Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinFirewall.exe Trojan | Worm.Ainslot - Help Removing Please.


  • This topic is locked This topic is locked
10 replies to this topic

#1 s4nt0s

s4nt0s

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 20 June 2011 - 07:48 PM

Hello folks,

I've got a virus that I just can't seem to remove. I've scanned my system with hitman pro, malywarebytes and trendmicro and all of them detect the virus, but when trying to remove it, my system goes bluescreen and starts dumping memory ... when it reaches 100% it automatically restarts. This happens over and over no matter which software I use to remove the virus.

If I try to kill the process in task manager (winfirewall.exe) it will blue screen again.

Here is a malwarebytes scan of my system.

Posted Image

I know it's small but you can see in the image that it has changed some registry values as well.

This is also blocking some websites from my browser which is throwing this error:

Posted Image

I have attached the DDS, Attach and a hijackthis log. I couldn't use the GMER due to running 64 bit OS.

IF you need anything else, please let me know. This computer is my main source of income due to being an online marketer. My business Paypal Account, various hosting accounts and multiple websites are managed from this PC so the sooner I can get rid of this virus, the better.

I have set up email notification and have bookmarked this post so I can quickly respond.

Thank you for the help and support.

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:52 PM

Posted 29 June 2011 - 10:06 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 s4nt0s

s4nt0s
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 29 June 2011 - 12:38 PM

Hello ST,

Thanks for responding to my thread. After downloading and trying pretty much every scanner/virus remover I could find, I think I removed the main problem which was winfirewall.exe. A software called Prevx 3.0 was the only one that worked. The only problem is I think there are still some issues that need to be dealt with. For a while the winfirewall.exe had blocked a lot of the websites that I would frequently visit.

A lot of the websites are unblocked now but some are still having issues.

Here are the OTL logs you requested.

OTL.Txt

OTL logfile created on: 6/29/2011 12:17:56 PM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.79% Memory free
8.17 Gb Paging File | 6.50 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.30 Gb Total Space | 198.42 Gb Free Space | 68.59% Space Free | Partition Type: NTFS

Computer Name: MONEYMAKER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/29 12:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011/06/23 18:02:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/02 04:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/28 10:27:40 | 000,391,520 | ---- | M] (Outertech) -- C:\Program Files (x86)\Cacheman\CachemanTray.exe
PRC - [2011/03/28 09:47:08 | 000,235,872 | ---- | M] (Outertech) -- C:\Program Files (x86)\Cacheman\CachemanServ.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2009/04/11 01:28:16 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008/04/06 22:13:28 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2007/12/26 16:38:32 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/10/17 21:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007/10/16 18:24:32 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe
PRC - [2007/10/02 23:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/09/12 16:37:54 | 000,988,160 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
PRC - [2007/08/15 13:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2007/08/15 13:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 13:03:42 | 002,441,216 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 14:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/13 19:25:10 | 000,741,376 | ---- | M] (ChkMail) -- C:\Program Files\ChkMail\ChkMail\ChkMail.exe
PRC - [2007/05/18 04:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/04/23 06:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\SetPoint\x86\SetPoint32.exe
PRC - [2007/02/02 21:28:36 | 000,493,056 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe
PRC - [2006/11/02 10:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe


