07/11 19:07:17 | 000,009,044 | ---- | M] () -- C:\Users\Jazz\Documents\HBAM2.rtf
[2010/07/10 21:46:14 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/10 21:46:14 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/10 21:46:14 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/07 09:22:29 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/05 21:46:47 | 000,010,881 | ---- | M] () -- C:\Users\Jazz\Documents\HBAM1.rtf
[2010/07/05 08:02:19 | 000,007,005 | ---- | M] () -- C:\Users\Jazz\Documents\HBAM.rtf
[2010/06/30 08:45:02 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2010/06/29 20:18:23 | 000,001,265 | ---- | M] () -- C:\Users\Public\Desktop\CopyTrans Control Center.lnk
[2010/06/29 16:53:08 | 1379,644,240 | ---- | M] () -- C:\Users\Jazz\Illustrator_15_LS1.7z
[2010/06/29 10:46:51 | 001,228,384 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Jazz\Illustrator_15_LS1.exe
[2010/06/28 20:51:58 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/27 21:54:04 | 000,000,384 | ---- | M] () -- C:\Users\Jazz\Documents\TLA.rtf
[2010/06/26 20:54:39 | 000,000,700 | -H-- | M] () -- C:\IPH.PH
[2010/06/26 20:54:32 | 000,001,904 | ---- | M] () -- C:\Users\Jazz\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/06/26 20:54:32 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/06/23 17:37:08 | 000,008,909 | ---- | M] () -- C:\Users\Jazz\Documents\Monsterchap6.rtf
[2010/06/23 17:07:32 | 000,007,546 | ---- | M] () -- C:\Users\Jazz\Documents\monster6.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 15:52:49 | 000,000,246 | ---- | C] () -- C:\Users\Jazz\Documents\names.rtf
[2010/07/21 11:48:56 | 000,001,870 | ---- | C] () -- C:\Users\Jazz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/07/15 09:00:47 | 000,007,929 | ---- | C] () -- C:\Users\Jazz\Documents\HBAM4.rtf
[2010/07/14 13:42:00 | 000,000,816 | ---- | C] () -- C:\Users\Jazz\Documents\coding.rtf
[2010/07/14 12:56:47 | 000,002,971 | ---- | C] () -- C:\Users\Jazz\Desktop\HiJackThis.lnk
[2010/07/14 11:39:45 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/07/14 10:55:40 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/13 22:12:08 | 000,010,869 | ---- | C] () -- C:\Users\Jazz\Documents\Monsterchap7.rtf
[2010/07/13 15:28:45 | 000,010,685 | ---- | C] () -- C:\Users\Jazz\Documents\Monster7.rtf
[2010/07/13 13:33:07 | 000,000,717 | ---- | C] () -- C:\Users\Jazz\Documents\AN.rtf
[2010/07/12 20:37:04 | 000,010,726 | ---- | C] () -- C:\Users\Jazz\Documents\HBAM3.rtf
[2010/07/11 17:28:04 | 000,009,044 | ---- | C] () -- C:\Users\Jazz\Documents\HBAM2.rtf
[2010/07/05 21:34:34 | 000,010,881 | ---- | C] () -- C:\Users\Jazz\Documents\HBAM1.rtf
[2010/07/04 21:01:43 | 000,007,005 | ---- | C] () -- C:\Users\Jazz\Documents\HBAM.rtf
[2010/06/29 20:18:23 | 000,001,265 | ---- | C] () -- C:\Users\Public\Desktop\CopyTrans Control Center.lnk
[2010/06/28 20:51:58 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/28 18:28:16 | 1379,644,240 | ---- | C] () -- C:\Users\Jazz\Illustrator_15_LS1.7z
[2010/06/27 21:54:04 | 000,000,384 | ---- | C] () -- C:\Users\Jazz\Documents\TLA.rtf
[2010/06/26 20:54:32 | 000,001,904 | ---- | C] () -- C:\Users\Jazz\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/06/26 20:54:32 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/06/23 17:37:08 | 000,008,909 | ---- | C] () -- C:\Users\Jazz\Documents\Monsterchap6.rtf
[2010/05/04 11:27:13 | 000,000,234 | ---- | C] () -- C:\Windows\ulead32.ini
[2010/04/07 21:33:50 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\WNASPI32.DLL
[2010/04/07 21:26:03 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
[2010/03/19 15:27:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2010/03/19 15:27:09 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2010/02/23 13:35:16 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/09 00:50:28 | 001,945,088 | ---- | C] () -- C:\Windows\SysWow64\avcodec.dll
[2009/11/09 00:50:28 | 000,219,136 | ---- | C] () -- C:\Windows\SysWow64\avformat.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/20 16:03:29 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/07/21 21:39:28 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/03/29 13:14:43 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/06/26 20:54:39 | 000,000,700 | -H-- | M] () -- C:\IPH.PH
[2010/03/19 16:02:06 | 000,024,564 | ---- | M] () -- C:\lxdd.log
[2006/12/02 03:37:14 | 000,904,704 | -H-- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/07 09:17:12 | 000,000,451 | ---- | M] () -- C:\nsinst.log
[2010/07/21 21:39:30 | 1877,467,136 | -HS- | M] () -- C:\pagefile.sys
[2009/11/20 16:16:18 | 000,002,035 | ---- | M] () -- C:\RHDSetup.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6114B257
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:7D1C258F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5AF0DC60
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:36956C9B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A93060EC
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3559A02E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:404390E0
< End of report >


