Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Google Redirect + TCP/IP Ping [Closed]


  • This topic is locked This topic is locked
17 replies to this topic

#1 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 December 2011 - 11:53 PM

I seem to be having similar problems to other users - the goole redirect virus (Find Fast Answers dot com!!!) plus a problem where a TCP/IP Ping Command stopped working dialog box pops up. I've checked the TCP/IP Ping from the command prompt and it's working fine, so I'm sure this is a virus of some sort.

As per forum guidelines I downloaded OTL and ran a scan. Results below.

Extras.Txt:

OTL Extras logfile created on: 12/28/2011 12:27:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Don\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.70 Gb Available Physical Memory | 61.79% Memory free
12.17 Gb Paging File | 9.61 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.68 Gb Total Space | 255.78 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.71 Gb Free Space | 38.04% Space Free | Partition Type: NTFS

Computer Name: DON-PC | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 17 B6 1F 51 B2 DE CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3231B6C1-BA04-4558-A290-4A671144FD8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{712BABDB-13E0-4BE6-943F-2516DD83D3C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073F0FC0-E8D7-47D3-A2B8-9385E058EEF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C7FDFAB-14D0-4E68-B450-8FE197580BEC}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{1083DC0A-ABCA-45A8-BDF1-0ECEC379C810}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{10E8DED2-5A77-4F1F-81B7-444866239358}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{11A2C700-7C05-4909-8052-31886B321F21}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{12ECD299-A78B-439A-AE2D-A20928D51B94}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{18D0BBFB-7DA8-432E-8E37-68BA025AC424}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{307B6AE3-1FBE-4A66-8FBA-1E3A5A75069B}" = protocol=17 | dir=in | app=c:\steam\steam.exe |
"{4507C8D7-7AA2-4405-B17F-0009B8989272}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\fallout tactics\bos.exe |
"{48E286F5-BB7F-4D74-8711-ED333E09834E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{6E73C00D-7C4F-4DC4-B603-C0268C72A106}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{6FAFA823-8E44-4130-928A-409AF28AE839}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\fallout 2\fallout2.exe |
"{785F118F-320F-496A-BFE2-B15811F9FDD8}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{79B42624-DB32-4629-9A6A-D8712FC8992D}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{7E5A4DE8-D6D2-4705-87D3-61D80BDC4207}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{8EB4D9B5-C878-4220-991A-1DF870989ECF}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{9B98485F-6DF6-4446-B0BA-B27AF608957A}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\fallout\falloutw.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{AEA7CCD8-28AF-4305-9200-C08DF68D5F4B}" = protocol=6 | dir=in | app=c:\steam\steam.exe |
"{B5C067E6-3F3E-457A-B59E-4917410F7EFE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{B662BA46-CCD6-44EE-B72A-2D040A8A503C}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\fallout\falloutw.exe |
"{C1CAA3D3-DDA4-45B7-B5AB-B9BB4DF47890}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{CB8D4C84-A766-4450-B25A-8E3BFDB39864}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\fallout tactics\bos.exe |
"{D17D69D8-DA88-4653-8BB5-0752BC105933}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D8B6B44C-0507-46DE-A3C7-CA4598544F89}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{E696488F-F98D-40FF-B201-E08B8E513F68}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\fallout 2\fallout2.exe |
"{E8202097-D943-4B5D-B4DD-162736E86208}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FCC11B69-A1EC-40BE-BEDE-E2F69C98A16C}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FBEDFFE-80F3-06BE-B004-9594C4E8E555}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0904ED3B-0FCD-A153-2F80-F7F5AB0329BA}" = Catalyst Control Center Graphics Previews Vista
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F090069-6450-9559-72BD-2437FF935EEC}" = CCC Help Swedish