========== Modules (SafeList) ==========

MOD - [2011/06/29 12:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2011/06/20 01:20:27 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011/06/20 01:20:27 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007/04/23 06:00:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\x86\GameHook.dll
MOD - [2007/04/23 06:00:00 | 000,045,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\x86\lgscroll.dll
MOD - [2006/08/02 19:31:14 | 000,036,864 | ---- | M] () -- C:\Program Files\ASUS\ASUS Direct Console\MSNHOOK.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/26 23:10:25 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2011/05/04 12:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/01/19 02:06:52 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/05/18 04:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/28 09:47:08 | 000,235,872 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files (x86)\Cacheman\CachemanServ.exe -- (CachemanService)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/03/29 23:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/02 23:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/03 14:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/26 23:10:25 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2011/06/26 23:10:25 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2011/06/26 23:10:25 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/06/23 11:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/26 17:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/11 00:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/19 00:38:18 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/12/06 05:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/01 01:59:45 | 001,829,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2007/09/29 10:03:31 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/26 17:03:58 | 000,015,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2007/09/25 17:19:07 | 003,196,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/08/08 19:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 22:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/04/11 17:35:46 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2007/04/11 17:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 17:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/04/11 11:18:25 | 000,071,680 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2007/02/08 05:04:59 | 000,013,168 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2006/11/02 07:03:00 | 000,049,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2006/10/27 08:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 20:45:36 | 002,471,424 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/02/07 06:53:21 | 000,008,704 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2007/08/02 23:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 AE 9D C3 2C 30 CC 01 [binary data]
IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 18:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/14 02:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011/06/11 22:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hrtpm3gm.default\extensions
[2011/06/11 22:00:31 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hrtpm3gm.default\extensions\firefox@tvunetworks.com
[2011/06/27 18:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/13 10:59:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/27 18:08:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/17 00:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/14 19:38:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/23 18:02:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe (ChkMail)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] File not found
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WinFirewall] File not found
O4 - HKLM..\Run: [zDirectMessenger] C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE (ASUSTeK COMPUTER INC.)
O4 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000..\Run: [CachemanTray] C:\Program Files (x86)\Cacheman\CachemanTray.exe (Outertech)
O4 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000..\Run: [WinFirewall] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: WinFirewall = C:\Users\Admin\AppData\Roaming\WinFirewall.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 12:14:33 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011/06/27 20:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/06/27 20:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/06/27 20:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/06/27 20:31:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/27 20:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/06/27 20:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2011/06/27 20:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/06/27 20:27:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/06/27 19:04:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/27 18:11:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011/06/27 18:09:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/06/27 18:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/06/27 18:06:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/06/27 15:24:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/26 23:43:55 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/26 23:43:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/26 23:43:55 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/26 23:43:55 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/26 23:43:55 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/26 23:43:55 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/26 23:43:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/26 23:43:55 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/26 23:43:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/26 23:43:55 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/26 23:43:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/26 23:43:55 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/26 23:43:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/26 23:43:55 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/26 23:43:55 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/26 23:43:55 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/26 23:43:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/26 23:43:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/26 23:43:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/26 23:43:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/26 23:43:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/26 23:43:55 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/26 23:43:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/26 23:43:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/26 23:43:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/26 23:43:54 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/26 23:43:54 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/26 23:43:54 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/26 23:43:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/26 23:43:54 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/26 23:43:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/26 23:43:54 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/26 23:43:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/26 23:43:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/26 23:43:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/26 23:43:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/26 23:43:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/06/26 23:43:54 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/26 23:43:54 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/26 23:43:54 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/26 23:43:54 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/06/26 23:43:54 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/26 23:43:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/26 23:43:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/26 23:43:54 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/26 23:43:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/26 23:43:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/26 23:43:54 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/26 23:43:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/26 23:43:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/26 23:43:53 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/26 23:43:53 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/26 23:43:53 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/26 23:43:53 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/26 23:43:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/26 23:43:53 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/26 23:43:53 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/26 23:43:53 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/26 23:43:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/26 23:43:53 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/26 23:43:53 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/26 23:43:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/26 23:43:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/26 23:43:53 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/26 23:43:53 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/26 23:43:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/26 23:43:53 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/26 23:43:53 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/26 23:43:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/26 23:43:53 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/26 23:43:53 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/26 23:43:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/26 23:43:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/26 23:43:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/26 23:43:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/26 23:43:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/26 23:43:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/26 23:43:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/26 23:43:52 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/26 23:43:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/26 23:38:05 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/26 23:10:25 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/06/26 23:10:25 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/06/26 23:10:25 | 000,036,384 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/06/26 23:10:25 | 000,024,024 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/06/26 23:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
[2011/06/26 23:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/06/26 23:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011/06/26 23:07:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/06/26 23:07:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2011/06/26 23:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/06/26 23:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/06/26 23:07:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PackageAware
[2011/06/26 22:59:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/26 22:59:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/26 22:59:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/26 22:58:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/26 22:58:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/26 22:58:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/26 22:58:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/25 14:32:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/25 14:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/25 14:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 14:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/06/25 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/20 18:56:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe
[2011/06/20 18:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/06/20 18:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/06/20 18:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/06/20 18:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/06/20 18:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/20 13:40:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\UCS IMAGES
[2011/06/20 01:35:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Help
[2011/06/20 00:57:30 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/19 18:44:36 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/06/19 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011/06/19 14:42:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/19 14:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 14:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/19 14:42:18 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/19 14:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/17 00:37:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\.ranktracker
[2011/06/17 00:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/17 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/17 00:36:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/17 00:36:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/17 00:36:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/17 00:36:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/17 00:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/06/17 00:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEO PowerSuite
[2011/06/17 00:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEO PowerSuite
[2011/06/14 16:05:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Links
[2011/06/11 22:00:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\TVU Networks
[2011/06/11 22:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2011/06/11 22:00:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx
[2011/06/11 02:37:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\go
[2011/06/11 02:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/06/09 19:20:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Tigerdirect images
[2011/06/09 14:45:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Sword images
[2011/06/09 13:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2011/06/08 14:36:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\movies
[2011/06/08 14:03:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\newupdate1111
[2011/06/07 16:53:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FeedNamerTest
[2011/06/07 16:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FeedNamer 1.1
[2011/06/07 15:10:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2011/06/07 15:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/06/07 15:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/06/06 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Del Monte
[2011/06/06 14:15:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TortoiseSVN
[2011/06/06 14:12:24 | 000,000,000 | ---D | C] -- C:\Tortoise share
[2011/06/06 14:12:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Subversion
[2011/06/06 14:12:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\TSVNCache
[2011/06/06 14:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2011/06/06 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2011/06/06 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2011/06/06 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\WayBackContent
[2011/06/06 11:32:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WayBackMachine
[2011/06/06 11:24:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\wayback
[2011/06/04 18:12:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\StickyNotes
[2011/06/04 18:11:48 | 000,000,000 | ---D | C] -- C:\stickynotes
[2011/06/02 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Clickbump
[2011/05/30 22:56:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\UCS_V1.1

