Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File Recovery infection, disabled MSE and Firefox redirects


  • This topic is locked This topic is locked
12 replies to this topic

#1 enpdllp

enpdllp

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 15 July 2012 - 08:05 AM

A few days ago I was working on an Excel spreadsheet while watching a You Tube video on Firefox and suddenly the spread sheet closed without a warning and the YT video also closed without a warning. The next thing I am seeing on my monitor is a diagnostic repair program screen sort of emulating a hard drive scan (File Recovery infection). I did not click into the prompt to buy the hard drive repair software, but I shut down my computer.

After restarting I noticed that all my icons from my desktop disappeared, no programs were showing up on the programs list and the files from my hard drive were not showing up on on My Documents. I did some search on the web and found your website and was able to fix the disappeared icons and programs list with the Unhide.exe file.

After fixing that, I noticed that the Microsoft Essentials icon on my task bar was red and when I clicked it, I got a "Couldn't start the security essentials service. error code 0x80070424" message. I installed Malwarebytes Anti Malware and ran a full scan and fixed the displayed malware items. After the MWBAM scan, I restarted my computer and tried to open MSE but it still gave me the same error message. I uninstalled and reinstalled MSE and the computer seemed to work as normal.

Now when I do a search on Google with Firefox (Version 13.0.1) and click on one of the links displayed, it redirects me to another site. I do not have that issue with Internet Explorer (Version 8.0.6001.18702), but I rarely use IE because it runs extremely slow on my computer compared to Firefox. I am also getting random audio advertisements. It appears that there is still some malware on my computer that is not being detected by MBAM or MSE.

Any help you could provide me to fix this issue will be very appreciated.

Edited by enpdllp, 15 July 2012 - 10:30 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 16 July 2012 - 10:19 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 enpdllp

enpdllp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 17 July 2012 - 05:27 PM

RPMcMurphy:

I was able to download both OTL and aswMBR.exe but was only able to run OTL. The aswMBR executable does not open.

After running OTL, I got a Warning screen stating “Security Shield has been installed successfully!” and when I tried to close it it started emulating a hard drive scan from a program called Security Shield. I also started getting random audio ads. My MSE icon on the taskbar has turned red again and when I checked the firewall via the control Panel it gives me a "Due to an unidentified problem, Windows cannot display Windows Firewall settings" message when I click on it. Firefox has become very unstable and is crashing often. IE sometimes redirects the link to this thread. It appears that the virus has taken steroids.

Below are the contents of the OTL.Txt and Extras.Txt files generated by OTL.

OTL logfile created on: 7/17/2012 5:35:35 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\José Fuentes\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 75.61% Memory free
4.84 Gb Paging File | 3.79 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 82.05 Gb Free Space | 56.86% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 343.85 Gb Free Space | 73.83% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive L: | 931.48 Gb Total Space | 253.84 Gb Free Space | 27.25% Space Free | Partition Type: NTFS
Drive M: | 1397.26 Gb Total Space | 726.59 Gb Free Space | 52.00% Space Free | Partition Type: NTFS

Computer Name: DG65R581 | User Name: José Fuentes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 17:15:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\José Fuentes\Desktop\OTL.exe
PRC - [2012/07/09 19:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/17 10:48:44 | 000,996,856 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
PRC - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/25 05:11:18 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/01 12:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/12 14:20:05 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 12:52:38 | 001,893,880 | ---- | M] (Verizon) -- C:\Program Files\verizon\Servicepoint\VerizonServicepoint.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/05/23 13:20:28 | 000,050,744 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe
PRC - [2005/05/20 10:11:52 | 000,357,944 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
PRC - [2005/05/11 12:05:10 | 000,108,088 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
PRC - [2005/04/25 09:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2002/09/30 03:29:48 | 008,826,932 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (No Company Name) ==========