#4 Jasmine25

Jasmine25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 22 July 2010 - 03:21 PM

Here is the Extras.Txt log:

OTL Extras logfile created on: 7/22/2010 4:08:18 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jazz\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 223.85 Gb Free Space | 78.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Jazz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 2500 Series" = Lexmark 2500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6F11CEAE-204F-4BF7-8A4D-C17888497DAE}" = Photo Explosion
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CopyTrans Suite" = CopyTrans Suite Remove Only
"CrimsonRoad_is1" = CrimsonRoad
"Deadly Race_is1" = Deadly Race
"DungeonRider_is1" = Dungeon Rider
"eMachines Registration" = eMachines Registration
"eMachines Welcome Center" = Welcome Center
"Extreme Racers_is1" = Extreme Racers
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Lexmark 2500 Series" = Lexmark 2500 Series
"LimeWire" = LimeWire 5.4.7
"MadTruckers_is1" = Mad Truckers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Monster Truck Challenge_is1" = Monster Truck Challenge
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.9.12.5
"Police Supercars Racing_is1" = Police Supercars Racing
"Quadro Racing_is1" = Quadro Racing
"SharkAttack_is1" = Shark Attack
"Street Racer_is1" = Street Racer
"Super Motocross Deluxe_is1" = Super Motocross Deluxe
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2010 10:11:43 PM | Computer Name = Joe-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 6/14/2010 10:12:10 PM | Computer Name = Joe-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 6/17/2010 6:17:40 PM | Computer Name = Joe-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 6/18/2010 12:05:33 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: game.exe, version: 0.0.0.0, time stamp:
0x4a1e598f Faulting module name: game.exe, version: 0.0.0.0, time stamp: 0x4a1e598f
Exception
code: 0xc0000005 Fault offset: 0x0009b4aa Faulting process id: 0xb44 Faulting application
start time: 0x01cb0f0012347ef0 Faulting application path: C:\Program Files (x86)\GameTop.com\Monster
Truck Challenge\game.exe Faulting module path: C:\Program Files (x86)\GameTop.com\Monster
Truck Challenge\game.exe Report Id: 525f86f0-7af3-11df-98bf-00262d1a3aac

Error - 6/18/2010 12:05:33 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: game.exe, version: 0.0.0.0, time stamp:
0x4a1e598f Faulting module name: game.exe, version: 0.0.0.0, time stamp: 0x4a1e598f
Exception
code: 0xc0000005 Fault offset: 0x0009b4aa Faulting process id: 0xcd8 Faulting application
start time: 0x01cb0f00123912d0 Faulting application path: C:\Program Files (x86)\GameTop.com\Monster
Truck Challenge\game.exe Faulting module path: C:\Program Files (x86)\GameTop.com\Monster
Truck Challenge\game.exe Report Id: 525fae00-7af3-11df-98bf-00262d1a3aac