========== Files - Modified Within 30 Days ==========

[2011/06/29 12:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011/06/29 12:12:05 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/29 12:12:05 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/29 12:12:05 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 12:09:27 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/29 12:06:44 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\ChkMail.ini
[2011/06/29 12:06:33 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/29 12:06:25 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/06/29 12:06:21 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/29 12:06:19 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/06/29 12:05:30 | 000,003,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 12:05:30 | 000,003,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 12:05:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/29 12:05:16 | 4294,238,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/29 01:57:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/29 01:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769947998-1969145775-2102879528-1000UA.job
[2011/06/28 22:48:43 | 000,002,049 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2011/06/28 22:48:43 | 000,002,011 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/28 16:47:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769947998-1969145775-2102879528-1000Core.job
[2011/06/28 14:28:01 | 000,023,988 | ---- | M] () -- C:\Users\Admin\Desktop\picture.png
[2011/06/28 12:06:53 | 000,436,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 01:01:23 | 000,007,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/28 01:01:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/06/27 18:09:39 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/06/27 13:38:21 | 000,005,738 | ---- | M] () -- C:\Users\Admin\Desktop\paypal.rtf
[2011/06/27 13:36:13 | 000,100,944 | ---- | M] () -- C:\Users\Admin\Desktop\PliggBLASTS Header 2.jpg
[2011/06/27 00:07:02 | 000,000,980 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/26 23:44:06 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/06/26 23:44:06 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/06/26 23:44:06 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/06/26 23:44:06 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/06/26 23:43:55 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/26 23:43:55 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/26 23:43:55 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/26 23:43:55 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/26 23:43:55 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/26 23:43:55 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/26 23:43:55 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/26 23:43:55 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/26 23:43:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/26 23:43:55 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/26 23:43:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/26 23:43:55 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/26 23:43:55 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/26 23:43:55 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/26 23:43:55 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/26 23:43:55 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/26 23:43:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/26 23:43:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/26 23:43:55 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/26 23:43:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/26 23:43:55 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/26 23:43:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/26 23:43:55 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/26 23:43:55 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/26 23:43:55 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/26 23:43:55 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/26 23:43:54 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/26 23:43:54 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/26 23:43:54 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/26 23:43:54 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/26 23:43:54 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/26 23:43:54 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/26 23:43:54 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/26 23:43:54 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/26 23:43:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/26 23:43:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/26 23:43:54 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/26 23:43:54 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/06/26 23:43:54 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/26 23:43:54 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/26 23:43:54 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/26 23:43:54 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/06/26 23:43:54 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/26 23:43:54 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/26 23:43:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/26 23:43:54 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/26 23:43:54 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/26 23:43:54 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/26 23:43:54 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/26 23:43:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/26 23:43:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/26 23:43:53 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/26 