Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fraud.WindowsProtectionSuite, Microsoft.Windows.RedirectedHosts


  • This topic is locked This topic is locked
35 replies to this topic

#1 tictx

tictx

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 13 June 2011 - 05:52 PM

The malware was detected by "spybot" but could not be removed. I have tried other programs to remove but none can.

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:55 AM

Posted 21 June 2011 - 02:00 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 tictx

tictx
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 22 June 2011 - 08:26 PM

OTL logfile created on: 6/22/2011 7:37:25 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\My Documents\DOWNLOADS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.11% Memory free
3.85 Gb Paging File | 2.93 Gb Available in Paging File | 76.08% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 111.13 Gb Free Space | 74.56% Space Free | Partition Type: NTFS
Drive T: | 149.05 Gb Total Space | 148.97 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: JERRY-CED3F1117 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 19:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\DOWNLOADS\OTL.exe
PRC - [2011/06/01 18:19:38 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/25 21:24:16 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/05/25 21:23:42 | 000,780,392 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2011/05/18 15:51:52 | 001,712,672 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/05/18 15:51:52 | 000,375,328 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/05/06 13:43:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/02/23 09:51:20 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/04/28 14:27:46 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/20 10:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 13:54:44 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2008/01/08 10:28:02 | 000,864,256 | ---- | M] (brother) -- c:\Program Files\Brownie\BrStsWnd.exe
PRC - [2005/10/21 18:13:40 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/10/21 18:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/10/21 18:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/10/21 17:54:54 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/10/21 15:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
PRC - [2005/10/20 23:47:58 | 001,687,552 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
PRC - [2004/01/29 12:23:36 | 000,040,960 | ---- | M] (Timex Corporation) -- C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
PRC - [2003/04/01 11:33:00 | 000,053,248 | ---- | M] (ali) -- c:\USBStorage\USBDetector.exe
PRC - [2003/03/26 08:41:28 | 000,061,440 | ---- | M] (Timex Corporation) -- C:\Program Files\Timex\Timex Trainer\TBEggLaunch.exe
PRC - [2003/01/09 11:20:20 | 000,114,688 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
PRC - [2003/01/09 10:21:26 | 000,253,952 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
PRC - [2002/11/04 14:05:44 | 000,569,344 | ---- | M] (QSound Labs, Inc.) -- C:\Program Files\Philips\PSA2\Skin\QveCplSk.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 19:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\DOWNLOADS\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/13 19:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - [2011/05/25 15:17:10 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/05/18 15:51:52 | 000,375,328 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/02/23 09:51:20 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2005/10/21 18:09:44 | 000,229,376 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/10/21 18:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/10/21 18:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/21 15:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/10/21 15:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 15:35:26 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 12:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/08/24 12:30:06 | 000,020,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/04/12 02:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 02:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2009/12/19 10:31:35 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009/07/30 17:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/24 18:24:34 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/05/22 23:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/21 11:48:11 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
DRV - [2008/03/12 17:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/03/03 12:00:00 | 000,043,392 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/17 09:56:47 | 000,014,588 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\mohfilt.PNF -- (mohfilt)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/05/01 15:33:34 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0461.sys -- (SaiH0461)
DRV - [2006/12/27 23:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/10/18 22:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2006/02/28 07:00:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2006/02/14 16:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/10/21 16:34:30 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/20 10:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/20 10:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/20 10:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/20 10:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/29 09:34:58 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/09/29 09:34:50 | 000,045,824 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2005/06/21 09:47:58 | 000,006,016 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\ALLOW-IO.sys -- (ALLOW-IO)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/01/13 11:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/28 11:17:00 | 000,411,008 | ---- | M] (QSound Labs, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QSoftAud.sys -- (QSoftAud) Philips Sound Agent 2 (WDM)
DRV - [2002/08/27 16:33:32 | 000,365,460 | ---- | M] (Philips Components (PSS)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pscaudio.sys -- (PSC60x) Philips PCI Audio Driver (WDM)
DRV - [2002/07/18 14:47:42 | 000,009,600 | ---- | M] (QSound Labs, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QsndEnum.sys -- (QsndEnum)
DRV - [2001/10/24 19:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1



IE - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rlz=1R0GGGL_en"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}:6.0.32
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/02/15 18:26:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/26 11:16:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/13 10:52:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 18:50:44 | 000,000,000 | ---D | M]

