Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NeoSpace antivirus


  • This topic is locked This topic is locked
7 replies to this topic

#1 Jabbadahut

Jabbadahut

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 22 September 2010 - 08:44 AM

More concerning this HERE

SpyHunter is claiming I have a fake antivirus known as NeoSpace on my computer. Problem is, nothing else seems to find it. I was directed here to post a couple of logs. Here they are.

____________________________________________________________________________________________________________________________




DDS (Ver_10-03-17.01) - NTFSX64
Run by james at 22:54:02.27 on Tue 09/21/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.2416 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\james\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://scholarsonline.org/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\james\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [FlashGet 3] "c:\program files (x86)\flashget network\flashget 3\Flashget3.exe" -minimize
uRun: [SightSpeed] "c:\program files (x86)\dell video chat\DellVideoChat.exe" -bootmode
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download All By FlashGet3
IE: Download By FlashGet3
IE: Google Sidewiki...
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\xvdj47m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - gmail.com
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\james\appdata\roaming\mozilla\firefox\profiles\xvdj47m3.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-5-1 53488]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-3-22 1153368]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\enigma~1\spyhun~1\SH4SER~1.EXE [2010-7-14 326488]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 esgiguard;esgiguard;c:\program files (x86)\enigma software group\spyhunter\esgiguard.sys [2010-6-21 13408]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-4-30 168864]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-4-30 307456]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2009-4-30 392192]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-10 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-27 93184]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_cce24a4c\AESTSr64.exe [2009-4-30 88576]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

=============== Created Last 30 ================

2010-09-22 03:49:31 0 ----a-w- c:\users\james\defogger_reenable
2010-09-21 16:41:17 0 d-----w- c:\program files (x86)\ESET
2010-09-21 02:19:13 0 d-----w- c:\programdata\!SASCORE
2010-09-21 02:19:11 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-20 20:51:56 0 d-----w- C:\sh4ldr
2010-09-20 20:51:56 0 d-----w- c:\program files (x86)\Enigma Software Group
2010-09-17 18:55:04 0 d-----w- c:\programdata\Sun
2010-09-17 18:54:36 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-09-17 18:54:36 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-17 18:54:36 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-17 18:54:36 145184 ----a-w- c:\windows\syswow64\java.exe
2010-09-17 18:51:13 0 d-----w- c:\users\james\Zero G Registry
2010-09-17 18:51:12 16 ----a-w- c:\users\james\persistent_state
2010-09-15 13:07:48 0 d-----w- c:\users\james\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-15 13:04:01 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
2010-09-15 13:04:01 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 13:04:00 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 13:03:55 975360 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 13:03:55 738816 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-15 13:03:50 622080 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 13:03:50 501760 ----a-w- c:\windows\syswow64\usp10.dll
2010-09-06 02:06:45 176128 ----a-w- c:\windows\system32\DLXBAZIL.DLL
2010-09-02 15:53:40 86016 ----a-w- c:\windows\unvise32.exe
2010-09-02 15:53:40 0 d-----w- c:\program files (x86)\Aleks 3.13
2010-08-30 14:28:28 0 d-----w- c:\program files (x86)\Seterra
2010-08-30 13:57:30 0 ----a-w- c:\users\james\appdata\roaming\wklnhst.dat

==================== Find3M ====================

2010-09-06 02:07:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-06 02:07:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-06 02:07:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-09 19:04:40 41872 ----a-w- c:\windows\syswow64\xfcodec.dll
2010-07-09 19:04:40 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2010-06-28 16:56:48 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:17:26 833024 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-28 16:17:07 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-28 16:15:50 146432 ----a-w- c:\windows\syswow64\occache.dll
2010-06-28 16:14:56 671232 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-28 16:14:41 476672 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-28 16:14:41 3586560 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-28 16:14:39 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-28 16:13:52 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-28 16:13:33 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-28 16:13:33 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-28 16:13:32 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-28 16:13:32 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-28 16:13:32 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:13:31 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2009-05-01 04:24:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-01 12:11:56 75 --sh--r- c:\windows\CT4CET.bin
2009-05-01 03:41:19 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:55:59.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:59 AM

Posted 28 September 2010 - 10:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:59 AM

Posted 28 September 2010 - 11:01 AM

Whoops.. whistling.gif

Double post

Edited by pwgib, 28 September 2010 - 11:02 AM.

PW

#4 Jabbadahut

Jabbadahut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 29 September 2010 - 07:17 AM

No problem on the wait, I'm simply happy to be getting assistance.