23:43:53 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/26 23:43:53 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/26 23:43:53 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/26 23:43:53 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/26 23:43:53 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/26 23:43:53 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/26 23:43:53 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/26 23:43:53 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/26 23:43:53 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/26 23:43:53 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/26 23:43:53 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/26 23:43:53 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/26 23:43:53 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/26 23:43:53 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/26 23:43:53 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/26 23:43:53 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/26 23:43:53 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/26 23:43:53 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/26 23:43:53 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/26 23:43:53 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/26 23:43:53 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/26 23:43:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/26 23:43:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/26 23:43:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/26 23:43:53 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/26 23:43:53 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/26 23:43:53 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/26 23:43:52 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/26 23:43:52 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/26 23:43:52 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/26 23:38:05 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/26 23:30:53 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/26 23:21:11 | 594,872,894 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/26 23:19:22 | 000,065,325 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\data.dat
[2011/06/26 23:10:25 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/06/26 23:10:25 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/06/26 23:10:25 | 000,036,384 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/06/26 23:10:25 | 000,024,024 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/06/26 23:10:21 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/26 23:07:46 | 000,001,635 | ---- | M] () -- C:\Users\Admin\Desktop\Uniblue RegistryBooster.lnk
[2011/06/26 23:07:46 | 000,001,625 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/06/25 14:32:22 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 12:18:30 | 000,210,061 | ---- | M] () -- C:\Users\Admin\.ranktracker.properties
[2011/06/25 12:18:19 | 000,037,696 | ---- | M] () -- C:\Users\Admin\Desktop\ranking number 10 second image.png
[2011/06/25 12:17:41 | 000,122,877 | ---- | M] () -- C:\Users\Admin\Desktop\ranking number 10.png
[2011/06/23 13:04:30 | 000,055,759 | ---- | M] () -- C:\Users\Admin\Desktop\aha.PNG
[2011/06/20 19:43:07 | 000,018,706 | ---- | M] () -- C:\Users\Admin\Desktop\chrome error.png
[2011/06/20 19:30:47 | 000,003,191 | ---- | M] () -- C:\Users\Admin\Desktop\Attach.zip
[2011/06/20 19:18:28 | 000,134,123 | ---- | M] () -- C:\Users\Admin\Desktop\malwarebytes.png
[2011/06/20 18:56:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe
[2011/06/20 13:50:39 | 000,024,016 | ---- | M] () -- C:\Users\Admin\Desktop\bloglst.png
[2011/06/19 18:43:28 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2011/06/19 14:42:22 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/19 14:36:03 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/06/19 14:30:39 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/17 00:36:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/17 00:36:08 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/17 00:36:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/17 00:36:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/17 00:33:23 | 000,002,125 | ---- | M] () -- C:\Users\Admin\Desktop\Rank Tracker.lnk
[2011/06/14 16:05:25 | 000,052,137 | ---- | M] () -- C:\Users\Admin\Desktop\Links.zip
[2011/06/13 01:11:26 | 001,065,984 | ---- | M] () -- C:\Users\Admin\Documents\troy bilt.msam
[2011/06/12 22:21:05 | 000,430,080 | ---- | M] () -- C:\Users\Admin\Documents\adsense.msam
[2011/06/12 13:06:01 | 000,036,864 | ---- | M] () -- C:\Users\Admin\Documents\del monte.msam
[2011/06/12 12:08:11 | 000,358,400 | ---- | M] () -- C:\Users\Admin\Documents\swords.msam
[2011/06/09 13:13:17 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2011/06/08 14:03:18 | 001,790,598 | ---- | M] () -- C:\Users\Admin\Desktop\Debug.zip
[2011/06/07 16:53:16 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\FeedNamer 1.1.lnk
[2011/06/07 15:10:09 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/06/06 20:47:44 | 000,036,864 | ---- | M] () -- C:\Users\Admin\Documents\coupons.msam
[2011/06/06 17:26:40 | 000,000,577 | ---- | M] () -- C:\Users\Admin\Desktop\scrapebox.exe.lnk
[2011/06/05 01:08:11 | 000,047,104 | ---- | M] () -- C:\Users\Admin\Documents\coupons 3.msam
[2011/06/05 01:06:58 | 000,056,320 | ---- | M] () -- C:\Users\Admin\Documents\coupons 2.msam
[2011/06/04 18:13:14 | 000,001,290 | ---- | M] () -- C:\Users\Admin\Desktop\StickyNotes.exe.lnk
[2011/06/04 16:29:59 | 008,814,050 | ---- | M] () -- C:\Users\Admin\Desktop\creating a lasting google places listing_x264.mp4
[2011/06/04 12:15:06 | 004,377,559 | ---- | M] () -- C:\Users\Admin\Desktop\Clickbump.zip