MOD - [2012/07/17 14:15:02 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/17 14:15:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/14 18:03:40 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/14 18:03:39 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/06/13 03:55:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 03:54:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 03:46:41 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:45:35 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 03:38:48 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 07:40:23 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/12 07:34:49 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 07:34:14 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 04:14:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 03:43:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 03:42:11 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/01 12:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 12:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 12:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 12:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/05/23 13:18:38 | 000,053,248 | ---- | M] () -- C:\Program Files\Verizon Online\Help Support\PlugIns\vzHSTPlugIn.vzp
MOD - [2003/07/29 17:39:54 | 000,217,088 | ---- | M] () -- C:\WINDOWS\system32\FinePointLib\WrSetupUtils.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/12 13:13:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/20 00:44:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ov550i.sys -- (APL531)
DRV - [2012/07/17 17:29:21 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{473C6691-20BB-4EDB-8013-12808E1D7613}\MpKslb99cdaa1.sys -- (MpKslb99cdaa1)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/15 03:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/31 20:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/11/02 16:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/10 04:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2002/11/08 20:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc841.mail.yahoo.com/mc/welcome?.partner=vz-acs&.gx=1&.tm=1327695089&.rand=4ol7ud26j7fuh
IE - HKCU\..\SearchScopes,DefaultScope = {EC8D9326-D978-4FE0-8E5C-6A590C005E8E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{2F92DE06-1AE9-4982-B1EA-FF630A5B0820}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{A205E646-EAB6-4996-AE52-B28F32313CBA}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{EC8D9326-D978-4FE0-8E5C-6A590C005E8E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.mc841.mail.yahoo.com/mc/welcome?.partner=vz-acs&.gx=1&.tm=1327695089&.rand=4ol7ud26j7fuh"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.2
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/25 05:13:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 00:44:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 20:44:44 | 000,000,000 | ---D | M]