The problem is still going on. I downloaded the free version of SpyHunter4, and on the first scan it alerted me of a fake AV called "Neospace." Nothing else found it. I use MalwareBytes Anti-Malware, SB S&D, and Super Anti Spyware, and none caught it. I tracked down the "infected" file and ran it through Spybot's single file scanner. Nothing else besides SpyHunter has picked this up. I put a link to a thread I had made in the "Am I infected? What do I do?" forum. I can't really explain what I've done with any accuracy. (I know very very little about computers, and honestly don't know.) I have once ran S&D since then, as I always do once a week, and removed a few tracking cookies. Otherwise, everything that has been done is in that thread.

I am also having trouble with Gmer. When I run the program, everything seems to be fine, except I do not have the ability to chech-uncheck nearly half of the buttons where you select what you want to scan. I have tried running it as administrator, running it normally, nothing seems to help me there.

I do however have a couple of new sets of DDS logs:






DDS (Ver_10-03-17.01) - NTFSX64
Run by james at 6:52:58.56 on Wed 09/29/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.2021 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\james\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://scholarsonline.org/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\james\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [FlashGet 3] "c:\program files (x86)\flashget network\flashget 3\Flashget3.exe" -minimize
uRun: [SightSpeed] "c:\program files (x86)\dell video chat\DellVideoChat.exe" -bootmode
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download All By FlashGet3
IE: Download By FlashGet3
IE: Google Sidewiki...
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\xvdj47m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - gmail.com
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\james\appdata\roaming\mozilla\firefox\profiles\xvdj47m3.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-5-1 53488]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\enigma~1\spyhun~1\SH4SER~1.EXE [2010-7-14 326488]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 esgiguard;esgiguard;c:\program files (x86)\enigma software group\spyhunter\esgiguard.sys [2010-6-21 13408]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-4-30 168864]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-4-30 307456]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2009-4-30 392192]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-10 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-3-22 1153368]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-27 93184]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_cce24a4c\AESTSr64.exe [2009-4-30 88576]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

=============== Created Last 30 ================

2010-09-26 13:03:54 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
2010-09-22 03:49:31 0 ----a-w- c:\users\james\defogger_reenable
2010-09-21 16:41:17 0 d-----w- c:\program files (x86)\ESET
2010-09-21 02:19:13 0 d-----w- c:\programdata\!SASCORE
2010-09-21 02:19:11 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-20 20:51:56 0 d-----w- C:\sh4ldr
2010-09-20 20:51:56 0 d-----w- c:\program files (x86)\Enigma Software Group
2010-09-17 18:55:04 0 d-----w- c:\programdata\Sun
2010-09-17 18:54:36 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-09-17 18:54:36 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-17 18:54:36 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-17 18:54:36 145184 ----a-w- c:\windows\syswow64\java.exe
2010-09-17 18:51:13 0 d-----w- c:\users\james\Zero G Registry
2010-09-17 18:51:12 16 ----a-w- c:\users\james\persistent_state
2010-09-15 13:07:48 0 d-----w- c:\users\james\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-15 13:04:01 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
2010-09-15 13:04:01 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 13:04:00 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 13:03:55 975360 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 13:03:55 738816 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-15 13:03:50 622080 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 13:03:50 501760 ----a-w- c:\windows\syswow64\usp10.dll
2010-09-06 02:06:45 176128 ----a-w- c:\windows\system32\DLXBAZIL.DLL
2010-09-02 15:53:40 86016 ----a-w- c:\windows\unvise32.exe
2010-09-02 15:53:40 0 d-----w- c:\program files (x86)\Aleks 3.13
2010-08-30 14:28:28 0 d-----w- c:\program files (x86)\Seterra
2010-08-30 13:57:30 0 ----a-w- c:\users\james\appdata\roaming\wklnhst.dat

==================== Find3M ====================

2010-09-06 02:07:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-06 02:07:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-06 02:07:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-09 19:04:40 41872 ----a-w- c:\windows\syswow64\xfcodec.dll
2010-07-09 19:04:40 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2009-05-01 04:24:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-01 12:11:56 75 --sh--r- c:\windows\CT4CET.bin
2009-05-01 03:41:19 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 6:53:21.57 ===============

Attached Files



#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:59 AM

Posted 01 October 2010 - 12:59 PM

Hi Jabbadahut,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    isec30.exe
    neois30.exe
    neois30[1].exe
    :regfind
    Neospace
    Internet Security

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Step2
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Under the Custom Scan box paste the following bolded text:

    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  5. Click the "Quick Scan" button.
  6. The scan should take just a few minutes.
  7. OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  8. Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.SystemLook.txt
2.OTListIt.txt and Extra.txt Thanks


#6 Jabbadahut

Jabbadahut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 01 October 2010 - 01:56 PM

Right-ho, here we go.