========== Files Created - No Company Name ==========

[2011/06/28 14:27:54 | 000,023,988 | ---- | C] () -- C:\Users\Admin\Desktop\picture.png
[2011/06/27 18:09:39 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/06/27 13:38:18 | 000,005,738 | ---- | C] () -- C:\Users\Admin\Desktop\paypal.rtf
[2011/06/27 13:36:10 | 000,100,944 | ---- | C] () -- C:\Users\Admin\Desktop\PliggBLASTS Header 2.jpg
[2011/06/26 23:43:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/26 23:43:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/26 23:09:56 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/26 23:07:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011/06/26 23:07:46 | 000,001,635 | ---- | C] () -- C:\Users\Admin\Desktop\Uniblue RegistryBooster.lnk
[2011/06/26 23:07:46 | 000,001,625 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/06/26 22:59:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/26 22:59:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/26 22:59:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/26 22:59:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/26 22:59:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/25 14:32:22 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 12:17:57 | 000,037,696 | ---- | C] () -- C:\Users\Admin\Desktop\ranking number 10 second image.png
[2011/06/25 12:16:16 | 000,122,877 | ---- | C] () -- C:\Users\Admin\Desktop\ranking number 10.png
[2011/06/23 13:04:28 | 000,055,759 | ---- | C] () -- C:\Users\Admin\Desktop\aha.PNG
[2011/06/20 19:43:00 | 000,018,706 | ---- | C] () -- C:\Users\Admin\Desktop\chrome error.png
[2011/06/20 19:29:36 | 000,003,191 | ---- | C] () -- C:\Users\Admin\Desktop\Attach.zip
[2011/06/20 19:18:15 | 000,134,123 | ---- | C] () -- C:\Users\Admin\Desktop\malwarebytes.png
[2011/06/20 13:50:27 | 000,024,016 | ---- | C] () -- C:\Users\Admin\Desktop\bloglst.png
[2011/06/19 18:43:28 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2011/06/19 14:42:22 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/19 14:38:41 | 4294,238,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 14:36:03 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/06/17 00:50:06 | 000,210,061 | ---- | C] () -- C:\Users\Admin\.ranktracker.properties
[2011/06/17 00:33:22 | 000,002,125 | ---- | C] () -- C:\Users\Admin\Desktop\Rank Tracker.lnk
[2011/06/14 16:05:25 | 000,052,137 | ---- | C] () -- C:\Users\Admin\Desktop\Links.zip
[2011/06/13 15:28:33 | 000,065,325 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\data.dat
[2011/06/12 22:21:15 | 001,065,984 | ---- | C] () -- C:\Users\Admin\Documents\troy bilt.msam
[2011/06/12 22:18:58 | 000,430,080 | ---- | C] () -- C:\Users\Admin\Documents\adsense.msam
[2011/06/09 13:13:17 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/06/09 13:13:17 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2011/06/08 14:02:35 | 001,790,598 | ---- | C] () -- C:\Users\Admin\Desktop\Debug.zip
[2011/06/07 16:53:16 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedNamer 1.1.lnk
[2011/06/07 16:53:16 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\FeedNamer 1.1.lnk
[2011/06/07 15:10:09 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/06/06 20:47:55 | 000,036,864 | ---- | C] () -- C:\Users\Admin\Documents\del monte.msam
[2011/06/06 17:26:40 | 000,000,577 | ---- | C] () -- C:\Users\Admin\Desktop\scrapebox.exe.lnk
[2011/06/04 18:12:47 | 000,001,290 | ---- | C] () -- C:\Users\Admin\Desktop\StickyNotes.exe.lnk
[2011/06/04 16:29:19 | 008,814,050 | ---- | C] () -- C:\Users\Admin\Desktop\creating a lasting google places listing_x264.mp4
[2011/06/04 13:35:28 | 000,358,400 | ---- | C] () -- C:\Users\Admin\Documents\swords.msam
[2011/06/04 12:15:06 | 004,377,559 | ---- | C] () -- C:\Users\Admin\Desktop\Clickbump.zip
[2011/05/19 21:04:55 | 000,001,057 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\vso_ts_preview.xml
[2011/05/19 16:57:56 | 000,174,484 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/17 18:47:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/17 18:47:47 | 000,007,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 22:26:17 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/14 17:00:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/05/14 17:00:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/05/14 16:59:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/05/14 16:59:08 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/05/14 15:55:23 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2011/05/14 15:19:56 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/05/14 15:19:32 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/05/14 12:50:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/04/06 22:13:28 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008/04/06 22:03:44 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\ChkMail.ini
[2008/04/06 21:33:08 | 000,000,546 | ---- | C] () -- C:\Windows\SysWow64\ABG1Sn.DAT
[2007/08/06 04:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007/07/13 07:31:39 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2007/07/13 07:17:45 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 84 bytes -> C:\Windows\system.ini:c1_encryption_e
@Alternate Data Stream - 14 bytes -> C:\Windows\system.ini:c1_encryption_d