[2008/12/05 13:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Extensions
[2012/07/16 17:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\extensions
[2012/02/01 09:42:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/16 17:19:29 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/27 19:45:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/30 16:09:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007/10/06 00:19:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2007/11/23 10:19:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)
[2007/05/06 01:20:47 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Application Data\Mozilla\Firefox\Profiles\zcjcquoi.default\searchplugins\siteadvisor.xml
[2012/07/14 03:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/14 03:04:29 | 000,000,000 | ---D | M] (internetspooler) -- C:\Program Files\Mozilla Firefox\extensions\{6668bd9d-6c37-6eec-8a92-8566d86f51b7}
[2012/07/14 03:04:15 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{ac88fbbf-1a8e-847c-7741-ffbf855dd2f2}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
[2012/06/20 00:44:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 00:45:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 01:19:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 01:19:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (advertzilla) - {4a2c8ead-c669-ac8a-23dc-9f7eab8a3e4f} - C:\WINDOWS\system32\6ea687b8.dll ()
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [A Verizon App] C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe (Verizon Internet Solutions)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\José Fuentes\Start Menu\Programs\Startup\Seagate NA0LTTQE Product Registration.lnk = C:\Documents and Settings\José Fuentes\Application Data\Leadertech\PowerRegister\Seagate NA0LTTQE Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\José Fuentes\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\José Fuentes\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170106490438 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAA4463C-66BE-4396-BB71-81E7A06DD844}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\José Fuentes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\José Fuentes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 17:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/07/01 13:07:08 | 000,000,032 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - M:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{71f33a69-1ff6-11de-8472-00123f736249}\Shell - "" = AutoRun
O33 - MountPoints2\{71f33a69-1ff6-11de-8472-00123f736249}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71f33a69-1ff6-11de-8472-00123f736249}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (ጙ憠ԯ)
O34 - HKLM BootExecute: (ೠÊ鴰፱)
O34 - HKLM BootExecute: (ss)
O34 - HKLM BootExecute: (ԡℬጬ)
O34 - HKLM BootExecute: (ᴘጔƷ₠ጬ)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\José Fuentes\Application Data\iolo\)
O34 - HKLM BootExecute: (at)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 17:23:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\José Fuentes\Desktop\aswMBR.exe
[2012/07/17 17:15:39 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\José Fuentes\Desktop\OTL.exe
[2012/07/17 17:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/17 01:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/07/16 07:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/07/15 09:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\José Fuentes\Start Menu\Programs\Simple Port Forwarding
[2012/07/15 09:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Simple Port Forwarding
[2012/07/15 09:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Simple Port Forwarding
[2012/07/14 18:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\José Fuentes\Application Data\SUPERAntiSpyware.com
[2012/07/14 18:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/14 18:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/14 18:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/12 22:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\José Fuentes\My Documents\Dell 942
[2012/07/11 05:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\José Fuentes\Application Data\Malwarebytes
[2012/07/11 05:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/11 05:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/11 05:28:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/11 05:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/10 05:06:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\José Fuentes\Recent
[2012/07/09 15:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\FixItCenter
[2012/07/09 15:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/09 15:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/09 15:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/07/09 15:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/07/09 15:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\PCHealth
[2012/07/08 08:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/06/20 14:18:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012/06/20 14:18:20 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 17:41:08 | 000,294,581 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2012/07/17 17:41:01 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2012/07/17 17:40:52 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\mdhcp32.dll
[2012/07/17 17:40:43 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\ppgiuyea.exe
[2012/07/17 17:26:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\José Fuentes\Desktop\aswMBR.exe
[2012/07/17 17:15:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\José Fuentes\Desktop\OTL.exe
[2012/07/17 17:12:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/17 17:09:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/17 17:07:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/17 16:33:48 | 000,000,047 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2012/07/17 15:56:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/07/17 14:14:37 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-788602838-3626990649-2724999368-1005.job
[2012/07/17 14:14:35 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/07/17 14:14:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/17 01:48:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/17 01:36:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-788602838-3626990649-2724999368-1005.job
[2012/07/16 01:35:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2012/07/15 09:24:32 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Desktop\Simple Port Forwarding.lnk
[2012/07/14 18:00:51 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/14 15:14:29 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 03:36:56 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Application Data\mbam.context.scan
[2012/07/14 03:04:18 | 000,075,106 | ---- | M] () -- C:\WINDOWS\System32\520df8f6.exe
[2012/07/14 03:04:12 | 001,646,592 | ---- | M] () -- C:\WINDOWS\System32\6ea687b8.dll
[2012/07/12 22:37:43 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/07/12 22:30:23 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\José Fuentes\usb001
[2012/07/12 13:13:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 13:13:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 09:04:04 | 000,001,531 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Desktop\Freecell.lnk
[2012/07/10 15:36:45 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 05:14:58 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-EMIl1HXZcwd0isr