Before I post the logs, here's a quick little tidbit. SpyBot Teatimer has been popping up lately for the last few days with a message that goes like this:


Category: Winlogon notifiers
Change: Value Deleted
Entry: igfxcui

Allow ------------ Deny

Except I'm not allowed to "deny" the change. Every time I restart it comes up. I finally just allowed it, and have several times. I haven't noticed anything odd going on with my computer, but I figured I should let you know in case it as some relevance.



Here are the logs.

System Look:





SystemLook 04.09.10 by jpshortstuff
Log created at 13:34 on 01/10/2010 by james
Administrator - Elevation successful

========== filefind ==========

Searching for "isec30.exe"
No files found.

Searching for "neois30.exe"
No files found.

Searching for "neois30[1].exe"
No files found.

========== regfind ==========

Searching for "Neospace"
No data found.

Searching for "Internet Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12BAF052-264C-464B-9D58-C83B3781DD4B}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApiInit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12BAF052-264C-464B-9D58-C83B3781DD4C}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApiInit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12BAF070-264C-464B-9D58-C83B3781DD4B}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEStore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12BAF0A5-264C-464B-9D58-C83B3781DD4B}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEStore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12BAF0B1-264C-464B-9D58-C83B3781DD4B}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEStore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B3624EF-B213-43E7-A8E5-A94CD3BBDC01}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEWab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.2\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\Redemption.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.2\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54B89198-879A-4086-B082-854D3EBFDCC3}\2.4\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54B89198-879A-4086-B082-854D3EBFDCC3}\2.4\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8FB12AEF-DF83-437F-9F47-271B1171B267}\1.0\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEWab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8FB12AEF-DF83-437F-9F47-271B1171B267}\1.0\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A4885815-462D-4D7B-895C-78FAE55AB177}\2.3\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApiInit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A4885815-462D-4D7B-895C-78FAE55AB177}\2.3\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A684B0CB-4EA0-4C72-8AEF-3C98D767FAD2}\2.5\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEStore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A684B0CB-4EA0-4C72-8AEF-3C98D767FAD2}\2.5\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D79B5617-38C6-41A1-BD5A-B5FE188D75AA}\1.0\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\TMAS_OLA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EFA2E970-BA63-4607-AB47-76CA6B83BD1B}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\TMAS_OLA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.2\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\Redemption.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.2\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{54B89198-879A-4086-B082-854D3EBFDCC3}\2.4\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{54B89198-879A-4086-B082-854D3EBFDCC3}\2.4\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FB12AEF-DF83-437F-9F47-271B1171B267}\1.0\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEWab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FB12AEF-DF83-437F-9F47-271B1171B267}\1.0\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A4885815-462D-4D7B-895C-78FAE55AB177}\2.3\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApiInit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A4885815-462D-4D7B-895C-78FAE55AB177}\2.3\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A684B0CB-4EA0-4C72-8AEF-3C98D767FAD2}\2.5\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEStore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A684B0CB-4EA0-4C72-8AEF-3C98D767FAD2}\2.5\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D79B5617-38C6-41A1-BD5A-B5FE188D75AA}\1.0\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\TMAS_OLA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UfSeAgnt.exe]
"command"=""C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Trend Micro\Internet Security\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EFA2E970-BA63-4607-AB47-76CA6B83BD1B}\InprocServer32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\TMAS_OLA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.2\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\Redemption.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}\4.2\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{54B89198-879A-4086-B082-854D3EBFDCC3}\2.4\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{54B89198-879A-4086-B082-854D3EBFDCC3}\2.4\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FB12AEF-DF83-437F-9F47-271B1171B267}\1.0\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEWab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FB12AEF-DF83-437F-9F47-271B1171B267}\1.0\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A4885815-462D-4D7B-895C-78FAE55AB177}\2.3\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEApiInit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A4885815-462D-4D7B-895C-78FAE55AB177}\2.3\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A684B0CB-4EA0-4C72-8AEF-3C98D767FAD2}\2.5\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEStore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A684B0CB-4EA0-4C72-8AEF-3C98D767FAD2}\2.5\HELPDIR]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D79B5617-38C6-41A1-BD5A-B5FE188D75AA}\1.0\0\win32]
@="C:\Program Files\Trend Micro\Internet Security\TMAS_OL\TMAS_OLA.dll"

