Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect Virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 th29

th29

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 12 July 2011 - 12:17 PM

I'm getting redirected when I click on a search engine result listing. It happens in both firefox and ie and across multiple Search Engines (Google, Yahoo, etc.)

Address bar briefly shows the domain www.searchhereiam.net along with an id number for the redirect, before redirecting to another website.

I have avgfree as virus protection and I have run malwarebytes, superantispyware, and tdsskill since noticing the infection. None of these programs found anything.



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_20
Run by Cantonbait at 11:56:46 on 2011-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.1673 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActiveBooks\ActiveBooksServer.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Cantonbait\Desktop\gmer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.mfbank.com/index.htm
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\cantonbait\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\canton~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\QBServerUtilityMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Download all by YouTube Robot - c:\program files\youtuberobot\downall.htm
IE: Download by YouTube Robot - c:\program files\youtuberobot\downlink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab
DPF: {788539E8-002D-4E59-9089-40B694A99C9A} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{37A3E9B3-E9E3-42CC-AA30-0808F63671A5} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 67.205.118.179 www.google.com
Hosts: 67.205.118.180 search.yahoo.com
Hosts: 67.205.118.180 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cantonbait\application data\mozilla\firefox\profiles\lconrha6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\documents and settings\cantonbait\application data\mozilla\plugins\NPShipRush_UPS_Basic.dll
FF - plugin: c:\documents and settings\cantonbait\application data\mozilla\plugins\NPShipRush_USPS_Endicia.dll
FF - plugin: c:\documents and settings\cantonbait\application data\mozilla\plugins\NPShipRush_USPS_LabelsOnly.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ActiveBooks Server;ActiveBooks Server;c:\program files\activebooks\activebooksserver.exe -run --> c:\program files\activebooks\ActiveBooksServer.exe -run [?]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~3\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~3\QBDBMgrN.exe -hvQuickBooksDB17 [?]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2280312]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~4\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~4\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca2a46625d5da6;Google Update Service (gupdate1ca2a46625d5da6);c:\program files\google\update\GoogleUpdate.exe [2009-8-31 133104]
S3 ActiveBooks Agent;ActiveBooks Agent;c:\program files\activebooks\activebooksagent.exe -run --> c:\program files\activebooks\ActiveBooksAgent.exe -run [?]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-1-23 42832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-31 133104]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-4-14 20736]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-27 16:06:51 -------- d-----w- c:\program files\ActiveBooks
2011-06-23 20:22:53 -------- d-----w- C:\Quickreports
2011-06-22 14:26:31 -------- d-----w- c:\documents and settings\all users\application data\Alpha Software
2011-06-22 14:26:02 -------- d-----w- c:\documents and settings\cantonbait\application data\Alpha Software
2011-06-22 14:04:02 -------- d-----w- c:\program files\QReportBuilderV10
2011-06-20 20:27:30 -------- d-----w- c:\documents and settings\all users\application data\{6DF5EE67-523E-4EEA-B640-0045A3AF1BBC}
2011-06-20 20:27:05 -------- d-----w- C:\Atmosphere Solutions
2011-06-16 01:01:54 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-06-24 21:33:34 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 14:11:30 39984 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 22712 ------w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys
2011-04-15 02:28:42 134480 ------w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
============= FINISH: 11:56:58.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:01 PM

Posted 16 July 2011 - 01:06 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Services
    :Reg
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [EMPTYFLASH]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 July 2011 - 07:26 PM

Thank you for the response. I'll begin with your recommendations first thing Monday morning, and will let you know how it goes.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:01 PM

Posted 16 July 2011 - 08:56 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 18 July 2011 - 09:01 AM

Everything looks good on the surface. The redirect seems to have stopped.

1. OTM Log
2. RK Unhooker Report
3. OTL Report
4. Extras Report





1. OTM Log

========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Cantonbait\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Cantonbait\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Cantonbait\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Cantonbait\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTM by OldTimer - Version 3.1.18.0 log created on 07182011_083853

























2. Rk Unhooker Report

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB0DCA000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0xB0C01000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x9FDA7000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 819200 bytes
0xB9E43000 iaStor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D7F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9FF57000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA0157000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB0B4B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA00CB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9F9A6000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA01DB000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xBF48D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA0084000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x9FED8000 C:\WINDOWS\System32\Drivers\bthport.sys 274432 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0xB0D75000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0x9EBEC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9FF1B000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB0BA9000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9FBBE000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D52000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9C8B9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9FFC7000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB0D29000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA0036000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA005E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA01B7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB0D51000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB0CF2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA0014000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9FFF2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9F4FE000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB9E23000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D38000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x9FEBF000 C:\WINDOWS\system32\DRIVERS\bthpan.sys 102400 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E0C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB0BEA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9FCC9000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0x9FCB3000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0x9EF73000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB0D15000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB0DB6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA0124000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB0BD9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA258000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB48B6000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA178000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB71FC000 C:\WINDOWS\system32\DRIVERS\rfcomm.sys 61440 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x9F7BE000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA138000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB76D1000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA308000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB80C2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA318000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA158000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA128000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9EDA3000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB90EB000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB90DB000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB7804000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB5122000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA450000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB657A000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA420000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA480000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB656A000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB510A000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xB6552000 C:\WINDOWS\System32\drivers\BrPar.sys 20480 bytes (Brother Industries Ltd., Brother Parallel class Driver version 1.01)
0xB511A000 C:\WINDOWS\system32\DRIVERS\BthEnum.sys 20480 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0xB6532000 C:\WINDOWS\System32\Drivers\BTHUSB.sys 20480 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0xBA488000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA440000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA430000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA418000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9F48A000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xB4F9E000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9FDA3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9CD3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB716A000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB1496000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB7162000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB8F68000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7D62000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5E8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5EC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5EE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA61C000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA61E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5C4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA725000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6DD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7B2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
















3. OTL Report

OTL logfile created on: 7/18/2011 8:48:17 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cantonbait\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.35% Memory free
5.08 Gb Paging File | 3.76 Gb Available in Paging File | 73.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.62 Gb Total Space | 179.06 Gb Free Space | 76.98% Space Free | Partition Type: NTFS

Computer Name: DB6P4TH1 | User Name: Cantonbait | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 08:47:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
PRC - [2011/07/04 11:26:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/15 23:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/02 18:02:08 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/05 13:12:12 | 000,853,808 | ---- | M] (Core Technologies Consulting, LLC) -- C:\Program Files\ActiveBooks\ActiveBooksServer.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/15 04:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/05 07:26:44 | 000,262,144 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe
PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/04/05 07:10:28 | 001,149,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2009/03/23 18:41:06 | 000,603,488 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 10:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2007/12/03 10:03:54 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/10/09 08:09:06 | 000,100,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/09/13 11:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
PRC - [2002/07/18 11:58:46 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\Palm\HOTSYNC.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/18 08:47:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/03/23 18:39:56 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/12/03 09:59:50 | 000,045,056 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/05 13:12:14 | 000,332,592 | ---- | M] (Core Technologies Consulting, LLC) [On_Demand | Stopped] -- C:\Program Files\ActiveBooks\ActiveBooksAgent.exe -- (ActiveBooks Agent)
SRV - [2011/05/05 13:12:12 | 000,853,808 | ---- | M] (Core Technologies Consulting, LLC) [Auto | Running] -- C:\Program Files\ActiveBooks\ActiveBooksServer.exe -- (ActiveBooks Server)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/15 04:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/05/04 09:05:05 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/03 10:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006/09/13 11:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/11 04:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/19 22:19:54 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/02/18 18:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/10/31 06:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/10 19:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/10/09 08:09:02 | 000,032,280 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/10/09 08:09:00 | 000,032,152 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/24 19:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/23 18:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/23 03:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/04/14 15:52:54 | 000,020,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV - [2000/07/24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.mfbank.com/index.htm
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387
FF - prefs.js..extensions.enabledItems: RemoteDesktopExpert@techinline.com:1.6.3.4230
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Cantonbait\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/11 17:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 09:02:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/08 14:52:46 | 000,000,000 | ---D | M]