Error - 6/21/2010 12:01:24 AM | Computer Name = Joe-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/21/2010 12:02:02 AM | Computer Name = Joe-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 6/21/2010 1:52:51 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.1, time stamp:
0x49c34eb7 Faulting module name: Game.exe, version: 1.0.0.1, time stamp: 0x49c34eb7
Exception
code: 0xc0000005 Fault offset: 0x00050ffb Faulting process id: 0xe34 Faulting application
start time: 0x01cb116a7f70b710 Faulting application path: C:\Program Files (x86)\GameTop.com\Quadro
Racing\Game.exe Faulting module path: C:\Program Files (x86)\GameTop.com\Quadro
Racing\Game.exe Report Id: cee62cd0-7d5d-11df-a6e1-00262d1a3aac

Error - 6/22/2010 1:51:38 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.1, time stamp:
0x49c34eb7 Faulting module name: Game.exe, version: 1.0.0.1, time stamp: 0x49c34eb7
Exception
code: 0xc0000005 Fault offset: 0x00050ffb Faulting process id: 0x110c Faulting application
start time: 0x01cb123383fa0600 Faulting application path: C:\Program Files (x86)\GameTop.com\Quadro
Racing\Game.exe Faulting module path: C:\Program Files (x86)\GameTop.com\Quadro
Racing\Game.exe Report Id: cdee45f0-7e26-11df-a6e1-00262d1a3aac

Error - 6/26/2010 2:42:42 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SMD.exe, version: 0.0.0.0, time stamp:
0x4b150a5f Faulting module name: SMD.exe, version: 0.0.0.0, time stamp: 0x4b150a5f
Exception
code: 0xc0000005 Fault offset: 0x00041fa0 Faulting process id: 0xfb8 Faulting application
start time: 0x01cb155e88bafcc0 Faulting application path: C:\Program Files (x86)\GameTop.com\Super
Motocross Deluxe\SMD.exe Faulting module path: C:\Program Files (x86)\GameTop.com\Super
Motocross Deluxe\SMD.exe Report Id: 9a1db600-8152-11df-840a-00262d1a3aac

[ Media Center Events ]
Error - 3/2/2010 11:02:56 AM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = 10:02:43 AM - Failed to retrieve SportsSchedule (Error: Unable to
connect to the remote server)

Error - 3/19/2010 11:39:20 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = 11:39:19 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/19/2010 11:39:20 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = 11:39:20 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/19/2010 11:39:21 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = 11:39:21 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/19/2010 11:39:47 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = 11:39:21 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/10/2010 12:00:24 AM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = 12:00:24 AM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 6/15/2010 11:16:23 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = 11:16:23 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 7/14/2010 11:21:31 AM | Computer Name = Joe-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/14/2010 11:21:44 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService
service to connect.

Error - 7/14/2010 11:21:44 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/14/2010 11:21:48 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 szkg5

Error - 7/14/2010 12:26:36 PM | Computer Name = Joe-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/14/2010 12:26:58 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService
service to connect.

Error - 7/14/2010 12:26:58 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/14/2010 12:27:03 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 szkg5

Error - 7/14/2010 9:39:44 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/15/2010 3:11:26 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:50 AM

Posted 23 July 2010 - 04:34 PM

Hi again Jasmine25 and thank you for the logs!!.. smile.gif

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKCU..\Run: [AdobeBridge] File not found
    [2010/07/14 11:33:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
I do not see an antivirus program running on your computer... Without an AV, you have no protection and risk being quickly re-infected... Please install an antivirus program of your choice, run a full system scan with it, and post a log (if possible)... You may want to install one of the antivirus applications I recommend on my site: link

Thirdly,
Let me know what problem persists... ;)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 Jasmine25

Jasmine25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 24 July 2010 - 12:15 PM

I have anti-virus software on my computer. I have both MalwareBytes and Super Anti-Spyware. Is there something else I should have?

I'm running OTL now and I'll post the log when I'm done.

#7 Jasmine25

Jasmine25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 24 July 2010 - 12:24 PM

Here is the log after pasting the commands and clicking on 'run fix.'