-= EOF =-




________________________________________________________________________________________


OTLlog:



OTL logfile created on: 10/1/2010 1:46:30 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\james\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 195.67 Gb Free Space | 69.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 6.07 Gb Free Space | 41.46% Space Free | Partition Type: NTFS
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-PC
Current User Name: james
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/21 08:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
PRC - [2010/09/17 18:52:42 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/14 15:19:28 | 000,326,488 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/27 10:11:40 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/10 22:14:54 | 002,004,528 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
PRC - [2009/07/27 19:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/02 22:41:54 | 003,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/06/03 15:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/09/21 08:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/12/14 23:13:46 | 000,281,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/14 23:13:30 | 000,088,576 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010/07/14 15:19:28 | 000,326,488 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/14 23:13:56 | 000,472,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/09 00:12:36 | 008,036,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/12/08 00:32:48 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 00:29:22 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/03 03:44:22 | 000,307,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/09/03 03:44:22 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/09/01 05:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/09/01 05:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/06/21 14:17:10 | 000,013,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scholarsonline.org/
IE - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "gmail.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.1
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 18:52:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/17 18:52:59 | 000,000,000 | ---D | M]

[2009/11/29 00:07:26 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Extensions
[2010/09/30 20:31:59 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\xvdj47m3.default\extensions
[2009/11/29 00:11:40 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\xvdj47m3.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/04/05 17:00:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\xvdj47m3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/29 00:13:18 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\xvdj47m3.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2009/11/29 00:10:19 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\xvdj47m3.default\extensions\elemhidehelper@adblockplus.org
[2010/04/05 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\xvdj47m3.default\extensions\foxfilter@inspiredeffect.net
[2010/04/05 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\xvdj47m3.default\extensions\personas@christopher.beard
[2010/09/17 13:54:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/09 16:27:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/17 13:54:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/29 14:07:07 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\james\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (FlashGet)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe (Trend Media Corporation Limited)
O4 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-763513166-2711179454-2547230096-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/20 15:52:40 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9c675111-acfd-11df-9fe8-0023ae32b24c}\Shell - "" = AutoRun
O33 - MountPoints2\{9c675111-acfd-11df-9fe8-0023ae32b24c}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/01 13:45:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
[2010/09/29 06:57:43 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\gmer
[2010/09/21 11:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/09/20 21:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/20 21:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/20 15:51:56 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/09/20 15:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/09/17 13:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/17 13:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/17 13:51:13 | 000,000,000 | ---D | C] -- C:\Users\james\Zero G Registry
[2010/09/15 08:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/09/15 08:07:48 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/02 10:53:40 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/09/02 10:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aleks 3.13
[2010/08/30 10:24:59 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Western Digital
[2010/08/30 09:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seterra
[2010/08/30 08:57:32 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Template
[2010/07/12 19:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/12 19:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/12 19:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/12 19:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