[2012/07/10 05:14:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-EMIl1HXZcwd0is
[2012/07/10 05:14:38 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\EMIl1HXZcwd0is
[2012/07/09 15:49:31 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/07/05 23:41:34 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/05 01:39:10 | 000,001,359 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Start Menu\Programs\Startup\Seagate NA0LTTQE Product Registration.lnk
[2012/07/04 17:32:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2012/07/03 18:38:41 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/24 00:58:15 | 000,000,775 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012/06/22 14:12:46 | 754,499,584 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Chistes 2008 Part 1.pst
[2012/06/22 14:12:46 | 665,337,856 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Inbox.pst
[2012/06/19 15:31:37 | 474,251,264 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Chistes 2008 Part 2.pst
[2012/06/19 15:31:36 | 717,382,656 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Chistes 2008 Pt 1.pst
[2012/06/19 15:31:36 | 683,475,968 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Chistes 2008 Pt 2.pst
[2012/06/19 15:31:36 | 546,095,104 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Chistes 2003-2005.pst
[2012/06/19 15:31:36 | 479,888,384 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Chistes 2007 Pt 2.pst
[2012/06/19 15:31:36 | 370,130,944 | ---- | M] () -- C:\Documents and Settings\José Fuentes\My Documents\Chistes 2006 Pt 1.pst
[2012/06/18 15:45:20 | 000,000,016 | ---- | M] () -- C:\NewProcess crash
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 17:40:59 | 000,232,960 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\U\00000008.@
[2012/07/17 17:40:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\U\80000000.@
[2012/07/17 17:40:56 | 000,002,048 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\U\00000004.@
[2012/07/17 17:40:56 | 000,001,632 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\U\000000cb.@
[2012/07/17 17:18:37 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/17 17:18:29 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/07/17 17:08:38 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/17 01:34:08 | 000,095,744 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\U\80000032.@
[2012/07/15 09:24:32 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Desktop\Simple Port Forwarding.lnk
[2012/07/15 03:47:56 | 000,294,018 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2012/07/14 18:00:51 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/14 03:36:56 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\mbam.context.scan
[2012/07/14 03:04:18 | 000,075,106 | ---- | C] () -- C:\WINDOWS\System32\520df8f6.exe
[2012/07/14 03:04:12 | 001,646,592 | ---- | C] () -- C:\WINDOWS\System32\6ea687b8.dll
[2012/07/12 22:30:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\José Fuentes\usb001
[2012/07/11 05:28:48 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/10 07:36:14 | 000,002,579 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/07/10 07:36:14 | 000,002,531 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/07/10 07:36:14 | 000,002,529 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2012/07/10 07:36:14 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/07/10 07:36:14 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/07/10 07:36:14 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/07/10 07:36:14 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/07/10 07:36:14 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk
[2012/07/10 07:36:14 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/10 07:36:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2012/07/10 07:36:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/07/10 07:36:14 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/07/10 07:36:14 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2012/07/10 07:36:14 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Cruel.lnk
[2012/07/10 07:36:14 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/10 07:36:14 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/07/10 07:36:14 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/07/10 07:36:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/07/10 07:36:14 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/07/10 07:36:14 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/07/10 07:36:14 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/07/10 07:36:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/07/10 07:36:12 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/07/10 07:36:12 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/07/10 07:36:12 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/07/10 04:58:53 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-EMIl1HXZcwd0isr
[2012/07/10 04:58:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-EMIl1HXZcwd0is
[2012/07/10 04:58:47 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EMIl1HXZcwd0is
[2012/07/09 15:56:52 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/07/09 15:56:52 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/07/09 15:49:31 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/07/08 05:53:39 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\L\00000004.@
[2012/04/27 14:08:15 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupmui.dll
[2012/04/27 14:08:14 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuusb1.dll
[2012/04/27 14:08:14 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm.dll
[2012/04/27 14:08:14 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomm.dll
[2012/04/27 14:08:14 | 000,386,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuih.exe
[2012/04/27 14:08:14 | 000,382,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucfg.exe
[2012/04/27 14:08:14 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupplc.dll
[2012/04/27 14:08:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2012/04/27 14:08:13 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuserv.dll
[2012/04/27 14:08:13 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomc.dll
[2012/04/27 14:08:13 | 000,538,096 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucoms.exe
[2012/04/27 14:08:13 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuprox.dll
[2012/04/27 14:08:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2012/04/27 14:08:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2012/04/27 14:08:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2012/04/27 14:08:00 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2012/02/15 23:47:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/07 00:54:42 | 000,031,632 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/29 17:47:36 | 000,000,047 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2012/01/27 21:38:57 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/01/27 14:27:20 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/03 15:44:38 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\José Fuentes\GoToAssistDownloadHelper.exe
[2007/02/10 12:05:12 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/20 23:59:11 | 000,217,600 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/20 17:22:00 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\FASTWiz.html
[2005/08/19 21:03:28 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\fusioncache.dat
[2004/08/19 16:49:43 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\@
[2004/08/19 16:49:43 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}\@