[2009/02/09 10:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Extensions
[2011/07/08 14:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions
[2010/07/27 13:50:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 13:50:00 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2009/09/10 15:35:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/05/20 10:37:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\moveplayer@movenetworks.com
[2011/05/20 09:45:38 | 000,000,000 | ---D | M] (Techinline Remote Desktop Expert) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\RemoteDesktopExpert@techinline.com
[2011/06/23 10:18:39 | 000,000,000 | ---D | M] (SortPlaces) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\sortplaces@andyhalford.com
[2010/07/27 13:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/07/27 13:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\searchplugins\MySpace.xml
[2011/07/11 09:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/02 08:47:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/11 17:44:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/03/16 08:40:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 23:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/18 08:38:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005..\Run: [Google Update] File not found
O4 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Database Server Manager.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Cantonbait\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\a5res - No CLSID value found
O18 - Protocol\Handler\a5res\CLSID - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\XBasic - No CLSID value found
O18 - Protocol\Handler\XBasic\CLSID - No CLSID value found
O18 - Protocol\Handler\XBasic\OLEScript - No CLSID value found
O18 - Protocol\Handler\XBasicV10 - No CLSID value found
O18 - Protocol\Handler\XBasicV10\CLSID - No CLSID value found
O18 - Protocol\Handler\XBasicV10\OLEScript - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\Shell\phone\command - "" = E:\autorun.exe
O33 - MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\Shell - "" = AutoRun
O33 - MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe /AUTORUN
O33 - MountPoints2\D\Shell\configure\command - "" = D:\setup.exe
O33 - MountPoints2\D\Shell\install\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 08:47:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
[2011/07/18 08:38:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/18 08:26:01 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe
[2011/07/12 08:56:50 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Cantonbait\Desktop\dds.scr
[2011/07/12 08:48:35 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cantonbait\Desktop\tdsk.exe
[2011/07/11 17:52:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Desktop\McComb Bait Shop
[2011/07/11 15:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\My Documents\Anti-Malware
[2011/07/08 14:56:06 | 013,683,064 | ---- | C] (Mozilla) -- C:\Documents and Settings\Cantonbait\Desktop\Firefox Setup 5.0.exe
[2011/07/07 16:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Desktop\Mike
[2011/07/06 14:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Desktop\NEW CUSTOMER PRINTOUTS
[2011/06/27 11:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ActiveBooks
[2011/06/27 11:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\ActiveBooks
[2011/06/24 09:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/24 08:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/23 15:22:53 | 000,000,000 | ---D | C] -- C:\Quickreports
[2011/06/22 09:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\My Documents\QReportBuilderData
[2011/06/22 09:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alpha Software
[2011/06/22 09:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Application Data\Alpha Software
[2011/06/22 09:25:33 | 001,757,184 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\xerces-com.dll
[2011/06/22 09:25:33 | 000,527,624 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\ipwssl6.dll
[2011/06/22 09:25:33 | 000,466,944 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\ibizqb3.dll
[2011/06/22 09:25:24 | 016,520,552 | ---- | C] (FLEXquarters.com Limited) -- C:\WINDOWS\System32\fqqb_qrb.dll
[2011/06/22 09:25:22 | 000,882,128 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSDW3BO.OCX
[2011/06/22 09:25:22 | 000,098,304 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssr2c.dll
[2011/06/22 09:25:22 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GRID32.OCX
[2011/06/22 09:25:22 | 000,072,192 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssprn32.dll
[2011/06/22 09:25:22 | 000,071,016 | ---- | C] (Flexquarters.com, LLC) -- C:\WINDOWS\System32\FQQBVSAV.exe
[2011/06/22 09:25:22 | 000,061,440 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssmedt32.dll
[2011/06/22 09:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QODBC Driver for QuickBooks
[2011/06/22 09:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\QODBC Driver for QuickBooks
[2011/06/22 09:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\QReportBuilderV10
[2011/06/20 15:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{6DF5EE67-523E-4EEA-B640-0045A3AF1BBC}
[2011/06/20 15:27:05 | 000,000,000 | ---D | C] -- C:\Atmosphere Solutions
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 08:47:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
[2011/07/18 08:42:39 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\RKUnhookerLE.EXE
[2011/07/18 08:38:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/18 08:30:56 | 122,659,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/18 08:26:01 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe
[2011/07/18 08:10:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1005UA.job
[2011/07/18 08:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/18 08:02:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-501UA.job
[2011/07/18 07:51:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1006UA.job
[2011/07/17 18:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 18:00:07 | 000,000,732 | ---- | M] () -- C:\WINDOWS\tasks\Daily Backup.job
[2011/07/17 15:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Local Copies.job
[2011/07/17 15:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Admin.job
[2011/07/17 14:51:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1006Core.job
[2011/07/17 14:51:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\QuickReportsCCEmail_Canton Wholesale Bait Admin.job
[2011/07/17 14:10:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1005Core.job
[2011/07/17 13:06:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/17 09:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-501Core.job
[2011/07/16 13:36:17 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe.htm
[2011/07/16 13:29:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/16 13:29:28 | 3477,712,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/14 13:06:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/13 08:57:14 | 000,000,823 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2011/07/13 08:42:47 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 03:00:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 14:22:20 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pub
[2011/07/12 14:09:41 | 000,106,318 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pdf
[2011/07/12 08:56:53 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Cantonbait\Desktop\dds.scr
[2011/07/12 08:56:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\defogger_reenable
[2011/07/12 08:54:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\Defogger.exe
[2011/07/11 16:58:00 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cantonbait\Desktop\tdsk.exe
[2011/07/11 09:02:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/08 14:56:06 | 013,683,064 | ---- | M] (Mozilla) -- C:\Documents and Settings\Cantonbait\Desktop\Firefox Setup 5.0.exe
[2011/07/08 10:22:07 | 000,074,657 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\TriRegistration.pdf
[2011/07/03 18:00:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\REG00055
[2011/06/28 13:32:19 | 000,010,167 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\transactions-20110628-1232186.iif
[2011/06/28 03:07:01 | 000,527,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/28 03:07:01 | 000,095,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/27 11:06:53 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\ActiveBooks.lnk
[2011/06/24 16:33:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/22 09:25:33 | 000,000,772 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/06/22 09:25:22 | 000,004,339 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/21 18:00:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\REG00054
[2011/06/19 18:00:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\REG00053
[2011/06/18 18:00:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\REG00052
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/18 08:42:40 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\RKUnhookerLE.EXE
[2011/07/16 13:36:17 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe.htm
[2011/07/12 14:09:40 | 000,106,318 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pdf
[2011/07/12 11:49:22 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pub
[2011/07/12 09:02:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\gmer.exe
[2011/07/12 08:56:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\defogger_reenable
[2011/07/12 08:54:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\Defogger.exe
[2011/07/11 09:02:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/11 09:02:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/08 10:22:07 | 000,074,657 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\TriRegistration.pdf
[2011/07/03 18:00:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\REG00055
[2011/06/28 13:32:21 | 000,010,167 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\transactions-20110628-1232186.iif
[2011/06/27 11:06:53 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\ActiveBooks.lnk
[2011/06/23 15:23:33 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Local Copies.job
[2011/06/23 14:49:56 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\QuickReportsCCEmail_Canton Wholesale Bait Admin.job
[2011/06/22 09:25:33 | 000,803,424 | ---- | C] () -- C:\WINDOWS\System32\sqlcrypt3.dll
[2011/06/22 09:25:33 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\c4dll.dll
[2011/06/22 09:25:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2011/06/21 18:00:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\REG00054
[2011/06/20 15:52:09 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Admin.job
[2011/06/19 18:00:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\REG00053
[2011/06/18 18:00:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\REG00052
[2011/05/31 12:01:21 | 000,001,507 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2011/04/21 17:33:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BarCode.ini
[2011/02/16 01:39:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/02/05 17:06:33 | 000,000,357 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/11/09 11:10:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 16:01:07 | 000,067,879 | ---- | C] () -- C:\WINDOWS\IIF Transaction Creator Uninstaller.exe
[2010/07/21 14:31:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/07/16 14:37:31 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/06/23 10:16:46 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/11 18:32:36 | 001,073,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/11 11:38:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/03 17:45:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/02/03 17:44:20 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\bd2040.dat
[2010/02/03 14:18:38 | 000,000,823 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/03 14:18:38 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/02/03 14:18:38 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7440n.dat
[2010/02/03 14:16:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/02/03 14:16:43 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/02/03 14:16:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/02/03 14:16:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/02/03 13:23:20 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/11/05 17:41:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/10/27 12:05:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Application Data\$_hpcst$.hpc
[2009/10/19 12:33:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/17 13:19:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/23 18:40:06 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/03/03 11:59:40 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2009/03/03 11:59:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2009/02/09 10:01:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/30 10:19:35 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/09 11:05:55 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2009/01/07 18:43:23 | 000,000,157 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/01/07 18:43:08 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2009/01/07 18:43:08 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/01/07 18:43:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2009/01/07 17:01:52 | 000,000,334 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/12/30 11:18:52 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Local Settings\Application Data\fusioncache.dat
[2008/12/29 17:36:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adminsvc.INI
[2008/12/29 17:36:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\absdatasvc.INI
[2008/12/29 17:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\applogic.INI
[2008/12/29 17:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tracklogic.INI
[2008/12/29 17:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\revservice.INI
[2008/12/29 14:41:11 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/29 13:18:30 | 000,000,772 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/29 13:12:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2008/12/29 13:12:19 | 000,000,087 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/29 13:12:18 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/12/06 16:12:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/06 16:07:12 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/06 15:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/12/06 15:45:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/12/06 15:44:27 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/28 05:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 03:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,339 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,527,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,095,916 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/14 15:52:54 | 000,020,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4EA859B