[2009/06/20 11:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/06/21 23:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions
[2011/04/05 18:01:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/07/29 11:01:29 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}(2)
[2010/04/27 17:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/22 00:24:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/22 12:03:38 | 000,000,000 | ---D | M] ("SlipStream SP Integrator") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
[2011/06/13 09:48:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/21 12:18:20 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\extensions\DeviceDetection@logitech.com
[2011/06/12 18:29:17 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\searchplugins\askcom.xml
[2011/06/21 23:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/07 22:15:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/20 13:39:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 20:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 11:40:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 17:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/13 09:40:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/11/11 11:11:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
[2009/03/21 20:44:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/26 11:16:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/12/06 11:17:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/12/06 11:17:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2009/12/08 11:22:28 | 000,308,592 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10616 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110622191145.dll (McAfee, Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: () - {A692062A-11A1-461B-BE98-B520F01F96FC} - C:\Program Files\Advanced Spyware Remover\AKILLER.DLL ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE (QSound Labs, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O4 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003..\Run: [Update Service] C:\Program Files\Common Files\Teknum Systems\update.exe (Teknum Systems AS)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003..\RunOnce: [FlashPlayerUpdate] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe (Timex Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Trainer Launcher.lnk = C:\Program Files\Timex\Timex Trainer\TBEggLaunch.exe (Timex Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.70.172.13 207.70.128.209
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/21 12:32:17 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 19:11:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/22 19:11:42 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/06/22 19:11:16 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/06/22 19:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/21 23:50:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/06/13 11:12:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2011/06/13 11:12:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011/06/13 11:12:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2011/06/13 11:12:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011/06/13 11:12:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2011/06/13 11:12:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011/06/13 11:12:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2011/06/13 11:12:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011/06/13 11:12:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2011/06/13 11:12:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011/06/13 11:12:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2011/06/13 11:12:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/06/13 11:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Free WAV to MP3 Converter
[2011/06/13 11:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free WAV to MP3 Converter
[2011/06/13 11:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free WAV to MP3 Converter
[2011/06/13 11:00:26 | 002,557,816 | ---- | C] (Accmeware Corporation ) -- C:\Documents and Settings\Owner\My Documents\FreeWAVMP3ConverterSetup.exe
[2011/06/13 09:53:28 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/13 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/06/13 09:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/13 09:40:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/13 09:40:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/13 09:40:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 19:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2011/05/26 18:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2011/05/26 18:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/05/26 18:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/05/26 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[28 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 19:34:53 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.lnk
[2011/06/22 19:34:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1770027372-725345543-1003UA.job
[2011/06/22 19:25:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 19:06:01 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/06/22 19:03:22 | 000,009,576 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2011/06/22 19:03:21 | 000,014,808 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2011/06/22 19:02:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 19:01:28 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/22 19:01:08 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/22 19:01:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/22 19:00:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 19:00:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 19:00:03 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 18:47:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/14 19:32:18 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2011/06/13 17:23:58 | 000,000,333 | -HS- | M] () -- C:\boot.ini
[2011/06/13 11:29:18 | 000,642,940 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_audio.Cache
[2011/06/13 11:00:40 | 002,557,816 | ---- | M] (Accmeware Corporation ) -- C:\Documents and Settings\Owner\My Documents\FreeWAVMP3ConverterSetup.exe
[2011/06/13 09:34:06 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1770027372-725345543-1003Core.job
[2011/06/12 18:50:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/28 20:21:51 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Registry Defrag.lnk
[2011/05/28 19:47:53 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/28 19:40:52 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Disk Defrag.lnk
[2011/05/27 15:22:19 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Registry Cleaner.lnk
[2011/05/26 18:45:50 | 000,001,014 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Duplicate File Finder.lnk
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[28 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 19:34:53 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.lnk
[2011/06/14 19:32:17 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2011/06/12 18:50:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/12 18:50:44 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/05 14:42:58 | 000,636,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-1770027372-725345543-1003-0.dat
[2011/05/28 20:21:51 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Registry Defrag.lnk
[2011/05/28 19:40:52 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Disk Defrag.lnk
[2011/05/27 15:22:19 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Registry Cleaner.lnk
[2011/05/26 18:47:03 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/26 18:45:50 | 000,001,014 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Duplicate File Finder.lnk
[2011/05/26 11:11:11 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/04/28 18:30:20 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/22 14:38:48 | 000,441,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/22 13:13:05 | 000,000,036 | RH-- | C] () -- C:\WINDOWS\sued.dat