========== Files - Modified Within 90 Days ==========

[2010/10/01 13:47:39 | 001,835,008 | -HS- | M] () -- C:\Users\james\NTUSER.DAT
[2010/10/01 13:39:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/01 13:29:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 13:29:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 13:29:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/01 13:29:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/01 13:29:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/01 13:29:30 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/01 13:28:57 | 000,524,288 | -HS- | M] () -- C:\Users\james\NTUSER.DAT{7cca635b-225f-11df-99bc-0023ae32b24c}.TMContainer00000000000000000001.regtrans-ms
[2010/10/01 13:28:57 | 000,065,536 | -HS- | M] () -- C:\Users\james\NTUSER.DAT{7cca635b-225f-11df-99bc-0023ae32b24c}.TM.blf
[2010/09/30 09:20:06 | 000,023,002 | ---- | M] () -- C:\Users\james\Documents\StarFox 4.odt
[2010/09/29 11:35:22 | 000,037,004 | ---- | M] () -- C:\Users\james\Documents\Lecture 4.odt
[2010/09/29 06:56:01 | 000,000,382 | ---- | M] () -- C:\Users\james\Desktop\ATTACHFINAL.zip
[2010/09/28 21:42:47 | 000,026,450 | ---- | M] () -- C:\Users\james\Documents\Star Fox 3.odt
[2010/09/28 13:10:45 | 001,053,896 | ---- | M] () -- C:\Users\james\Desktop\Source.docx
[2010/09/28 12:15:37 | 000,022,080 | ---- | M] () -- C:\Users\james\Documents\Speech assignment.odt
[2010/09/28 11:31:44 | 000,012,015 | ---- | M] () -- C:\Users\james\Documents\Wheelocks Lesson 22 translation.odt
[2010/09/27 20:18:26 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/27 20:18:26 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/27 20:18:26 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/27 14:44:30 | 000,022,499 | ---- | M] () -- C:\Users\james\Documents\Starfox2.odt
[2010/09/27 11:35:58 | 000,024,622 | ---- | M] () -- C:\Users\james\Documents\Starfox.odt
[2010/09/26 18:36:00 | 000,027,141 | ---- | M] () -- C:\Users\james\Documents\WEEKLY SCHEDULE.odt
[2010/09/26 08:03:54 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/26 07:25:10 | 516,492,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/23 11:31:28 | 000,014,640 | ---- | M] () -- C:\Users\james\Documents\Wheelocks lesson 22 sentences.odt
[2010/09/21 22:49:31 | 000,000,000 | ---- | M] () -- C:\Users\james\defogger_reenable
[2010/09/21 12:50:11 | 000,010,570 | ---- | M] () -- C:\Users\james\Documents\Jabba.odt
[2010/09/21 11:24:30 | 000,015,303 | ---- | M] () -- C:\Users\james\Documents\Wheelocks Lesson 22 P&R.odt
[2010/09/21 08:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
[2010/09/20 22:39:05 | 000,000,834 | ---- | M] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/20 22:39:05 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 21:19:13 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/20 21:16:40 | 000,000,305 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2010/09/20 15:52:40 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/09/20 15:52:01 | 000,002,081 | ---- | M] () -- C:\Users\james\Desktop\SpyHunter.lnk
[2010/09/17 13:57:32 | 000,000,016 | ---- | M] () -- C:\Users\james\persistent_state
[2010/09/16 11:03:10 | 000,012,202 | ---- | M] () -- C:\Users\james\Documents\Wheelocks Lesson 21 translation.odt
[2010/09/15 13:31:19 | 000,000,935 | ---- | M] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/15 11:22:07 | 000,036,603 | ---- | M] () -- C:\Users\james\Documents\Lecture 2.odt
[2010/09/15 08:22:57 | 000,007,563 | ---- | M] () -- C:\Users\james\Documents\labreport.pdf
[2010/09/15 08:21:37 | 000,000,563 | ---- | M] () -- C:\Users\james\Desktop\labreport - Shortcut.lnk
[2010/09/15 08:12:52 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/15 08:09:26 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/09/14 11:18:16 | 000,014,187 | ---- | M] () -- C:\Users\james\Documents\Wheelocks Lesson 21 sentences.odt
[2010/09/13 18:36:03 | 000,019,944 | ---- | M] () -- C:\Users\james\Documents\Study Guide 1.odt
[2010/09/10 15:30:08 | 000,001,718 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/08 11:11:47 | 000,028,946 | ---- | M] () -- C:\Users\james\Documents\Lecture 1.odt
[2010/09/08 07:46:48 | 000,588,677 | ---- | M] () -- C:\Users\james\Documents\Untitled (13).wma
[2010/09/07 16:14:06 | 040,518,154 | ---- | M] () -- C:\Users\james\Desktop\Biology lapbook copy.pdf
[2010/09/04 02:33:52 | 000,096,256 | ---- | M] () -- C:\Users\james\Desktop\SystemLook_x64.exe
[2010/08/30 08:57:30 | 000,000,000 | ---- | M] () -- C:\Users\james\AppData\Roaming\wklnhst.dat
[2010/08/21 03:26:32 | 000,298,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/05 07:55:06 | 000,026,215 | ---- | M] () -- C:\Users\james\Documents\Untitled 1.odt
[2010/08/05 00:25:43 | 000,024,245 | ---- | M] () -- C:\Users\james\Documents\START 3.odt
[2010/08/05 00:25:30 | 000,023,156 | ---- | M] () -- C:\Users\james\Documents\START2.odt
[2010/08/04 17:15:33 | 000,017,443 | ---- | M] () -- C:\Users\james\Documents\START case.odt
[2010/07/12 20:00:01 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/09 14:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 14:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll

========== Files Created - No Company Name ==========

[2010/10/01 13:33:28 | 000,096,256 | ---- | C] () -- C:\Users\james\Desktop\SystemLook_x64.exe
[2010/10/01 13:29:30 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/29 15:56:47 | 000,023,002 | ---- | C] () -- C:\Users\james\Documents\StarFox 4.odt
[2010/09/29 11:35:20 | 000,037,004 | ---- | C] () -- C:\Users\james\Documents\Lecture 4.odt
[2010/09/29 08:12:22 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/29 06:57:09 | 000,284,915 | ---- | C] () -- C:\Users\james\Desktop\gmer.zip
[2010/09/29 06:56:01 | 000,000,382 | ---- | C] () -- C:\Users\james\Desktop\ATTACHFINAL.zip
[2010/09/29 06:50:42 | 000,525,824 | ---- | C] () -- C:\Users\james\Desktop\dds.scr
[2010/09/28 13:10:44 | 001,053,896 | ---- | C] () -- C:\Users\james\Desktop\Source.docx
[2010/09/28 12:15:35 | 000,022,080 | ---- | C] () -- C:\Users\james\Documents\Speech assignment.odt
[2010/09/28 09:45:49 | 000,012,015 | ---- | C] () -- C:\Users\james\Documents\Wheelocks Lesson 22 translation.odt
[2010/09/28 08:27:24 | 000,026,450 | ---- | C] () -- C:\Users\james\Documents\Star Fox 3.odt
[2010/09/27 20:15:45 | 040,518,154 | ---- | C] () -- C:\Users\james\Desktop\Biology lapbook copy.pdf
[2010/09/27 14:44:28 | 000,022,499 | ---- | C] () -- C:\Users\james\Documents\Starfox2.odt
[2010/09/26 08:03:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/24 12:27:07 | 000,024,622 | ---- | C] () -- C:\Users\james\Documents\Starfox.odt
[2010/09/23 07:41:39 | 000,014,640 | ---- | C] () -- C:\Users\james\Documents\Wheelocks lesson 22 sentences.odt
[2010/09/21 22:49:31 | 000,000,000 | ---- | C] () -- C:\Users\james\defogger_reenable
[2010/09/21 19:07:18 | 000,000,770 | ---- | C] () -- C:\Users\james\Documents\Internet Security.lnk
[2010/09/21 08:16:36 | 000,015,303 | ---- | C] () -- C:\Users\james\Documents\Wheelocks Lesson 22 P&R.odt
[2010/09/20 22:39:05 | 000,000,834 | ---- | C] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/20 21:19:13 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/20 15:52:40 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/09/20 15:52:01 | 000,002,081 | ---- | C] () -- C:\Users\james\Desktop\SpyHunter.lnk
[2010/09/17 13:51:12 | 000,000,016 | ---- | C] () -- C:\Users\james\persistent_state
[2010/09/15 20:59:16 | 000,012,202 | ---- | C] () -- C:\Users\james\Documents\Wheelocks Lesson 21 translation.odt
[2010/09/15 11:22:05 | 000,036,603 | ---- | C] () -- C:\Users\james\Documents\Lecture 2.odt
[2010/09/15 08:21:37 | 000,000,563 | ---- | C] () -- C:\Users\james\Desktop\labreport - Shortcut.lnk
[2010/09/15 08:19:28 | 000,007,563 | ---- | C] () -- C:\Users\james\Documents\labreport.pdf
[2010/09/15 08:08:40 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/09/15 08:04:01 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/15 08:04:00 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/15 08:03:55 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/15 08:03:50 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/13 19:30:25 | 000,014,187 | ---- | C] () -- C:\Users\james\Documents\Wheelocks Lesson 21 sentences.odt
[2010/09/13 16:13:51 | 000,019,944 | ---- | C] () -- C:\Users\james\Documents\Study Guide 1.odt
[2010/09/10 15:30:08 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/08 11:06:25 | 000,028,946 | ---- | C] () -- C:\Users\james\Documents\Lecture 1.odt
[2010/09/08 07:46:48 | 000,588,677 | ---- | C] () -- C:\Users\james\Documents\Untitled (13).wma
[2010/09/05 21:06:45 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\DLXBAZIL.DLL
[2010/08/31 19:22:38 | 000,027,141 | ---- | C] () -- C:\Users\james\Documents\WEEKLY SCHEDULE.odt
[2010/08/30 09:04:32 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/30 08:57:30 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Roaming\wklnhst.dat