< End of report >


Extras.Txt

OTL Extras logfile created on: 6/29/2011 12:17:56 PM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.79% Memory free
8.17 Gb Paging File | 6.50 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.30 Gb Total Space | 198.42 Gb Free Space | 68.59% Space Free | Partition Type: NTFS

Computer Name: MONEYMAKER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = BD D0 FA 06 80 12 CC 01 [binary data]
"VistaSp2" = 9B 6B 8C 73 88 12 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe" = C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe:*:Enabled:Windows Messanger
"C:\Users\Admin\AppData\Roaming\WinFirewall.exe" = C:\Users\Admin\AppData\Roaming\WinFirewall.exe:*:Enabled:Windows Messanger
"C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe" = C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe:*:Enabled:Windows Messanger
"C:\Users\Admin\AppData\Roaming\WinFirewall.exe" = C:\Users\Admin\AppData\Roaming\WinFirewall.exe:*:Enabled:Windows Messanger


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EC609D9-743F-46E0-868E-B381E744BEEC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02207335-9AA3-418F-8871-2524622C29A8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{14689452-79FF-4BAF-B96D-464B40720AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1BFE39CC-0692-4CBB-B4CE-EA26E347D31A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4B1C6572-138F-4692-BA85-22BA7A41321C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5525DA76-276B-465C-BE96-BA8D6E25F466}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FE4597A-7B52-4E96-AA83-886A7B30CC32}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F6710E25-C7D2-440B-977E-33DE04D43C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{86E05E9F-1A58-4DFE-82CE-6DCAD6400B49}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{92969502-B940-4859-B094-AFF9EABE1B2C}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{467856B5-2658-496B-A3AA-35D80C89BD4D}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{B22865A0-A698-4223-81D9-27BFED10D401}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{973E2969-B314-4744-9812-AA095091598E}" = VistaFeaturePack
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}" = ASUS Direct Console
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect
"{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{660FA4BD-1E0A-DB7C-AFA9-045FED2F5267}" = FeedNamer 1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80CE09A4-56FD-AFF8-7B38-C81D5B221C5C}" = Market Samurai
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81033}" = Nero 7 Essentials
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.364
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cacheman" = Cacheman
"CloudBerry Explorer for Amazon S3" = CloudBerry Explorer for Amazon S3 2.7.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedNamerTest" = FeedNamer 1.1
"FileZilla Client" = FileZilla Client 3.5.0
"G1&G2-2" = G1&G2-2 Screen Saver
"InstallShield_{973E2969-B314-4744-9812-AA095091598E}" = VistaFeaturePack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Pidgin" = Pidgin
"seopowersuite" = Rank Tracker
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"834c5039805ab505" = WayBackMachine
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2011 10:41:09 PM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0xad8, application
start time 0x01cc3085d788dff1.