< End of report >
























4. Extras Report


OTL Extras logfile created on: 7/18/2011 8:48:17 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cantonbait\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.35% Memory free
5.08 Gb Paging File | 3.76 Gb Available in Paging File | 73.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.62 Gb Total Space | 179.06 Gb Free Space | 76.98% Space Free | Partition Type: NTFS

Computer Name: DB6P4TH1 | User Name: Cantonbait | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks Database Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBW32.EXE" = C:\Program Files\Intuit\QuickBooks 2010\QBW32.EXE:*:Enabled:QuickBooks Application -- (Intuit Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\DBManagerExe.exe" = C:\Program Files\Intuit\QuickBooks 2010\DBManagerExe.exe:*:Enabled:Quickbooks DB Manager Exe -- (Intuit Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\FileManagement.exe" = C:\Program Files\Intuit\QuickBooks 2010\FileManagement.exe:*:Enabled:Quickbooks File Management -- ()
"C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe:*:Enabled:QuickBooks File Monitor Service -- (Intuit)
"C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe:*:Enabled:Quickbooks Launcher -- (Intuit Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\bMobile Tech\bMobile for QuickBooks\bMobileSync.exe" = C:\Program Files\bMobile Tech\bMobile for QuickBooks\bMobileSync.exe:*:Enabled:bMobile Sync with QuickBooks -- (bMobile Tech)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ED5DC36-DDB8-4586-90FE-7D4B31FFB51F}" = bMobile for QuickBooks
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53183B25-FBDC-4B95-856A-DCDD69DFEE18}" = Intel® PRO Alerting Agent
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925A9926-AE11-48F5-87EB-7BE2F06BFEB5}" = ShipRush for USPS
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC94A0D-AA05-4F8E-B5DB-949DD556320F}" = Brother HL-2170W
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2134B6C-EC64-419D-85C7-8FE5816BFF6F}" = Barcode Generator
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B4C011-57E3-4774-A508-C9A080B23634}" = Shipper 3
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6AFA1CC-12AD-4C34-8988-08DB683DE6B8}" = Motorola DataWedge 3.2
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"7-Zip" = 7-Zip 4.64
"85DA798895BA536809748C82E049259FB584E039" = Windows Driver Package - Solid Innovation, Inc. (2007.1.3) (SiCNTUSB) USB (03/12/2007 2007.01.03.0)
"ActiveBooks_is1" = ActiveBooks Version 6.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"AVG" = AVG 2011
"Carbonite Backup" = Carbonite
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"doPDF 6 printer_is1" = doPDF 6.1 printer
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Professional 2010
"QB Connection Diagnostic Tool" = QB Connection Diagnostic Tool
"QB Network Diagnostic Tool" = QB Network Diagnostic Tool
"QODBC Driver" = QODBC Driver
"TeamViewer 6" = TeamViewer 6
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2011 4:00:26 AM | Computer Name = DB6P4TH1 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2446704v2'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2446704_20110718_080025390-Msi0.txt.

Error - 7/18/2011 4:00:27 AM | Computer Name = DB6P4TH1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2446704,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 7/18/2011 9:29:39 AM | Computer Name = DB6P4TH1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": tlg file
removal failed because the file was still ope

Error - 7/18/2011 9:30:19 AM | Computer Name = DB6P4TH1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/18/2011 9:30:19 AM | Computer Name = DB6P4TH1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/18/2011 9:30:19 AM | Computer Name = DB6P4TH1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/18/2011 9:32:20 AM | Computer Name = DB6P4TH1 | Source = Application Hang | ID = 1002
Description = Hanging application QBW32.EXE, version 20.0.4012.807, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/18/2011 9:32:24 AM | Computer Name = DB6P4TH1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/18/2011 9:32:24 AM | Computer Name = DB6P4TH1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/18/2011 9:32:24 AM | Computer Name = DB6P4TH1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ System Events ]
Error - 7/16/2011 4:00:40 AM | Computer Name = DB6P4TH1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2446704).

Error - 7/17/2011 4:00:24 AM | Computer Name = DB6P4TH1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Family Update (KB959209) x86.

Error - 7/17/2011 4:00:33 AM | Computer Name = DB6P4TH1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2478658).

Error - 7/17/2011 4:00:48 AM | Computer Name = DB6P4TH1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2446704).

Error - 7/18/2011 4:00:21 AM | Computer Name = DB6P4TH1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Family Update (KB959209) x86.

Error - 7/18/2011 4:00:26 AM | Computer Name = DB6P4TH1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2478658).

Error - 7/18/2011 4:00:37 AM | Computer Name = DB6P4TH1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2446704).

Error - 7/18/2011 9:37:38 AM | Computer Name = DB6P4TH1 | Source = Print | ID = 6161
Description = The document Search Engine Redirect Virus owned by Cantonbait failed
to print on printer Brother MFC-7440N Printer. Data type: NT EMF 1.008. Size of
the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in
the document: 0. Number of pages printed: 0. Client machine: \\DB6P4TH1. Win32
error code returned by the print processor: 259 (0x103).

Error - 7/18/2011 9:38:54 AM | Computer Name = DB6P4TH1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/18/2011 9:38:54 AM | Computer Name = DB6P4TH1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:01 PM

Posted 18 July 2011 - 01:49 PM

Hi!

That's great to hear! It appears that the redirects were occurring because of hijacked entries in your host file. I went ahead and reset them, so that seemed to take care of that.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    [2010/07/02 08:47:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    O4 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005..\Run: [Google Update] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1009\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1011\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O15 - HKU\S-1-5-21-2392542278-2638911165-3742051135-1005\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O33 - MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\Shell\AutoRun\command - "" = E:\autorun.exe
    O33 - MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\Shell\phone\command - "" = E:\autorun.exe
    O33 - MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\Shell - "" = AutoRun
    O33 - MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe /AUTORUN
    O33 - MountPoints2\D\Shell\configure\command - "" = D:\setup.exe
    O33 - MountPoints2\D\Shell\install\command - "" = D:\setup.exe
    [2011/06/20 15:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{6DF5EE67-523E-4EEA-B640-0045A3AF1BBC}
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4EA859B
    
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • Java™ 6 Update 20
  • Java™ 6 Update 7
  • Browser Address Error Redirector <== If you don't use it, then I suggest removing it.


NEXT:



Update Adobe Reader

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

An alternate to the Adobe Reader, you could try the free (for personal use) Foxit PDF Reader. The download file is smaller and when installed,
uses less resources than Adobe Reader. Note: Do not install anything dealing with AskBar... presented as an installation option.

If you'd still like to keep Adobe Reader, then please proceed with these instructions;

Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!