[2010/12/20 12:23:47 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2010/11/09 21:06:08 | 000,274,142 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/03 09:42:04 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/02 15:20:46 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/08/02 15:20:35 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/02 15:20:33 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/02 15:20:32 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/08/02 14:51:16 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\ICMET20.BIN
[2010/08/01 12:30:50 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/01 11:17:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/04/20 15:24:40 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/04/07 07:50:13 | 000,023,162 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/04/04 15:49:05 | 000,201,420 | ---- | C] () -- C:\WINDOWS\hpoins42.dat.temp
[2010/04/04 15:49:05 | 000,001,300 | ---- | C] () -- C:\WINDOWS\hpomdl42.dat.temp
[2010/04/04 15:37:30 | 000,105,543 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2010/04/04 15:37:29 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/03/22 15:23:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/12/12 12:32:39 | 000,000,651 | ---- | C] () -- C:\WINDOWS\Solitaire.ini
[2009/10/27 12:03:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/27 12:03:54 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/27 12:03:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/27 12:03:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/27 12:03:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/11 11:17:22 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sdop.dat
[2009/09/30 12:14:16 | 000,128,492 | ---- | C] () -- C:\WINDOWS\hpgins31.dat
[2009/09/30 12:14:16 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl31.dat
[2009/09/28 13:06:33 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/09/11 19:12:10 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009/08/31 15:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 15:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/07/05 10:41:34 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461.Dll
[2009/07/05 10:41:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461_0C.dll
[2009/07/05 10:41:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461_10.dll
[2009/07/05 10:41:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461_0A.dll
[2009/07/05 10:41:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461_07.dll
[2009/07/05 10:41:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461_09.dll
[2009/07/05 10:41:34 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461_0402.dll
[2009/06/03 13:02:31 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2009/03/12 16:50:23 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gastracker.ini
[2008/10/19 17:11:52 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/10/19 17:11:52 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2008/10/19 14:51:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/10/19 14:51:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/10/19 14:50:46 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/08/08 12:18:12 | 000,127,404 | ---- | C] () -- C:\WINDOWS\hpgins24.dat.temp
[2008/08/08 12:18:12 | 000,000,308 | ---- | C] () -- C:\WINDOWS\hpgmdl24.dat.temp
[2008/06/25 16:42:51 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/06/20 18:11:55 | 000,642,940 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_audio.Cache
[2008/06/08 10:16:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/05/08 19:38:27 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/02/08 19:35:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SetOutput60x.dll
[2007/12/21 23:47:00 | 000,004,021 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/11/25 11:40:03 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2007/11/10 14:51:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2007/10/25 09:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/10/11 06:10:22 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2007/10/05 15:20:21 | 000,127,901 | ---- | C] () -- C:\WINDOWS\hpgins24.dat
[2007/10/05 15:20:21 | 000,000,308 | ---- | C] () -- C:\WINDOWS\hpgmdl24.dat
[2007/09/12 11:17:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/07/21 15:30:57 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/07/11 19:29:12 | 000,000,208 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/07/07 17:40:16 | 000,001,585 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/05 20:57:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2007/07/05 08:35:34 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/07/05 02:49:36 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/07/05 00:13:24 | 000,020,880 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image.Cache
[2007/07/04 23:45:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/04 22:45:01 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/07/04 22:44:37 | 000,001,348 | ---- | C] () -- C:\WINDOWS\System32\tsdigsgn.dat
[2007/07/04 21:45:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/07/04 21:42:30 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5I.DLL
[2007/07/04 21:17:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/07/04 10:22:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/04 10:18:22 | 000,023,732 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/04 05:06:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/04 05:05:59 | 000,352,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/05/01 15:33:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0461_11.dll
[2007/01/22 09:11:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,537,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,103,492 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/19 02:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/10/24 22:35:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/21 16:07:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/10/19 18:56:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/07 07:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/10/07 07:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/09 00:31:04 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/13 15:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/09/23 12:00:00 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\tsseShrd.dll
[1999/01/22 07:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Unicode (All) ==========
[2010/04/20 15:42:13 | 000,000,012 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳睏敮屲灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮⹳浸l
[2010/04/20 15:42:13 | 000,000,012 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳睏敮屲灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2010/04/03 11:55:43 | 000,000,012 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????l) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳睏敮屲灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮⹳浸l
[2010/04/03 11:55:42 | 000,000,012 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳睏敮屲灁汰捩瑡潩慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Webroot:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\TIX LIST:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Show flyer 2010.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\PRINT MUSIC JERRY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Nov 09]_files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\My Scanned Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Music 2006 (PDF's):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\hpothb07.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Health:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Gourd photos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Finale Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\DOWNLOADS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Diabetes forms etc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Copy of My Photos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Chorus sheet music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\CABOT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\BARBERSHOP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\5th Wheel damage:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\10-8-09_files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\5th Wheel damage:Roxio EMC Stream
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EA1126E
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Attached Files