Error - 6/22/2011 12:49:03 PM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0xd60, application
start time 0x01cc30fc4aeee22f.

Error - 6/23/2011 1:44:42 AM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0xcc8, application
start time 0x01cc3168a5943c7b.

Error - 6/23/2011 1:46:33 AM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0x834, application
start time 0x01cc3168e7fb1b8a.

Error - 6/23/2011 11:12:18 AM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0x108, application
start time 0x01cc31b7f0e08193.

Error - 6/24/2011 12:06:13 PM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0xb98, application
start time 0x01cc3288a42993bf.

Error - 6/25/2011 3:23:57 AM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0x8ac, application
start time 0x01cc3308d8163627.

Error - 6/25/2011 1:02:42 PM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0xd28, application
start time 0x01cc3359b0ba73c0.

Error - 6/26/2011 5:06:52 AM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0x780, application
start time 0x01cc33e0629e1969.

Error - 6/26/2011 12:39:49 PM | Computer Name = MoneyMaker | Source = Application Error | ID = 1000
Description = Faulting application aspg.exe, version 0.0.0.0, time stamp 0x46f9d0cf,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception
code 0xc0000374, fault offset 0x00000000000aca57, process id 0xc50, application
start time 0x01cc341faa8cd6a8.

[ System Events ]
Error - 6/27/2011 12:02:25 AM | Computer Name = MoneyMaker | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 6/27/2011 12:22:14 AM | Computer Name = MoneyMaker | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 6/27/2011 1:02:47 AM | Computer Name = MoneyMaker | Source = Service Control Manager | ID = 7031
Description =

Error - 6/27/2011 1:09:08 AM | Computer Name = MoneyMaker | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 6/27/2011 2:56:04 AM | Computer Name = MoneyMaker | Source = Service Control Manager | ID = 7031
Description =

Error - 6/27/2011 1:33:22 PM | Computer Name = MoneyMaker | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 6/28/2011 2:38:13 AM | Computer Name = MoneyMaker | Source = Service Control Manager | ID = 7031
Description =

Error - 6/28/2011 1:09:58 PM | Computer Name = MoneyMaker | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 6/29/2011 2:57:02 AM | Computer Name = MoneyMaker | Source = Service Control Manager | ID = 7031
Description =

Error - 6/29/2011 1:06:16 PM | Computer Name = MoneyMaker | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >



Thank you for your help.

Talk soon - Devin

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:52 PM

Posted 29 June 2011 - 03:21 PM

Hi Devin!

No problem!

What other issues do you think need to be dealt with?

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    [2011/06/27 18:08:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    O3 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O4 - HKLM..\Run: [PowerForPhone] File not found
    O4 - HKLM..\Run: [WinFirewall] File not found
    O4 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000..\Run: [WinFirewall] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: WinFirewall = C:\Users\Admin\AppData\Roaming\WinFirewall.exe
    O7 - HKU\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    [2011/06/26 23:19:22 | 000,065,325 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\data.dat
    @Alternate Data Stream - 84 bytes -> C:\Windows\system.ini:c1_encryption_e
    @Alternate Data Stream - 14 bytes -> C:\Windows\system.ini:c1_encryption_d
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe"=-
    "C:\Users\Admin\AppData\Roaming\WinFirewall.exe"=-
    "C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe"=-
    "C:\Users\Admin\AppData\Roaming\WinFirewall.exe"=-
    
    :Files
    C:\Users\Admin\AppData\Roaming\WinFirewall.exe
    C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe
    C:\Users\Admin\AppData\Roaming\WinFirewall.exe
    C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



We need to remove a program. To do this please do the following:
For Vista Users:
  • Click on Start > Control Panel and double click on Programs and Features.
  • Locate Java™ 6 Update 22 and click on the Uninstall button to uninstall it.
  • Close Control Panel when done.


NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 s4nt0s

s4nt0s
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 29 June 2011 - 03:58 PM

Alrighty I have completed what you've requested.

Here's the OTL log:


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1769947998-1969145775-2102879528-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1769947998-1969145775-2102879528-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1769947998-1969145775-2102879528-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PowerForPhone deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinFirewall deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1769947998-1969145775-2102879528-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinFirewall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\WinFirewall deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1769947998-1969145775-2102879528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
C:\Users\Admin\AppData\Roaming\data.dat moved successfully.
ADS C:\Windows\system.ini:c1_encryption_e deleted successfully.
ADS C:\Windows\system.ini:c1_encryption_d deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Admin\AppData\Roaming\WinFirewall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Admin\AppData\Roaming\WinFirewall.exe not found.
========== FILES ==========
File\Folder C:\Users\Admin\AppData\Roaming\WinFirewall.exe not found.
File\Folder C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe not found.
File\Folder C:\Users\Admin\AppData\Roaming\WinFirewall.exe not found.
File\Folder C:\Users\Admin\AppData\Local\Temp\3548ed454d1b41efb77734e421e1f8fe.exe not found.
< type "C:\ComboFix.txt" /c >
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 453229687 bytes
->Temporary Internet Files folder emptied: 72449880 bytes
->Java cache emptied: 108326 bytes
->FireFox cache emptied: 567499122 bytes
->Google Chrome cache emptied: 339579452 bytes
->Flash cache emptied: 105568 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 234282 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 933905 bytes

Total Files Cleaned = 1,368.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.2 log created on 06292011_153723

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Here is the MBAM Log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6980

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/29/2011 3:51:44 PM
mbam-log-2011-06-29 (15-51-44).txt

Scan type: Quick scan
Objects scanned: 164114
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------------------------------

My computer seems to be running fine except some websites are still blocked. Websites I use to visit all the time are not responding no matter what browser I use. FF,IE,Chrome,etc.

Here is a screenshot of the error I get in firefox when trying to access spikedhumor

Posted Image

I don't have a clue why this is happening. I know it happened after I got the virus so I think that affected it somehow.

If you have any ideas of what might be causing this, please let me know.

Thank you for the help.

Regards,
Devin

Edited by s4nt0s, 29 June 2011 - 03:59 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:52 PM

Posted 29 June 2011 - 04:47 PM

Hi Devin!

It sounds like you maybe unable to access those sites because MBAM is blocking them.

If you have the Pro version of MBAM and have Website Blocking enabled, it will block access to those sites.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:52 PM

Posted 02 July 2011 - 10:48 AM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.


Thanks,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 s4nt0s

s4nt0s
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 02 July 2011 - 04:37 PM

Hey ST,

Sorry for not responding sooner. I appreciate all the work you've done and I'm happy to say that my computer seems to be running great and I'm not getting any flags from malwarebytes, hitmanpro, eset, etc.

I'm extremely busy this holiday weekend so I won't be here to finish the rest of what's been requested. I'm happy with the results so feel free to go ahead and close this thread. I'm feel confident that my virus/malware problems have been solved.

Thank you very much.

I've made a small donation to your paypal.

Thank you,
Devin

Edited by s4nt0s, 02 July 2011 - 04:39 PM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:52 PM

Posted 02 July 2011 - 04:58 PM

Devin,

As long as I know you're still with me, I can keep this thread open, until you've had a chance to run the above scans.

It's completely up to you.

Please let me know.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 s4nt0s

s4nt0s
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 02 July 2011 - 07:23 PM

Hey,

I'm completely happy with the results that have been achieved so far. You can feel free to close the thread now.

Thanks again,
Devin

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:52 PM

Posted 03 July 2011 - 10:19 AM

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users