NEXT:



Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 18 July 2011 - 05:25 PM

1. OTL Log
2. Malwarebytes Log
3. ESETScan Log
4. Security Check Log


1. OTL Log

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1005\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1009\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1009\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1011\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1011\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1009\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2392542278-2638911165-3742051135-1011\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c4711a9-e8ae-11dd-88e6-00219b780f33}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a058dde5-d3aa-11dd-88cc-00219b780f33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a058dde5-d3aa-11dd-88cc-00219b780f33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a058dde5-d3aa-11dd-88cc-00219b780f33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a058dde5-d3aa-11dd-88cc-00219b780f33}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\setup.exe /AUTORUN not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\setup.exe not found.
C:\Documents and Settings\All Users\Application Data\{6DF5EE67-523E-4EEA-B640-0045A3AF1BBC} folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET72D.tmp deleted successfully.
C:\WINDOWS\System32\SET731.tmp deleted successfully.
C:\WINDOWS\System32\SET739.tmp deleted successfully.
C:\WINDOWS\002801_.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E4EA859B deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Cantonbait\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Cantonbait\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 2746617 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Cantonbait
->Temp folder emptied: 489181714 bytes
->Temporary Internet Files folder emptied: 95212824 bytes
->Java cache emptied: 72334 bytes
->FireFox cache emptied: 84249207 bytes
->Flash cache emptied: 2725 bytes

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 2324 bytes
->Temporary Internet Files folder emptied: 66614 bytes
->Java cache emptied: 2788377 bytes
->FireFox cache emptied: 12439008 bytes
->Google Chrome cache emptied: 127164795 bytes
->Flash cache emptied: 2038180 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Matt
->Temp folder emptied: 149276 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 44496752 bytes
->FireFox cache emptied: 71476199 bytes
->Flash cache emptied: 5500 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: QBDataServiceUser17
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: QBDataServiceUser20
->Temp folder emptied: 6525952 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Ty
->Temp folder emptied: 1336 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 62596535 bytes
->FireFox cache emptied: 27295926 bytes
->Google Chrome cache emptied: 6425227 bytes
->Flash cache emptied: 9747 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2083119 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 535303829 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 102026 bytes
RecycleBin emptied: 745541622 bytes

Total Files Cleaned = 2,211.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Cantonbait
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Matt
->Flash cache emptied: 0 bytes