< End of report >
OTL Extras logfile created on: 7/17/2012 5:35:35 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\José Fuentes\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 75.61% Memory free
4.84 Gb Paging File | 3.79 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 82.05 Gb Free Space | 56.86% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 343.85 Gb Free Space | 73.83% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive L: | 931.48 Gb Total Space | 253.84 Gb Free Space | 27.25% Space Free | Partition Type: NTFS
Drive M: | 1397.26 Gb Total Space | 726.59 Gb Free Space | 52.00% Space Free | Partition Type: NTFS

Computer Name: DG65R581 | User Name: José Fuentes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com -- (PcWinTech.com)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com -- (PcWinTech.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{25EF00D0-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{92F36672-245D-11D5-AC74-00105A0CF83E}" = Juno
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B00EBEC1-D693-4B4D-93BD-610EDBA9B0DF}" = G21942EN
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C50755E6-F563-4CEF-ADFE-5ED1C2EC1732}" = Verizon Internet Security Suite
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"520df8f6" = Contextual Tool Advertzil1a
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLVPlayer" = FLV Player 1.3.3
"Free Studio_is1" = Free Studio version 5.3.3
"Freedom{C50755E6-F563-4CEF-ADFE-5ED1C2EC1732}" = Verizon Internet Security Suite
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch" = Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
"Java Web Start" = Java Web Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MXOFX" = USB Storage Adapter FX (MXO)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOOK Study" = NOOK Study
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.22
"RealPlayer 15.0" = RealPlayer
"Simple Port Forwarding" = Simple Port Forwarding
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Verizon Quick Support" = Verizon Quick Support
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 2:56:12 AM | Computer Name = DG65R581 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/17/2012 3:01:19 AM | Computer Name = DG65R581 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 7/17/2012 5:08:21 PM | Computer Name = DG65R581 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 7/17/2012 5:13:42 PM | Computer Name = DG65R581 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 13.0.1.4548, faulting module
unknown, version 0.0.0.0, fault address 0x01012bfd.

Error - 7/17/2012 5:15:40 PM | Computer Name = DG65R581 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 13.0.1.4548, faulting module
unknown, version 0.0.0.0, fault address 0x01012bfd.

Error - 7/17/2012 5:20:36 PM | Computer Name = DG65R581 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 13.0.1.4548, faulting module
unknown, version 0.0.0.0, fault address 0x01012bfd.

Error - 7/17/2012 5:23:33 PM | Computer Name = DG65R581 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 13.0.1.4548, faulting module
unknown, version 0.0.0.0, fault address 0x01042bfd.

Error - 7/17/2012 5:34:17 PM | Computer Name = DG65R581 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 13.0.1.4548, faulting module
unknown, version 0.0.0.0, fault address 0x01012bfd.

Error - 7/17/2012 5:34:25 PM | Computer Name = DG65R581 | Source = Application Error | ID = 1001
Description = Fault bucket -1180749689.

Error - 7/17/2012 5:35:47 PM | Computer Name = DG65R581 | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 7/17/2012 5:09:29 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: DG65R581\José Fuentes Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 7/17/2012 5:09:29 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: DG65R581\José Fuentes Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 7/17/2012 5:09:38 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 7/17/2012 5:09:39 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 7/17/2012 5:09:39 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 7/17/2012 5:09:39 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 7/17/2012 5:09:39 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 7/17/2012 5:09:39 PM | Computer Name = DG65R581 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 7/17/2012 5:12:02 PM | Computer Name = DG65R581 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/17/2012 5:12:02 PM | Computer Name = DG65R581 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

Edited by enpdllp, 17 July 2012 - 05:53 PM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 17 July 2012 - 10:07 PM

Posted Image P2P - I see you have P2P software (BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until we are done.