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jazz
->Temp folder emptied: 50167813 bytes
->Temporary Internet Files folder emptied: 63152627 bytes
->Java cache emptied: 19220669 bytes
->FireFox cache emptied: 148729682 bytes
->Opera cache emptied: 15266324 bytes
->Flash cache emptied: 220265 bytes

User: Joe
->Temp folder emptied: 100951999 bytes
->Temporary Internet Files folder emptied: 26978072 bytes
->Java cache emptied: 12119689 bytes
->FireFox cache emptied: 48264016 bytes
->Flash cache emptied: 5567 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711168 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20424319 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4702888139 bytes

Total Files Cleaned = 4,968.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jazz
->Flash cache emptied: 0 bytes

User: Joe
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07242010_131851

Files\Folders moved on Reboot...
C:\Users\Jazz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


#8 Jasmine25

Jasmine25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 24 July 2010 - 09:46 PM

Here is the log from the full scan I ran using Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/24/2010 10:41:22 PM
mbam-log-2010-07-24 (22-41-22).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 335330
Time elapsed: 1 hour(s), 32 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{cc73beb0-fbcc-f18c-bcf0-44900aa51d43}\components\-E3-C1qFi-.dll (Adware.BHO) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://bing.zugo.com/?cfg=2-80-0-Yibl) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{cc73beb0-fbcc-f18c-bcf0-44900aa51d43}\components\-E3-C1qFi-.dll (Adware.BHO) -> Quarantined and deleted successfully.

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:50 AM

Posted 25 July 2010 - 04:52 PM

Hi again Jasmine25!!.. smile.gif

QUOTE(Jasmine25 @ Jul 24 2010, 07:15 PM) View Post
I have anti-virus software on my computer. I have both MalwareBytes and Super Anti-Spyware. Is there something else I should have?

Well, these are only antispyware and/or antimalware scanners (with probably no resident protection in your case)... You need a full antivirus as well - it runs in the background and protects your system when online or transferring files, opening programs, etc. ...
Explanation why running an antivirus with MalwareBytes' Anti-Malware is still a good idea: antivirus for Malwarebytes Anti-Malware 1.43

So, as I suggested in my previous post:

Please install an antivirus program of your choice, run a full system scan with it, and post a log (if possible)... You may want to install one of the antivirus applications I recommend on my site: link

QUOTE(Jasmine25 @ Jul 25 2010, 04:46 AM) View Post
Here is the log from the full scan I ran using Malwarebytes:

Database version: 4052

Wow, the database version is way outdated, please update the program and run the scan:
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Then,
To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 Jasmine25

Jasmine25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 25 July 2010 - 09:21 PM

I'm downloading and installing Avast! now.

Here's the log from the Quick Scan I did after I updated Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4347

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/25/2010 10:16:20 PM
mbam-log-2010-07-25 (22-16-20).txt

Scan type: Quick scan
Objects scanned: 137877
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I'll work on installing the newest version of FlashPlayer after I install Avast!

Thank you for all of your help. I hope this fixes the problem.

#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:50 AM

Posted 26 July 2010 - 01:51 PM

Hi again Jasmine25!!.. smile.gif

QUOTE(Jasmine25 @ Jul 26 2010, 04:21 AM) View Post
I'm downloading and installing Avast! now.

(...)

I'll work on installing the newest version of FlashPlayer after I install Avast!

Ok, let me know how it goes and if any problem remains... If everything is ok, I'll give you the last set of instructions!... smile.gif
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 Jasmine25

Jasmine25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 27 July 2010 - 08:24 AM

Avast has helped out. It didn't find anything when I scanned, so I should be okay now. I also updated my Flash player. Thank you for all of your help.

#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:50 AM

Posted 27 July 2010 - 12:23 PM

Hi again Jasmine25!!.. smile.gif

QUOTE(Jasmine25 @ Jul 27 2010, 03:24 PM) View Post
Thank you for all of your help.

You're welcome!!..

The last set of instructions and you're good to go!!..

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually (note: keep Malwarebytes' Anti-Malware for on-demand scans).

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.


Please check my site - snemelk.hekko.pl:
Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:50 AM

Posted 13 August 2010 - 10:13 AM

Glad we could help. smile.gif

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users