User: NetworkService

User: QBDataServiceUser17

User: QBDataServiceUser20
->Flash cache emptied: 0 bytes

User: Ty
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07182011_142435

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z1OQJ1QV\JHFB61CADOFXVICA7IGCOICAJICZQVCA31OLOPCAY6KMW7CAVX94Z0CA5H0UWACAVAV2A2CA98IGAJCA0HXD89CA3Q6I4JCAQ5FMWVCA4DVCDZCAXRVE09CA6LCM4ECAA6N8VXCAAQZR6QCAJ1AWN4CA9F50R3CA4MC7EHCAR5W8SD not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\XR6RBH8N\QN9LGDCAUPH972CA685MEECADQQZKZCAI0KG5JCA459U3KCAF6L4VSCA40KKNCCAU3Q1N9CA7PZ1A4CARZBWSMCAF78MSGCA819RHOCAYWRO6RCAM1AA95CA2QFCQMCACI4WHXCAT0COVZCAYC5JXYCASAWW7NCA4LSMCCCAVPCKHT not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\XR6RBH8N\V2P8NTCANJMXX1CAPZ4ZQUCAC7OJY6CAJHJPT1CAYY11W1CA7AH0OHCAH7GG5RCA1UWKOACAMXMTQBCA53YX3SCAPXJHKSCAI59CWKCA7KWW18CA0MVHDTCAAW78B3CAHEG6XPCAVMJND5CA358OGPCAL17Y0MCAV9U8CMCAVJ31ZK not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\XR6RBH8N\Z3HIZHCAWKH186CAQ21QQGCALT0I2NCARRDNVYCAVUBPYFCAV49OOHCAJT3LOCCACL49JDCA0O7KSRCAE5MRYRCAXIZTIICAUQD7E4CAONA7V9CAOPSWJYCA1YVVBRCAY321Q8CAB7MKAACAWNX2SZCAJPKVHZCA07P4IZCAGMUQH9 not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\data=LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,Q3NNUPjFNBkYUBSZbtR0VJz39nQ3hfXKWTEjODcmkiFi9f2ChkAWu9J2XN_sgSH1e349y82OnP8CmqWhOLptBCIDnHMInGF2N60BYgqoS7COQ-oEYg[1].gif not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\FCQN0YCAVGG3CXCARVS5EECAC8BZ9RCAYZ057OCA4NRI09CAX0FQVYCA8L2S5OCAJNXN69CAPA4AMSCAYQ3U27CA2KLU75CA2Y2280CANGJSB6CA2F2EDUCA4LFHPOCA89GWYNCAG2VD9MCA8ZDU2YCAWOAO27CAX3ISVYCA0IR2XR not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\KIRMI9CAMAMFJWCA13CWZLCA3F16MDCAI99UX2CAMXM8EBCAXJQKGLCAHCX3Z0CALGCZ43CA62IOYZCAU1758FCA9RBIQBCALIH1E5CA9N2LL8CATGTGZ6CAX15JDFCATCOG60CACY31YHCAMPWZW1CA37OCZ3CAA1LA2ACARZDZLW not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\M72BO7CA6NTNKBCAOXLKEECAU85TNICA35BL7QCAGXO16QCAZ17Z6HCALPWX3QCAIVECBXCA39BHC3CAAFZ7CBCAYKG8OSCAI318A1CA6N1TNQCAQG4VOKCA7MD00MCAMG0SJ5CAKRKKP7CAWE9NI6CA1NJJQRCAE4YL4ECA8ZIPLZ not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\MK0SLDCAM5MQOPCA5G98Z8CAWLCSOXCAKG3U8PCAIKZINGCAVQ2LTTCAGC0DAYCA70LMVQCAOHUSQ1CAARCOQUCAEOUM4PCAWHOW7SCA4ZG3C0CAAJ1AYZCAGCJUXKCAU7ZMD7CAVGDTVECANGS83FCAFZ86RQCAJPGMSQCA83BCSQ not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\QVRU39CAU26ZJVCA73DZ6VCA22N2WNCAQ9WHSTCA88FN5PCAM9NMXICAJSI5LKCADCZWP0CA5KQTGRCAQ7AQ2PCAFY2OPJCAU28QZ4CAE9693SCA1WYMNNCABB9248CA6AHCW0CAIQHD4YCASDVF02CABH3YA0CAS2MFLLCATXEF06 not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\TDPTC0CA9S317LCADFMEU5CABBCGDACAD8XT37CA8ODD24CAEP7DPRCAS1LQUBCAF4VXO7CA2056EOCAD5QZSSCAGPSLJ5CAMK204BCA1CZD5RCA4E7MMVCATE7HVXCA5B66Y0CAF5CY7VCAC794Y7CAXP1TACCADXIFJ6CAJU9HE2 not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\X1HZ4WMZ\XFNLELCAE0N7W6CAHWIXQ3CAXP36P2CA7OXFHUCAI42INTCAMP181QCAZ3YD23CAM15LZICAO2FZHSCA33N70KCAP7MM5KCA2X1D7HCALDFEBBCAVG1163CA3WFSW2CASP695QCASX1AKQCA1XK4N4CAYSMU1OCAK37WY2CACHED4E not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\WE2IYR2I\1oleNy4ZU86-W2NiZUucgTNFgplm4,Q3NNUPjFNBkYUBSZbtR0VJz39nQ3hfXKWTEjODcmkiFi9f2ChkAWu9J2XN_sgSH1e349y82OnP8CmqWhOLptBCIDnHMInGF2N60BYgqoS7COQ-oEYg&callback=google.LU[1].featureMap not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\WE2IYR2I\B16OGPCARN8QGHCAPN81WKCA3E2WBBCATBN0R7CAI6FIJXCANMQCZOCAT109M0CAADK1H6CAOEJ0MNCADXH3QXCAOV0PQGCAUP8IFOCAZDI9YWCAPKD2FRCA0LA60ICANECE6MCA32IA5BCAUQ205ECARUZT0CCA752G0WCAVWHAP0 not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\WE2IYR2I\data=LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,ZSrjCgM1BtudJwTDq2EzzbLQCY2WMyi7-NaNMCjkuE-V8fC7XsKkwYoLTNi5NVjMjrYgKYsBnVqucNwy5E_dx6XW4gguy5sCxBNwRRX9O6h8hiKHtw[1].gif not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\WE2IYR2I\IP3L9JCAKFNQUECANDY1A6CA8088I9CAJLYTZWCATHZO73CAXW62NQCA6NRIMECAT1RFP2CA8KVYPHCA8SJQRQCAZUV19WCA84ENXUCA5W37ONCAV6P9JKCAHMXC2ZCASV91G5CAQ4SWC5CAK3TDRJCA5OXA58CA637UA4CASJO8K5 not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\WE2IYR2I\WNMKHUCALLOH1WCALM9DNFCATMIE4UCAF9EBVNCA84LTSPCAZIPMIWCA2F0MNZCAKPTIHBCAYDAVBXCADLO32PCANF4J71CAAGTYEACACPTE0ECAPX08WSCAKEE41MCA581J4PCAPJLVC6CA7AZ1W0CA8871CZCATLSVFKCAH006ZT not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOGYVJOV\4PH7YJCALXMUUACA6IM3V7CAMCPGGLCA02H5A0CABLXIZTCAZIYL0FCA1BDYMECAIJJZUQCAR45XWICAE9NA97CAIV5VOICAV8JTSACA8793OWCAJ4619MCA3CHF45CAVXC25RCA29B4MSCAYDANIRCA92TPKUCAYL7UPOCAGBTNCD not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOGYVJOV\799Z2RCAM9UV91CAQT6PA0CATDD34QCA20DRBMCAUJIYWGCA0FK5BDCA5A1KV8CAJUF80OCAYS9XUACAJE48NECAEFX6HYCA7541GUCAPGNFWTCACRJ19CCA8C5SLICAYAH8T7CA3PDONHCAYBKERHCAZOE41TCARFZ6H4CAXYWMUN not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOGYVJOV\90325MCAUYX2HECARFP2LXCA0UNM6VCA7MU496CAI0Y7G0CAUO022SCAP50X1VCAHEFCQKCAMQZD6VCAYBVGTLCAFVGRRUCANX54X7CAXP4D8BCATT4DRYCAH9BEQUCABQMUXPCAWS649VCA3JCPEZCASNWBSHCAPANHINCA8FWGHK not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOGYVJOV\A70WAXCA4BP325CAQ2FKJ2CATDE07SCACO7EGQCAEG567JCAUK40KMCAJ1CDOACAZCQZOQCA7PH2J3CAUGH1EOCAN7BOWYCAYTNJI6CAPA2OS5CA22QPG4CA47XSP2CAZ6YUGFCAIFVYXJCABH81JOCASYSVJSCAG3GAABCA1UFQUX not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOGYVJOV\DNZVL3CA44D7YTCA1FJ4I6CASPKYH5CA006BDLCAU9RV1YCA8GVTZ1CAWXDDUJCA8VY3UMCASB2MMOCA84ZQXWCA8PHSB6CAPW6NRSCADXA0CICAXNDBEFCAKW5DO7CAUVT1F4CAKPX3SDCAPG15PTCAYARDXHCAJ6320ICA2BWJEP not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOGYVJOV\G76KV4CAD8U62WCAJL3YA8CATZ425XCAR81AK7CAZSMOYCCAPI4VZ4CAP96D3TCAUY927ECAUH1ACFCAL5MX2ICAEN7V8ACAAA8PP2CA2SOI8JCA6LNI4GCABDL2BKCAYLGMBTCA6C0LWRCANY23OOCAUP2AWBCALQTKK0CAJEIT3S not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOGYVJOV\GN46A7CAI11KTQCA0CS2XTCATNGMNQCAT6TRL6CA3K8LEZCAXZYQTLCALQER17CA8ZK85LCAB1H45XCAP7I5K0CAO0EQI3CAX4AHPCCALXLQX2CAHAYIAHCAX3YCSMCA7ZX92PCAMWLGAGCAVJ0B1HCAWZ1CQQCAQP4J7JCAEDY7DF not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\R8CWN4M1\1oleNy4ZU86-W2NiZUucgTNFgplm4,ZSrjCgM1BtudJwTDq2EzzbLQCY2WMyi7-NaNMCjkuE-V8fC7XsKkwYoLTNi5NVjMjrYgKYsBnVqucNwy5E_dx6XW4gguy5sCxBNwRRX9O6h8hiKHtw&callback=google.LU[1].featureMap not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\R8CWN4M1\2C69Z8CAKRMLMLCADKQK80CATPQF8VCA9DGAF2CA3LSLWGCAPMXWPVCA0O4BQACASAYRB5CA0NELU4CAKNEQFWCAJ7JVWECA7QGRFECADDNOZECADE7F0QCAJFGIZRCACXLYRYCAIYUEEMCA9UYTK9CA4EDZDOCADHJ4VRCATQCTOG not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\R8CWN4M1\9FTRD3CA8GVEONCA15O2PPCAUCNU60CA09FFIICADKYWIDCAHJMCJ9CA1GCUATCA8N03HVCAKLN6V3CAKSG51CCAQ6W3IVCA30WCTCCAJVX9R6CA42XIWLCA6IIT5HCAPV58SYCACTYJ8ICAKKUVB9CAUM1RY5CAMHMD73CAXROT2K not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\R8CWN4M1\9VR0QQCARDLUMVCA89EP3HCAW90YS5CARQR2LNCACY2IHICA1UBCJDCA2TQO4SCAUEBF1SCAGUX3XYCAUNJTJGCAZO3QCJCALSG85UCADBG3T0CALU39LTCABOXSEUCASFQXFPCAI16W66CAZVQ7Q5CAJENNXRCA6UCT3HCAH0LMC8 not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\R8CWN4M1\HS5TCACA9SBDQQCA49SICFCAO3Y2FQCAJ1D8KICAUQWAXTCAOH6AA6CAQTM9BCCABBY1JNCAW6TBT6CAG661VMCABZBDT4CAVNFYKECAAJSPLLCANCLZ7GCA1TUYQWCADYP1SZCANORLK4CAOJDKYCCAP4ES4HCAC8QK2LCAZAFIUC not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\R8CWN4M1\UVQ0T8CAQ9FJJLCAT7TUMTCABYIPMECAL5B55CCAWS8BYCCA0DM1EXCAM5YFDQCABH1IVRCAH2QPKLCAMOF9N7CA0DGSQNCAAM0DCTCA9UFUARCAPJ3GC0CAZHCMLMCAU360P8CAZWEHPNCAXFTYYGCAARMYYICAG0X0K3CA0L0UGJ not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\R8CWN4M1\W0SR7ACAK13T1UCA4Z2SPHCA0KB9X3CA7M5DF0CA58DTDXCAJSJZN6CA3UCF29CAEDBK2OCAC9TND3CAYVSBT8CABN51HKCAQPP5GKCA4BPFP1CAQK7LDYCAUB6XJMCALWK986CAGOZ4GWCA1GO5GRCAQIZIX4CA2W683KCAUIOLM4 not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\E6T9TQ0L\4IZNXXCAQUS1OCCAG5KS9JCA3G08E9CA9NG5D9CAWW1VO8CAYRAUSBCAC7PN5DCALFCAZJCAT50IIQCA6NST5RCAENTDTTCA5NK3LOCARPSCZYCA3Q3GZRCAB0NATYCALQMP2ZCAK5C83MCAJQMIX2CAXP72WNCAVKVZKZCA069WMT not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\E6T9TQ0L\EDMTP7CAZAXMCLCA96TXJDCAN0ZYQACAVCNT59CA80Z9XUCA9MA6FVCAGHDEE9CADI926YCAXTZDKCCAY7N4W8CAXPFC1RCA1B80Z0CAIVTOXCCA0BP576CAT7DEOZCATWK1F1CA2CPURVCAL3V15PCAGDKLPACAX5XT6MCAB22L0I not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\E6T9TQ0L\F6COPBCAAL5DXCCAEYD7VECAEG2YR3CA5MZEEZCAAFJ2R3CAQQRJWYCABP4X0NCAU9TNXYCABWN56KCA3K0BZXCALZ3XSUCA09K6MGCA1MBMIWCA3G1JP9CAMYJ5R3CAIU0UB7CA9F5TZLCA7HVV09CADJ7LCXCA0CROS2CA95QZ7U not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\E6T9TQ0L\I3BO6VCAB3VV44CAJ8VPCYCAW8EAQRCAWADEZQCA39ALXGCAQERO86CAWKZ9Z2CALPTVP5CA45LQR7CAVYJXS3CA8S6K5ICA6BL5OACA78M30OCAP9EXWXCAMIRKJ6CAO3IRLRCASQP5S0CAWF46MRCA21MUVSCALYIUAFCA6Q67FQ not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\3E3SO0B6\39E85ZCALQI1FYCA53P9DGCAI1CKFDCAYR3PYWCA9WBLY4CADEIEK7CAHQZYSICACT23NACAOB0AUBCAWGKUYBCAHB88WCCAV8MDO1CAJ7S79ECAT0J1PGCA2PW8AACAZXT9K4CAI140J0CAHYBOI7CAI68CMHCA02C76VCAZ3QOPR not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\3E3SO0B6\4XQKYZCAR7FW18CANAN69JCA8U7CMCCATIW09ZCA6IMHZ1CAVY7887CA9OASK8CA32E3K1CAOL5RAUCAT49FIDCAJD4T7LCA3EATLHCAZWOQU7CABN66QECAI8UI32CAA9LT7LCA0912O5CAPVUUF5CA6PCEJ6CAD9ET1TCAEGLSKD not found!
File\Folder C:\Documents and Settings\Cantonbait\Local Settings\Temp\Temporary Internet Files\Content.IE5\3E3SO0B6\R05C0TCA03PNFRCAFHN4VBCAZOPO06CAMA0A0SCALU9HSGCA0R9WBLCA9ZH7ZRCAJKWO4BCAZI3WA8CAQ2NTYPCACBVA7PCAW7AAS2CAGK8ESFCAOP9PH0CAWJCK46CAM7POMICASDGRKCCAAJEHUMCAH5IOJ6CAZM6TAMCA4IHCJO not found!
C:\Documents and Settings\Cantonbait\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\QBDataServiceUser20\Local Settings\Temp\sqla0007.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_13c8.dat not found!