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
    [2012/07/14 03:04:29 | 000,000,000 | ---D | M] (internetspooler) -- C:\Program Files\Mozilla Firefox\extensions\{6668bd9d-6c37-6eec-8a92-8566d86f51b7}
    [2012/07/14 03:04:15 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{ac88fbbf-1a8e-847c-7741-ffbf855dd2f2}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
    [2012/07/17 17:41:08 | 000,294,581 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
    [2012/07/17 17:41:01 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
    [2012/07/17 17:40:52 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\mdhcp32.dll
    [2012/07/17 17:40:43 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\ppgiuyea.exe
    [2012/07/14 03:04:18 | 000,075,106 | ---- | M] () -- C:\WINDOWS\System32\520df8f6.exe
    [2012/07/14 03:04:12 | 001,646,592 | ---- | M] () -- C:\WINDOWS\System32\6ea687b8.dll
    [2012/07/17 17:40:59 | 000,232,960 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}
    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 enpdllp

enpdllp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 17 July 2012 - 11:13 PM

RPMcMurphy:

I uninstalled BitTorrent as requested. Downloaded ComboFix to my desktop per your instructions, but was not able to disable MSE before running ComboFix. MSE is showing red on the taskbar (Real time protection: Off, Virus and spyware definitions: Out of date) and does not allow me to access the settings tab (It is disabled). If I click on the MSE "Start Now" button, it gives me a "Couldn't start the Security Essentials service The specified service does not exist as an installed service. Click Help for more information on this problem. Error code: 0x80070424" message. Should I uninstall MSE, try to run ComboFix under the current conditions, or do something else?

Now I am also getting a "Your request is prohibited because it would cause a cycle" message displayed on Firefox when it opens on my homepage. On IE, I am getting a "HTTP 400 Bad Request This webpage cannot be found" message displayed.

Below is the text from the OTL Fix log file:

All processes killed
Error: Unable to interpret <· :OTL> in the current context!
Error: Unable to interpret <· IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html> in the current context!
Error: Unable to interpret <· IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html> in the current context!
Error: Unable to interpret <· [2012/07/14 03:04:29 | 000,000,000 | ---D | M] (internetspooler) -- C:\Program Files\Mozilla Firefox\extensions\{6668bd9d-6c37-6eec-8a92-8566d86f51b7}> in the current context!
Error: Unable to interpret <· [2012/07/14 03:04:15 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{ac88fbbf-1a8e-847c-7741-ffbf855dd2f2}> in the current context!
Error: Unable to interpret <· File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}> in the current context!
Error: Unable to interpret <· File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}> in the current context!
Error: Unable to interpret <· File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}> in the current context!
Error: Unable to interpret <· O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.> in the current context!
Error: Unable to interpret <· O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.> in the current context!
Error: Unable to interpret <· [2012/07/17 17:41:08 | 000,294,581 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll> in the current context!
Error: Unable to interpret <· [2012/07/17 17:41:01 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat> in the current context!
Error: Unable to interpret <· [2012/07/17 17:40:52 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\mdhcp32.dll> in the current context!
Error: Unable to interpret <· [2012/07/17 17:40:43 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\ppgiuyea.exe> in the current context!
Error: Unable to interpret <· [2012/07/14 03:04:18 | 000,075,106 | ---- | M] () -- C:\WINDOWS\System32\520df8f6.exe> in the current context!
Error: Unable to interpret <· [2012/07/14 03:04:12 | 001,646,592 | ---- | M] () -- C:\WINDOWS\System32\6ea687b8.dll> in the current context!
Error: Unable to interpret <· [2012/07/17 17:40:59 | 000,232,960 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}> in the current context!
Error: Unable to interpret <· :Commands> in the current context!
Error: Unable to interpret <[EmptyTemp]> in the current context!

OTL by OldTimer - Version 3.2.54.0 log created on 07172012_232757

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by enpdllp, 18 July 2012 - 06:24 AM.