#4 tictx

tictx
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 22 June 2011 - 08:28 PM

Thank you in advance for helping. I hope this is correct.

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:55 AM

Posted 22 June 2011 - 08:43 PM

Hi!

Yep, they were the right logs.

For future logs, please post them rather than attach them.

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
    IE - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    [2010/09/20 13:39:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/23 20:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/20 11:40:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/23 17:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: () - {A692062A-11A1-461B-BE98-B520F01F96FC} - C:\Program Files\Advanced Spyware Remover\AKILLER.DLL ()
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
    O3 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKLM..\Run: [zzzHPSETUP] File not found
    O4 - HKU\S-1-5-21-1644491937-1770027372-725345543-1003..\RunOnce: [FlashPlayerUpdate] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:55 AM

Posted 25 June 2011 - 11:23 AM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.


Thanks,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 tictx

tictx
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 25 June 2011 - 02:31 PM

ComboFix 11-06-25.03 - Owner 06/25/2011 13:34:20.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1299 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\Owner\WINDOWS\system\New Microsoft PowerPoint Presentation.ppt
c:\documents and settings\Owner\WINDOWS\system\Thumbs.db
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-1644491937-1770027372-725345543-1003(2)\INFO2
T:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 17:13 . 2011-06-25 17:13 -------- d-----w- C:\_OTL
2011-06-25 04:20 . 2011-06-25 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-23 01:02 . 2011-06-23 01:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2011-06-23 01:02 . 2011-06-23 01:02 -------- d-----w- c:\program files\Uniblue
2011-06-23 01:02 . 2011-06-23 01:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2011-06-23 00:11 . 2011-03-13 16:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-23 00:11 . 2011-03-13 16:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-23 00:11 . 2011-03-13 16:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-13 16:12 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-06-13 16:12 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-06-13 16:12 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-06-13 16:12 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-06-13 16:12 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-06-13 16:12 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-06-13 16:12 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-06-13 16:12 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-06-13 16:12 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-06-13 16:12 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-06-13 16:12 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-06-13 16:12 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-06-13 16:02 . 2011-06-13 16:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Free WAV to MP3 Converter
2011-06-13 16:01 . 2011-06-13 16:01 -------- d-----w- c:\program files\Free WAV to MP3 Converter
2011-06-13 14:53 . 2011-06-22 23:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-13 14:51 . 2011-06-13 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2011-06-13 14:51 . 2011-06-13 14:51 -------- d-----w- c:\program files\NOS
2011-06-13 00:16 . 2011-06-13 19:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2011-06-06 17:55 . 2011-06-06 17:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 17:55 . 2011-06-06 17:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-05-26 23:45 . 2011-06-13 00:12 -------- d-----w- c:\program files\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-18 20:35 . 2011-05-20 00:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-05-06 15:20 . 2011-04-28 23:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-04 09:52 . 2010-09-20 18:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2009-08-25 23:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2007-07-04 15:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 19:28 . 2011-04-26 19:28 234 ---ha-w- C:\aaw7boot.cmd
2011-04-26 18:49 . 2009-11-17 00:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2009-09-04 00:37 . 2009-09-04 00:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-09-04 00:58 . 2009-09-04 00:58 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-04-14 19:01 . 2011-04-21 19:07 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"Update Service"="c:\progra~1\COMMON~1\TEKNUM~1\update.exe" [2009-11-30 19456]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-26 1306216]
"QveCtl2Tray"="c:\program files\Philips\PSA2\skin\QveCplSk.EXE" [2002-11-04 569344]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2007-7-4 323584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.199\SSScheduler.exe [2011-2-23 272528]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-4 53317]
Timex Data Link USB Launcher.lnk - c:\program files\Timex\Data Link USB\DataLinkLauncher.exe [2009-3-25 40960]
Timex Trainer Launcher.lnk - c:\program files\Timex\Timex Trainer\TBEggLaunch.exe [2009-3-21 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\program files\Soluto\soluto.exe /userinit"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\RoxUpnpRenderer.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca5439a1294b2c;Google Update Service (gupdate1ca5439a1294b2c);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 133104]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2005-09-29 45824]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