Registry entries deleted on Reboot...









2. Malwarebytes Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7193

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

7/18/2011 3:26:23 PM
mbam-log-2011-07-18 (15-26-23).txt

Scan type: Quick scan
Objects scanned: 237651
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








3. ESETScan Log

C:\Documents and Settings\Cantonbait\Application Data\AVG\Rescue\PC Tuneup 2011\110224083351687.rsc multiple threats
C:\_OTM\MovedFiles\07182011_083853\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan







4. Security Check Log

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java™ 6 Update 26
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:01 PM

Posted 19 July 2011 - 03:21 PM

Hi!

Your logs seem to indicate that your System Restore is disabled.

Lets enable that now.

Enable System Restore
It's never a good idea to disable System Restore especially when we are attempting to get your computer cleaned. Lets go ahead and enable your system restore now.

Please carry out the following:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn On System Restore.
  • Click Apply, and then click OK.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Cantonbait\Application Data\AVG\Rescue\PC Tuneup 2011\110224083351687.rsc
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Quick Scan button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 19 July 2011 - 04:38 PM

I went to properties and "Turn off System Restore" was unchecked, so I left it as is.

Having no visible issues since completing the first set of instructions.

1. OTL processes killed
2. OTL Logfile




1. OTL processes killed


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Cantonbait\Application Data\AVG\Rescue\PC Tuneup 2011\110224083351687.rsc moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Cantonbait\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Cantonbait\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Cantonbait
->Temp folder emptied: 1435960 bytes
->Temporary Internet Files folder emptied: 3524120 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78512909 bytes
->Flash cache emptied: 36613 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: QBDataServiceUser17
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: QBDataServiceUser20
->Temp folder emptied: 44749824 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ty
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23597 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 927956 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 18204278 bytes

Total Files Cleaned = 141.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Cantonbait
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Matt
->Flash cache emptied: 0 bytes

User: NetworkService

User: QBDataServiceUser17

User: QBDataServiceUser20
->Flash cache emptied: 0 bytes

User: Ty
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07192011_161217

Files\Folders moved on Reboot...
C:\Documents and Settings\Cantonbait\Local Settings\Temp\WCESLog.log moved successfully.
C:\Documents and Settings\QBDataServiceUser20\Local Settings\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dll moved successfully.
File\Folder C:\Documents and Settings\QBDataServiceUser20\Local Settings\Temp\sqla0003.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_224.dat moved successfully.

Registry entries deleted on Reboot...









2. OTL Logfile

OTL logfile created on: 7/19/2011 4:22:06 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cantonbait\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 69.27% Memory free
5.08 Gb Paging File | 3.99 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.62 Gb Total Space | 181.17 Gb Free Space | 77.88% Space Free | Partition Type: NTFS
Drive G: | 1.96 Gb Total Space | 1.94 Gb Free Space | 98.90% Space Free | Partition Type: FAT

Computer Name: DB6P4TH1 | User Name: Cantonbait | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 08:47:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
PRC - [2011/07/04 11:26:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/15 23:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/02 18:02:08 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/05 13:12:12 | 000,853,808 | ---- | M] (Core Technologies Consulting, LLC) -- C:\Program Files\ActiveBooks\ActiveBooksServer.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/15 04:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 04:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/05 07:26:44 | 000,262,144 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe
PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/04/05 07:10:28 | 001,149,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2009/03/23 18:41:06 | 000,603,488 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 10:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2007/12/03 10:03:54 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/10/09 08:09:06 | 000,100,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/09/13 11:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
PRC - [2002/07/18 11:58:46 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\Palm\HOTSYNC.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/18 08:47:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/03/23 18:39:56 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/12/03 09:59:50 | 000,045,056 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\lgscroll.dll
MOD - [2007/06/28 15:21:28 | 000,102,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/05 13:12:14 | 000,332,592 | ---- | M] (Core Technologies Consulting, LLC) [On_Demand | Stopped] -- C:\Program Files\ActiveBooks\ActiveBooksAgent.exe -- (ActiveBooks Agent)
SRV - [2011/05/05 13:12:12 | 000,853,808 | ---- | M] (Core Technologies Consulting, LLC) [Auto | Running] -- C:\Program Files\ActiveBooks\ActiveBooksServer.exe -- (ActiveBooks Server)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/15 04:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/05/04 09:05:05 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/03 10:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006/09/13 11:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/11 04:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/19 22:19:54 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/02/18 18:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/10/31 06:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/10 19:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/10/09 08:09:02 | 000,032,280 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/10/09 08:09:00 | 000,032,152 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/24 19:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/23 18:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/23 03:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/04/14 15:52:54 | 000,020,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV - [2000/07/24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081206
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.mfbank.com/index.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Cantonbait\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/11 17:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 09:02:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 14:44:59 | 000,000,000 | ---D | M]

[2009/02/09 10:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Extensions
[2011/07/08 14:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions
[2010/07/27 13:50:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 13:50:00 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2009/09/10 15:35:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/05/20 10:37:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\moveplayer@movenetworks.com
[2011/05/20 09:45:38 | 000,000,000 | ---D | M] (Techinline Remote Desktop Expert) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\RemoteDesktopExpert@techinline.com
[2011/06/23 10:18:39 | 000,000,000 | ---D | M] (SortPlaces) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\sortplaces@andyhalford.com
[2010/07/27 13:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/07/27 13:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Application Data\Mozilla\Firefox\Profiles\lconrha6.default\searchplugins\MySpace.xml
[2011/07/18 15:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/18 15:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/11 17:44:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/07/18 15:12:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 23:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/18 15:12:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/19 16:12:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Database Server Manager.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Cantonbait\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\a5res - No CLSID value found
O18 - Protocol\Handler\a5res\CLSID - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\XBasic - No CLSID value found
O18 - Protocol\Handler\XBasic\CLSID - No CLSID value found
O18 - Protocol\Handler\XBasic\OLEScript - No CLSID value found
O18 - Protocol\Handler\XBasicV10 - No CLSID value found
O18 - Protocol\Handler\XBasicV10\CLSID - No CLSID value found
O18 - Protocol\Handler\XBasicV10\OLEScript - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 14:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symbol
[2011/07/18 15:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/18 15:28:34 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Cantonbait\Desktop\esetsmartinstaller_enu.exe
[2011/07/18 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/18 14:38:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/18 14:24:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/18 08:47:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
[2011/07/18 08:38:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/18 08:26:01 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe
[2011/07/12 08:56:50 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Cantonbait\Desktop\dds.scr
[2011/07/12 08:48:35 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cantonbait\Desktop\tdsk.exe
[2011/07/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Desktop\McComb Bait Shop
[2011/07/11 15:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\My Documents\Anti-Malware
[2011/07/07 16:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Desktop\Mike
[2011/07/06 14:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Desktop\NEW CUSTOMER PRINTOUTS
[2011/06/27 11:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ActiveBooks
[2011/06/27 11:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\ActiveBooks
[2011/06/24 09:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/24 08:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/23 15:22:53 | 000,000,000 | ---D | C] -- C:\Quickreports
[2011/06/22 09:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\My Documents\QReportBuilderData
[2011/06/22 09:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alpha Software
[2011/06/22 09:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cantonbait\Application Data\Alpha Software
[2011/06/22 09:25:33 | 001,757,184 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\xerces-com.dll
[2011/06/22 09:25:33 | 000,527,624 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\ipwssl6.dll
[2011/06/22 09:25:33 | 000,466,944 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\ibizqb3.dll
[2011/06/22 09:25:24 | 016,520,552 | ---- | C] (FLEXquarters.com Limited) -- C:\WINDOWS\System32\fqqb_qrb.dll
[2011/06/22 09:25:22 | 000,882,128 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSDW3BO.OCX
[2011/06/22 09:25:22 | 000,098,304 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssr2c.dll
[2011/06/22 09:25:22 | 000,072,192 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssprn32.dll
[2011/06/22 09:25:22 | 000,071,016 | ---- | C] (Flexquarters.com, LLC) -- C:\WINDOWS\System32\FQQBVSAV.exe
[2011/06/22 09:25:22 | 000,061,440 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssmedt32.dll
[2011/06/22 09:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QODBC Driver for QuickBooks
[2011/06/22 09:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\QODBC Driver for QuickBooks
[2011/06/22 09:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\QReportBuilderV10
[2011/06/20 15:27:05 | 000,000,000 | ---D | C] -- C:\Atmosphere Solutions