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 18 July 2012 - 05:16 PM

Something went wrong with that OTL script. Try it again, being careful to copy and paste the entire contents of the following box and nothing more or less into the custom scans/fixes box. Once it's done, reboot into the safe mode and run ComboFix. Ignore any message you get about your AV being active:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
[2012/07/14 03:04:29 | 000,000,000 | ---D | M] (internetspooler) -- C:\Program Files\Mozilla Firefox\extensions\{6668bd9d-6c37-6eec-8a92-8566d86f51b7}
[2012/07/14 03:04:15 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{ac88fbbf-1a8e-847c-7741-ffbf855dd2f2}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSé FUENTES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZCJCQUOI.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
[2012/07/17 17:41:08 | 000,294,581 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2012/07/17 17:41:01 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2012/07/17 17:40:52 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\mdhcp32.dll
[2012/07/17 17:40:43 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\José Fuentes\Local Settings\Application Data\ppgiuyea.exe
[2012/07/14 03:04:18 | 000,075,106 | ---- | M] () -- C:\WINDOWS\System32\520df8f6.exe
[2012/07/14 03:04:12 | 001,646,592 | ---- | M] () -- C:\WINDOWS\System32\6ea687b8.dll
[2012/07/17 17:40:59 | 000,232,960 | ---- | C] () -- C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39}
:Commands
[EmptyTemp]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, it will reboot when it is done and produce a log[/list]Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 enpdllp

enpdllp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 18 July 2012 - 06:16 PM

RPMcMurphy:

Ran OTL again. Restarted my computer in Safe Mode as requested to run ComboFix. After double clicking ComboFix, the black screen on ComboFix’s window showed a lot of items being extracted (Green text), and when the process ended the ComboFix screen closed without any output message. I was not able to open IE or Firefox when the computer was in Safe Mode, so I rebooted on normal mode to reply back.

I am still getting the random audio ads.

Below is the text from the OTL Fix log file:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
C:\Program Files\Mozilla Firefox\extensions\{6668bd9d-6c37-6eec-8a92-8566d86f51b7}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{6668bd9d-6c37-6eec-8a92-8566d86f51b7}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{6668bd9d-6c37-6eec-8a92-8566d86f51b7} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{ac88fbbf-1a8e-847c-7741-ffbf855dd2f2}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{ac88fbbf-1a8e-847c-7741-ffbf855dd2f2}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{ac88fbbf-1a8e-847c-7741-ffbf855dd2f2} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
C:\WINDOWS\system32\shimg.dll moved successfully.
C:\WINDOWS\system32\crt.dat moved successfully.
C:\WINDOWS\system32\mdhcp32.dll moved successfully.
C:\Documents and Settings\José Fuentes\Local Settings\Application Data\ppgiuyea.exe moved successfully.
C:\WINDOWS\system32\520df8f6.exe moved successfully.
C:\WINDOWS\system32\6ea687b8.dll moved successfully.
File C:\WINDOWS\Installer\{2e8bfebe-f5ab-cdc3-6a54-ed8401b36c39} not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26048 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: José Fuentes
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6300007 bytes
->Java cache emptied: 4253461 bytes
->FireFox cache emptied: 55279205 bytes
->Flash cache emptied: 8128105 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 229735434 bytes
->Flash cache emptied: 22493 bytes

User: NetworkService
->Temp folder emptied: 868968 bytes
->Temporary Internet Files folder emptied: 92749642 bytes
->Flash cache emptied: 10424 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 170343114 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2619777 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 544.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07182012_183204

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\emily[1].html moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\img[1].fetch not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\JavascriptSDKProxy[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\ro_x914[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\WatchPage_9C41B1A82F42F0145F36E22D8B9A3882[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\2482475[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\dppix[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\foresee-trigger[1].js moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\freq[1].html not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\frogger[1].txt not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\like[1].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\p-01-0VIaSjnOLg[1].gif not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\PortalServe[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\Pug[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\adaptvAdPlayer[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\buttons[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\classic-games[1].txt not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\custom-contact-forms[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\http%3A%2F%2Fwww.crackle[1].com%2Fc%2FFinal_Fantasy_The_Spirits_Within%2FFinal_Fantasy_The_Spirits_Within%2F2482475%2F%3Fcmpid%3D3024%26source%3Djm_1399-87- not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\quant[1].js not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\spiritswithin;parent=movies;rating=pg13;!c=pg13;genre=action;genre=animated;genre=scifi;tag=kraftlong;tag=kraftmovies;tile=4;sz=728x90;ord=1154632697[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\v=5%3Bm=3%3Bl=34620%3Bc=263715%3Bb=1544620%3Bts=20120718183254%3Bdct=;ord=1342650774[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\xd_arbiter[1].php moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JIACXIH6\google_service[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JIACXIH6\jquery.tools.min[1].js not found!