[2010/08/20 20:30:52 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/20 20:30:11 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/20 20:30:11 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/20 20:30:07 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/20 20:30:04 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/20 20:30:00 | 004,675,976 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/20 20:29:47 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/20 20:29:41 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/20 20:29:34 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/20 20:29:34 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/20 20:29:34 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/20 20:29:33 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/20 20:29:32 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/08/20 20:29:32 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/20 20:29:32 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/08/20 20:29:32 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/20 20:29:32 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/20 20:29:32 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/08/20 20:29:32 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/20 20:29:32 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/20 20:29:31 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/20 20:29:31 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/20 20:29:31 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/08/20 20:29:31 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/20 20:29:24 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/05 07:55:04 | 000,026,215 | ---- | C] () -- C:\Users\james\Documents\Untitled 1.odt
[2010/08/05 00:25:41 | 000,024,245 | ---- | C] () -- C:\Users\james\Documents\START 3.odt
[2010/08/05 00:25:28 | 000,023,156 | ---- | C] () -- C:\Users\james\Documents\START2.odt
[2010/08/04 14:32:31 | 000,017,443 | ---- | C] () -- C:\Users\james\Documents\START case.odt
[2010/08/04 13:43:28 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/12 20:00:01 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 14:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/06/24 19:34:47 | 000,000,732 | ---- | C] () -- C:\Users\james\AppData\Local\d3d9caps64.dat
[2010/06/12 08:59:55 | 000,006,656 | ---- | C] () -- C:\Users\james\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 13:55:12 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2010/05/11 09:18:55 | 000,426,444 | ---- | C] () -- C:\Users\james\AppData\Local\dd_vcredistMSI51C5.txt
[2010/05/11 09:18:54 | 000,011,630 | ---- | C] () -- C:\Users\james\AppData\Local\dd_vcredistUI51C5.txt
[2010/05/09 09:34:08 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/22 17:20:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/29 00:13:09 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/06/21 12:05:08 | 000,000,680 | ---- | C] () -- C:\Users\james\AppData\Local\d3d9caps.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/04/01 16:53:21 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\AVG9
[2010/10/01 13:33:30 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\BITS
[2010/09/15 08:07:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/29 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\FlashGet
[2009/11/29 00:13:05 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\FlashGetBHO
[2009/06/21 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\funkitron
[2009/11/29 00:19:56 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\OpenOffice.org
[2010/08/30 08:57:32 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Template
[2010/01/03 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\WildTangent
[2010/09/29 14:04:33 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:49:43 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2008/01/20 21:49:43 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Files - Unicode (All) ==========
[2010/08/30 10:33:58 | 030,349,044 | ---- | M] ()(C:\Users\james\Desktop\?WellGuidedHighSchooler2010-2014PDF.pdf) -- C:\Users\james\Desktop\WellGuidedHighSchooler2010-2014PDF.pdf
[2010/08/30 10:30:49 | 030,349,044 | ---- | C] ()(C:\Users\james\Desktop\?WellGuidedHighSchooler2010-2014PDF.pdf) -- C:\Users\james\Desktop\WellGuidedHighSchooler2010-2014PDF.pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\james\Documents\clip0007.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\james\Documents\clip0004.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\james\Documents\clip0003.avi:TOC.WMV
< End of report >