========== Files - Modified Within 30 Days ==========

[2011/07/19 16:17:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/19 16:14:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/19 16:14:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/19 16:14:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 16:14:09 | 3477,712,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/19 16:12:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/19 16:10:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1005UA.job
[2011/07/19 16:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/19 16:02:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-501UA.job
[2011/07/19 15:51:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1006UA.job
[2011/07/19 15:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Local Copies.job
[2011/07/19 15:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Admin.job
[2011/07/19 14:51:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1006Core.job
[2011/07/19 14:51:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\QuickReportsCCEmail_Canton Wholesale Bait Admin.job
[2011/07/19 14:10:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-1005Core.job
[2011/07/19 10:23:07 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD2140.DAT
[2011/07/19 09:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2392542278-2638911165-3742051135-501Core.job
[2011/07/19 08:00:48 | 122,766,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/18 18:00:10 | 000,000,732 | ---- | M] () -- C:\WINDOWS\tasks\Daily Backup.job
[2011/07/18 17:17:35 | 000,879,223 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\SecurityCheck.exe
[2011/07/18 15:28:48 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Cantonbait\Desktop\esetsmartinstaller_enu.exe
[2011/07/18 15:17:07 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/18 08:47:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTL.exe
[2011/07/18 08:42:39 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\RKUnhookerLE.EXE
[2011/07/18 08:26:01 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe
[2011/07/16 13:36:17 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe.htm
[2011/07/14 13:06:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/13 08:57:14 | 000,000,823 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2011/07/13 08:42:47 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 03:00:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 14:22:20 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pub
[2011/07/12 14:09:41 | 000,106,318 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pdf
[2011/07/12 08:56:53 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Cantonbait\Desktop\dds.scr
[2011/07/12 08:56:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\defogger_reenable
[2011/07/12 08:54:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\Defogger.exe
[2011/07/11 16:58:00 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cantonbait\Desktop\tdsk.exe
[2011/07/11 09:02:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/08 10:22:07 | 000,074,657 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\TriRegistration.pdf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/03 18:00:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\REG00055
[2011/06/28 13:32:19 | 000,010,167 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\transactions-20110628-1232186.iif
[2011/06/28 03:07:01 | 000,527,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/28 03:07:01 | 000,095,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/27 11:06:53 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Cantonbait\Desktop\ActiveBooks.lnk
[2011/06/22 09:25:33 | 000,000,772 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/06/22 09:25:22 | 000,004,339 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/21 18:00:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\REG00054
[2011/06/19 18:00:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cantonbait\REG00053

========== Files Created - No Company Name ==========

[2011/07/18 17:17:37 | 000,879,223 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\SecurityCheck.exe
[2011/07/18 14:44:59 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/18 08:42:40 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\RKUnhookerLE.EXE
[2011/07/16 13:36:17 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\OTM.exe.htm
[2011/07/12 14:09:40 | 000,106,318 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pdf
[2011/07/12 11:49:22 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\Goodson Family.pub
[2011/07/12 09:02:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\gmer.exe
[2011/07/12 08:56:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\defogger_reenable
[2011/07/12 08:54:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\Defogger.exe
[2011/07/11 09:02:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/11 09:02:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/08 10:22:07 | 000,074,657 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\TriRegistration.pdf
[2011/07/03 18:00:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\REG00055
[2011/06/28 13:32:21 | 000,010,167 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\transactions-20110628-1232186.iif
[2011/06/27 11:06:53 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Desktop\ActiveBooks.lnk
[2011/06/23 15:23:33 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Local Copies.job
[2011/06/23 14:49:56 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\QuickReportsCCEmail_Canton Wholesale Bait Admin.job
[2011/06/22 09:25:33 | 000,803,424 | ---- | C] () -- C:\WINDOWS\System32\sqlcrypt3.dll
[2011/06/22 09:25:33 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\c4dll.dll
[2011/06/22 09:25:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2011/06/21 18:00:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\REG00054
[2011/06/20 15:52:09 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\QuickReports_Canton Wholesale Bait Admin.job
[2011/06/19 18:00:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cantonbait\REG00053
[2011/05/31 12:01:21 | 000,001,507 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2011/04/21 17:33:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BarCode.ini
[2011/02/16 01:39:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/02/05 17:06:33 | 000,000,357 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/11/09 11:10:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 16:01:07 | 000,067,879 | ---- | C] () -- C:\WINDOWS\IIF Transaction Creator Uninstaller.exe
[2010/07/21 14:31:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/07/16 14:37:31 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/06/23 10:16:46 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/11 18:32:36 | 001,073,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/11 11:38:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/03 17:45:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/02/03 17:44:20 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\bd2040.dat
[2010/02/03 14:18:38 | 000,000,823 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/03 14:18:38 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/02/03 14:18:38 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7440n.dat
[2010/02/03 14:16:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/02/03 14:16:43 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/02/03 14:16:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/02/03 14:16:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/02/03 13:23:20 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/11/05 17:41:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/10/27 12:05:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Application Data\$_hpcst$.hpc
[2009/10/19 12:33:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/17 13:19:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/23 18:40:06 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/03/03 11:59:40 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2009/03/03 11:59:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2009/02/09 10:01:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/30 10:19:35 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/09 11:05:55 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2009/01/07 18:43:23 | 000,000,157 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/01/07 18:43:08 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2009/01/07 18:43:08 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/01/07 18:43:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2009/01/07 17:01:52 | 000,000,334 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/12/30 11:18:52 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Cantonbait\Local Settings\Application Data\fusioncache.dat
[2008/12/29 17:36:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adminsvc.INI
[2008/12/29 17:36:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\absdatasvc.INI
[2008/12/29 17:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\applogic.INI
[2008/12/29 17:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tracklogic.INI
[2008/12/29 17:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\revservice.INI
[2008/12/29 14:41:11 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/29 13:18:30 | 000,000,772 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/29 13:12:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2008/12/29 13:12:19 | 000,000,087 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/29 13:12:18 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/12/06 16:12:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/06 16:07:12 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/06 15:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/12/06 15:45:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/12/06 15:44:27 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/28 05:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 03:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,339 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,527,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,095,916 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/14 15:52:54 | 000,020,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/06/22 09:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alpha Software
[2010/12/27 11:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/19 22:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/05/04 09:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/27 11:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/04/11 08:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/18 18:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/09/08 13:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGSoft
[2011/06/22 09:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QODBC Driver for QuickBooks
[2010/03/31 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/20 13:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/28 08:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/02/11 11:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/09/20 14:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/21 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEC-IT
[2011/02/27 19:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/22 09:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Alpha Software
[2010/11/10 15:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Avery
[2011/02/24 12:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\AVG
[2010/12/27 11:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\AVG10
[2008/12/29 14:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/12 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Downloaded Installations
[2011/06/01 11:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\FMZilla
[2010/06/23 10:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\GetRightToGo
[2008/12/24 15:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\MSNInstaller
[2010/03/04 10:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\ntr
[2010/02/18 18:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Nuance
[2010/08/18 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\PC-FAX TX
[2009/11/05 17:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\PrimoPDF
[2010/07/12 11:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\public policies
[2010/02/10 12:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\ScanSoft
[2010/03/03 15:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Softland
[2009/08/28 08:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Sony
[2010/07/12 08:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Structured Solutions
[2011/05/23 19:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\TeamViewer
[2010/08/03 16:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Windows Desktop Search
[2010/08/03 16:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Windows Search
[2010/07/09 13:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cantonbait\Application Data\Z-Firm LLC
[2011/07/18 18:00:10 | 000,000,732 | ---- | M] () -- C:\WINDOWS\Tasks\Daily Backup.job
[2011/07/19 14:51:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\QuickReportsCCEmail_Canton Wholesale Bait Admin.job
[2011/07/19 15:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\QuickReports_Canton Wholesale Bait Admin.job
[2011/07/19 15:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\QuickReports_Canton Wholesale Bait Local Copies.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 23:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 23:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 23:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 23:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 23:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 23:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Ty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2010/06/28 21:27:23 | 000,945,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Ty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2010/06/28 21:27:23 | 000,945,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Ty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2010/06/28 21:27:23 | 000,945,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Ty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2010/06/28 21:27:23 | 000,945,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-19 08:00:26