R3 BlackBox;BlackBox SR2; [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.199\McCHSvc.exe [2011-02-23 237008]
R3 mfeavfk01;McAfee Inc.; [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-03-13 83688]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 nosGetPlusHelper;getPlusŪ Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2005-09-29 56960]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver; [x]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [2007-05-01 132232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 ALLOW-IO;ALLOW-IO;c:\windows\system32\Drivers\ALLOW-IO.sys [2005-06-21 6016]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-05-18 51144]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS\tffsport.sys [2008-04-13 149376]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-03-13 89368]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-05-18 375328]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2001-10-25 36224]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-03-13 83688]
S3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [2002-08-27 365460]
S3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\DRIVERS\QsndEnum.sys [2002-07-18 9600]
S3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [2002-10-28 411008]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk02
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2010-04-29 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-04-29 15:00]
.
2010-05-02 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-04-29 15:00]
.
2010-12-08 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-04-29 19:10]
.
2011-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-05 19:38]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 23:36]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 23:36]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1770027372-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 19:12]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1770027372-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 19:12]
.
2010-04-29 c:\windows\Tasks\mixpadSevenDaysInit.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-04-29 13:50]
.
2011-06-15 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-04-29 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 207.70.172.13 207.70.128.209
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rlz=1R0GGGL_en
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: SlipStream SP Integrator: {9d613b03-9b7c-4fa0-b2f8-32f7cc24873f} - %profile%\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Adobe DLM (powered by getPlusŪ): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-25 13:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E66833A-0493-D05A-4DAE-C454F91D32D2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaoaijbckkokmecjhocailpmfpjcin"=hex:64,61,6f,6b,6c,68,68,63,00,85
"oakbagknbebadggafekoaknmagmebf"=hex:6a,61,70,6b,63,6b,62,67,6c,69,64,67,6f,67,
68,62,66,69,6b,64,00,02
"naebkepdcobfofceoglegooapiic"=hex:6a,61,70,6b,63,6b,62,67,6c,69,64,67,6f,67,
68,62,66,69,6b,64,00,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\msacm32.drv
.
- - - - - - - > 'explorer.exe'(7708)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-06-25 14:13:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-25 19:12
.
Pre-Run: 119,729,795,072 bytes free
Post-Run: 119,525,240,832 bytes free
.
- - End Of File - - C09514E2E0349DCA83EE4276FEEA3ED2

#8 tictx

tictx
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 25 June 2011 - 02:43 PM

I attempted to cut and paste the OTL log that was run after combofix but it was too long.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:55 AM

Posted 25 June 2011 - 02:58 PM

Hi!

Can you please attach the OTL Fix log for me to review?

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2o4bkadj.default\
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:55 AM

Posted 27 June 2011 - 10:16 AM

Still with me?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 tictx

tictx
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 June 2011 - 04:02 PM

I uninstalled Spybot and reinstalled it and ran the program. The results showed no malware. I am retired and have a small income and will contribute. Thank you for all your assistance.

Edited by tictx, 27 June 2011 - 04:11 PM.


#12 tictx

tictx
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 June 2011 - 04:13 PM

I uninstalled Spybot and reinstalled it and ran the program. The results showed no malware. I am retired and have a small income and will contribute. Thank you for all your assistance.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:55 AM

Posted 27 June 2011 - 05:32 PM

Hi!

Can you please post the ComboFix log for me that should have been produced after running the instructions in this post?

http://www.bleepingcomputer.com/forums/topic403621.html/page__view__findpost__p__2307937

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 tictx

tictx
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 28 June 2011 - 03:04 PM

Where would I find it now? Should I run it again and send the results?

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:55 AM

Posted 28 June 2011 - 05:56 PM

You can find that log file in C:\ComboFix.txt

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users