_______________________________________________________________________


Extras log:






OTL Extras logfile created on: 10/1/2010 1:46:30 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\james\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 195.67 Gb Free Space | 69.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 6.07 Gb Free Space | 41.46% Space Free | Partition Type: NTFS
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-PC
Current User Name: james
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-763513166-2711179454-2547230096-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"$INSTDIR\FlvDetector.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5F9880F-6D8E-4969-9748-A825C17CE8FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C77DC0CF-C364-41D5-AB65-4CD2F394F7BA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02308743-2EB8-4073-A157-5CA348ED9C37}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{0EF97865-0FC4-4EFB-AA85-4727CBCBDD69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14E0D16D-D693-4F2C-9D62-56AFB80EB1FD}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3A7E6B26-390C-49C1-AF5A-F078B92F4B97}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3F439859-FEAD-4092-B1FE-90F6F6080320}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{485A553E-F17E-43DF-9CCA-7B7C339EDFC5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4BA7E274-BA90-4A3A-A8CB-20528209F7C6}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5964020B-3BCA-47F7-A331-C30E07AE308C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{69204429-B998-4262-ABA4-6DBC906E37F3}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{70E1AACC-5315-4DC7-B319-E941BCDD2ACD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{73E6E66D-FAC4-4D3D-834E-189D0D33FE6D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{7EF88D57-0248-4CA6-B022-7220147DDE07}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{82EE31F4-DD19-4941-92D3-CE76CB05DAC0}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{8F025FDA-5BEC-4C57-BE93-C34DB04C8418}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{98CB6074-F566-4A5E-B5CF-5F0FFB318779}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{99E3A649-E111-45C2-9A92-DA4BE8E3F7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B1ABB1F6-129E-4759-80CB-466EA265B36F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{DB44D7BA-DB53-4563-B700-4EEDD5410FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC66B665-9460-4036-BFFC-86DC5FCE238A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{FC2BCC56-39BC-41E2-B5F7-AA77884E6006}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"TCP Query User{16646574-8667-4F16-8C0C-BFE077AC6E82}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{63BAB24E-C3C4-4464-ACE1-332237314923}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{994C05EC-307D-49B8-99A3-633B20BC36C1}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{C6C109CB-4988-4E71-A08D-BCADB7E026B7}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{CD6FE1DA-5821-4365-81DE-CB55FE4CE743}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{D7DF40D8-E401-4F48-846F-E0D69B33CAB3}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{E869CA21-7097-421A-BCB3-D42188E05AB1}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{33A0D79C-1DAD-43D6-BDD2-B60BFFBEBAD8}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{358C2480-8AD3-4B80-A431-5FDB389106F3}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{59DF752C-8EBC-4B4C-8CF9-BF7EE44EEDCD}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{906C2810-52A6-4557-8A45-55817E89ACBF}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{95E82C60-89C8-4EA5-9B97-0964E7AE14F5}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9E73630C-877D-4106-A58F-B43852F9201E}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"UDP Query User{BBD1D033-F24A-4183-8770-80E30131B03F}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 21
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95431C66-CF9A-4913-BFFF-6050785AFB65}" = SpyHunter
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Aleks 3.13" = Aleks 3.13
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"FlashGet 3.0 Beta" = FlashGet 3.0 Beta
"Game Console - WildGames" = WildTangent ORB Game Console
"HyperCam 2" = HyperCam 2
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"WildTangent dell Master Uninstall" = WildTangent Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT077179" = Hunting Unlimited 2008
"WT077212" = Gold Rush - Treasure Hunt
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2010 4:01:31 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17818964

Error - 9/30/2010 4:01:32 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/30/2010 4:01:32 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17819963

Error - 9/30/2010 4:01:32 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17819963

Error - 9/30/2010 4:01:33 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/30/2010 4:01:33 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17820961

Error - 9/30/2010 4:01:33 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17820961

Error - 9/30/2010 4:01:34 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/30/2010 4:01:34 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17821960

Error - 9/30/2010 4:01:34 AM | Computer Name = james-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17821960


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by Jabbadahut, 01 October 2010 - 01:58 PM.


#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:59 AM

Posted 01 October 2010 - 03:01 PM

Hi Jabbadahut,



QUOTE
Category: Winlogon notifiers Change: Value Deleted Entry: igfxcui

igfxcui.dll is a library belonging to the Intel Graphics Accelerator Library. If Spybot alerts you, just allow it.

QUOTE
SpyHunter4, and on the first scan it alerted me of a fake AV called "Neospace...

It might be a false postitive. Neospace internet security is a rogue program and has the same entries as Trend Micro. You system should have installed Trend Micro some time ago and there are some orphaned entries still remained. For more info: Here .

Anyway, let's check it out with kas Online Scanner. It will take some time to run the full course. Please be patient and do the following:


Step1

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step2


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


I will give you another one, just in case the kas isn't working. wink.gif

Please run the ESET Online Scanner
Note: You will need to use Internet explorer for this scan

  1. Turn off the real time scanner of any existing antivirus program while performing the online scan
  2. Tick the box next to YES, I accept the Terms of Use.
  3. Click Start
  4. When asked, allow the activeX control to install
  5. Click Start
  6. Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  7. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  8. Click Scan
  9. Wait for the scan to finish
  10. Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt .
  11. Copy and paste that log as a reply to this topic and also let me know how things are now.



Please post back the logs in your next reply.


1.Kas Online Scan Report


Tell me how your pc is running now.


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:59 AM

Posted 03 October 2010 - 03:04 PM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Malware Removal forum.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users