< End of report >

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:01 PM

Posted 19 July 2011 - 04:53 PM

Hi!

Okay.

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: C:\WINDOWS\System32\fqqb_qrb.dll
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please repeat the above process for the following file below:

C:\WINDOWS\System32\FQQBVSAV.exe

Please post the results in your next reply

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 20 July 2011 - 11:12 AM

1. C:\WINDOWS\System32\fqqb_qrb.dll
2. C:\WINDOWS\System32\FQQBVSAV.exe




1. C:\WINDOWS\System32\fqqb_qrb.dll


Antivirus results
AhnLab-V3 - 2011.07.20.06 - 2011.07.20 - -
AntiVir - 7.11.12.15 - 2011.07.20 - -
Antiy-AVL - 2.0.3.7 - 2011.07.20 - -
Avast - 4.8.1351.0 - 2011.07.20 - -
Avast5 - 5.0.677.0 - 2011.07.20 - -
AVG - 10.0.0.1190 - 2011.07.20 - -
BitDefender - 7.2 - 2011.07.20 - -
CAT-QuickHeal - 11.00 - 2011.07.20 - -
ClamAV - 0.97.0.0 - 2011.07.20 - -
Commtouch - 5.3.2.6 - 2011.07.20 - -
Comodo - 9448 - 2011.07.20 - -
DrWeb - 5.0.2.03300 - 2011.07.20 - -
Emsisoft - 5.1.0.8 - 2011.07.20 - -
eSafe - 7.0.17.0 - 2011.07.20 - -
eTrust-Vet - 36.1.8454 - 2011.07.20 - -
F-Prot - 4.6.2.117 - 2011.07.20 - -
F-Secure - 9.0.16440.0 - 2011.07.20 - -
Fortinet - 4.2.257.0 - 2011.07.20 - -
GData - 22 - 2011.07.20 - -
Ikarus - T3.1.1.104.0 - 2011.07.20 - -
Jiangmin - 13.0.900 - 2011.07.20 - -
K7AntiVirus - 9.108.4924 - 2011.07.19 - -
Kaspersky - 9.0.0.837 - 2011.07.20 - -
McAfee - 5.400.0.1158 - 2011.07.20 - -
McAfee-GW-Edition - 2010.1D - 2011.07.20 - -
Microsoft - 1.7000 - 2011.07.20 - -
NOD32 - 6311 - 2011.07.20 - -
Norman - 6.07.10 - 2011.07.20 - -
nProtect - 2011-07-20.01 - 2011.07.20 - -
Panda - 10.0.3.5 - 2011.07.20 - -
PCTools - 8.0.0.5 - 2011.07.20 - -
Prevx - 3.0 - 2011.07.20 - -
Rising - 23.67.02.03 - 2011.07.20 - -
Sophos - 4.67.0 - 2011.07.20 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.07.20 - -
Symantec - 20111.1.0.186 - 2011.07.20 - -
TheHacker - 6.7.0.1.257 - 2011.07.18 - -
TrendMicro - 9.200.0.1012 - 2011.07.20 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.07.20 - -
VBA32 - 3.12.16.4 - 2011.07.20 - -
VIPRE - 9904 - 2011.07.19 - -
ViRobot - 2011.7.20.4579 - 2011.07.20 - -
VirusBuster - 14.0.132.0 - 2011.07.20 - -
File info:
MD5: 1f54ad3220a4237c15f869fa7232e789
SHA1: 3a373496c751a469c90af27ec34f29ddcfd4920c
SHA256: cbaacba4a99330e4b2050bebe4c6b7a6385c28e14c03be880cf755188e6249b0
File size: 16520552 bytes
Scan date: 2011-07-20 15:54:52 (UTC)





2. C:\WINDOWS\System32\FQQBVSAV.exe

Antivirus results
AhnLab-V3 - 2011.07.20.06 - 2011.07.20 - -
AntiVir - 7.11.12.15 - 2011.07.20 - -
Antiy-AVL - 2.0.3.7 - 2011.07.20 - -
Avast - 4.8.1351.0 - 2011.07.20 - -
Avast5 - 5.0.677.0 - 2011.07.20 - -
AVG - 10.0.0.1190 - 2011.07.20 - -
BitDefender - 7.2 - 2011.07.20 - -
CAT-QuickHeal - 11.00 - 2011.07.20 - -
ClamAV - 0.97.0.0 - 2011.07.20 - -
Commtouch - 5.3.2.6 - 2011.07.20 - -
Comodo - 9448 - 2011.07.20 - -
DrWeb - 5.0.2.03300 - 2011.07.20 - -
Emsisoft - 5.1.0.8 - 2011.07.20 - -
eSafe - 7.0.17.0 - 2011.07.20 - -
eTrust-Vet - 36.1.8454 - 2011.07.20 - -
F-Prot - 4.6.2.117 - 2011.07.20 - -
F-Secure - 9.0.16440.0 - 2011.07.20 - -
Fortinet - 4.2.257.0 - 2011.07.20 - -
GData - 22 - 2011.07.20 - -
Ikarus - T3.1.1.104.0 - 2011.07.20 - -
Jiangmin - 13.0.900 - 2011.07.20 - -
K7AntiVirus - 9.108.4924 - 2011.07.19 - -
Kaspersky - 9.0.0.837 - 2011.07.20 - -
McAfee - 5.400.0.1158 - 2011.07.20 - -
McAfee-GW-Edition - 2010.1D - 2011.07.20 - -
Microsoft - 1.7000 - 2011.07.20 - -
NOD32 - 6311 - 2011.07.20 - -
Norman - 6.07.10 - 2011.07.20 - -
nProtect - 2011-07-20.01 - 2011.07.20 - -
Panda - 10.0.3.5 - 2011.07.20 - -
PCTools - 8.0.0.5 - 2011.07.20 - -
Prevx - 3.0 - 2011.07.20 - -
Rising - 23.67.02.03 - 2011.07.20 - -
Sophos - 4.67.0 - 2011.07.20 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.07.20 - -
Symantec - 20111.1.0.186 - 2011.07.20 - -
TheHacker - 6.7.0.1.257 - 2011.07.18 - -
TrendMicro - 9.200.0.1012 - 2011.07.20 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.07.20 - -
VBA32 - 3.12.16.4 - 2011.07.20 - -
VIPRE - 9904 - 2011.07.19 - -
ViRobot - 2011.7.20.4579 - 2011.07.20 - -
VirusBuster - 14.0.132.0 - 2011.07.20 - -
File info:
MD5: 288f0f2f42ed8331742b0c0ebf4bf34c
SHA1: 897071eb33d59bd4775fc847e09039f69dee674e
SHA256: d40b2e3281184bcfe6020c462e1d339fe56a4a5551692322dbd91dbe29d51da4
File size: 71016 bytes
Scan date: 2011-07-20 15:50:14 (UTC)

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:01 PM

Posted 20 July 2011 - 09:42 PM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 July 2011 - 03:11 PM

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_081942




THANKS!!!

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:01 PM

Posted 22 July 2011 - 05:34 PM

You're more than welcome! I'm glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care!

Kindest Regards,
SweetTech.

____________________________________________________

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users