PendingFileRenameOperations files...
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\emily[1].html not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\img[1].fetch not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\JavascriptSDKProxy[1] not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\ro_x914[1].html not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH1GUGK6\WatchPage_9C41B1A82F42F0145F36E22D8B9A3882[1].css not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\2482475[1].txt not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\dppix[1].html not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\foresee-trigger[1].js not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\freq[1].html not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\frogger[1].txt not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\like[1].php not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\p-01-0VIaSjnOLg[1].gif not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\PortalServe[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWRHT0WZ\Pug[1].gif not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\adaptvAdPlayer[1].js not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\buttons[1].js not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\classic-games[1].txt not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\custom-contact-forms[1].js not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\http%3A%2F%2Fwww.crackle[1].com%2Fc%2FFinal_Fantasy_The_Spirits_Within%2FFinal_Fantasy_The_Spirits_Within%2F2482475%2F%3Fcmpid%3D3024%26source%3Djm_1399-87- not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\quant[1].js not found!
[2012/07/18 18:33:28 | 000,000,555 | ---- | M] () C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\spiritswithin;parent=movies;rating=pg13;!c=pg13;genre=action;genre=animated;genre=scifi;tag=kraftlong;tag=kraftmovies;tile=4;sz=728x90;ord=1154632697[1].htm : MD5=30CEFF68E5087BB89D9826CDF5978311
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\v=5%3Bm=3%3Bl=34620%3Bc=263715%3Bb=1544620%3Bts=20120718183254%3Bdct=;ord=1342650774[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JM0GV852\xd_arbiter[1].php not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JIACXIH6\google_service[1].js not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JIACXIH6\jquery.tools.min[1].js not found!

Registry entries deleted on Reboot...

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 18 July 2012 - 09:45 PM

Please boot back to the safe mode or safe mode with networking and try running ComboFix again. If it fails again, reboot and immediately run it again.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 enpdllp

enpdllp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 19 July 2012 - 03:02 AM

RPMcMurphy:

Clicked twice on the ComboFix icon on my desktop after rebooting my computer on Safe Mode With Network, and after a few minutes I got two beeps before each of the following messages:

Warning!!

ComboFix has detected the following real time scanner(s) to be active:

Antivirus: McAfee Anti-Virus and Spyware

Antivirus and intrusion prevention programs are known to interfere with ComboFix’s running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking ‘OK’.


Warning!!

antivirus: McAfee Anti-Virus and Spyware

The above real time scanner (s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.


I do not have McAfee on my computer so I hit the "OK" button on each of the preceding screens. ComboFix ran for a while, gave me a "ComboFix preparing to run" screen and "Attempting to create a new System Restore Point" screen but after a while I got a blue screen indicating a problem detected and Windows being shut to protect my computer and a "DRIVER_IRQL_NOT_LESS_OR_EQUAL" string followed by a physical memory dump.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 19 July 2012 - 04:39 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Double click on OTL to open it
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file.
Please include the following in your next post:
  • TDSSKiller log
  • OTL log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 enpdllp

enpdllp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 24 July 2012 - 08:59 PM

RPMcMurphy:

Thanks for all the help, but after my last post I got infected with the FBI virus and was not able to get into my computer and I had to reformat.

You can close this thread.

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 24 July 2012 - 09:01 PM

Sorry to hear that. Thanks for letting me know though.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 25 July 2012 - 10:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users