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34386C65-FD55-CEBD-AF7F-5126751BAA98}" = Catalyst Control Center InstallProxy
"{3643D422-9AFF-81D6-252C-14A8A3AD88D3}" = CCC Help Korean
"{3889CA7B-A8FC-09CB-C6D4-B134A2336DD9}" = CCC Help Portuguese
"{394B918B-47B0-D281-6AB8-E58871B54C91}" = Catalyst Control Center Core Implementation
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B7E26A8-4B67-D878-3AE3-0079686C52B6}" = CCC Help Spanish
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{51B6CDCD-8802-B41A-61E4-FC6A65FF217B}" = CCC Help French
"{531DDC1D-6563-8796-764A-A9C4E83C23E0}" = CCC Help English
"{56F4CA69-B3BC-81E6-304A-E650F3BB93A8}" = Catalyst Control Center Graphics Previews Common
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{61D9B6B3-B72E-C642-F0B0-8659EADB4CAA}" = Skins
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6FB141D8-1543-6588-623A-7D95969CB330}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76D1AA2B-A434-4D63-BE2C-80286F23C223}" = Microsoft Interop Forms Redistributable Package 2.0a
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7C0AEF0E-BB23-5C44-4933-88F6AE1057D8}" = Catalyst Control Center Graphics Full New
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80052E79-4A36-69BA-F44F-882A2E321116}" = CCC Help German
"{87460EB7-E62D-C963-4DDB-D2146478F59F}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BD8412A-40FB-9114-A8AE-CFB94C24C078}" = CCC Help Norwegian
"{8C2522F0-8B10-139C-3379-3620EA6A254D}" = CCC Help Dutch
"{8FCE7358-DA6B-789A-44AB-E52256ACB330}" = CCC Help Chinese Traditional
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{958DF0E4-CC0D-BDD5-28D1-A1B961E48A85}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8E83877-671C-A1A3-F4D3-C3D74E5AE8B9}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ADB4809A-3857-F18D-153F-391EB1D37C59}" = Catalyst Control Center Graphics Full Existing
"{B354E49B-DBDC-442D-5615-BD07B3A0B932}" = Catalyst Control Center Graphics Light
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B787CD67-506B-4C9A-8A99-D2C4460D055F}" = Catalyst Control Center - Branding
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B96C8D6D-B0E5-CD7B-BC5D-739D5051E911}" = CCC Help Japanese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{CB72877A-D2BF-6F18-2D0A-52C4036E2DF6}" = CCC Help Russian
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D809E781-A654-3530-2B92-91FF959C507A}" = CCC Help Danish
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F31D838B-E7F3-1E70-F54F-B009CD9219EE}" = CCC Help Italian
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Baldur's Gate II_is1" = Baldur's Gate II
"Celtx (2.0.2)" = Celtx (2.0.2)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Galactic Civilizations II" = Galactic Civilizations II
"GalCiv II - Dark Avatar" = GalCiv II - Dark Avatar
"GalCiv II - Ultimate Edition" = GalCiv II - Ultimate Edition
"GameSpy Arcade" = GameSpy Arcade
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Impulse" = Impulse
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MSC" = McAfee SecurityCenter
"Pamela" = Pamela Pro 4.7
"Planescape Torment_is1" = Planescape Torment
"PureSim Baseball 2007v1.75 (FREE Version)" = PureSim Baseball 2007
"Steam App 38400" = Fallout
"Steam App 38410" = Fallout 2
"Steam App 38420" = Fallout Tactics
"The Ur-Quan Masters" = The Ur-Quan Masters 0.6.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2011 12:00:27 PM | Computer Name = Don-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/11/2011 12:01:22 PM | Computer Name = Don-PC | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, time stamp 0x4b97baf1,
faulting module mpsmisp.dll, version 13.0.286.0, time stamp 0x4d233ea7, exception
code 0x40000015, fault offset 0x000000000001d9e8, process id 0x1070, application
start time 0x01ccb81e0ce844cb.

Error - 12/11/2011 11:06:25 PM | Computer Name = Don-PC | Source = Application Error | ID = 1000
Description = Faulting application mcagent.exe, version 10.5.240.0, time stamp 0x4e09aa32,
faulting module mcupdshm.dll, version 10.5.177.0, time stamp 0x4bcccd5d, exception
code 0xc0000005, fault offset 0x00000000000086a4, process id 0xfec, application
start time 0x01ccb81dc346898b.

Error - 12/11/2011 11:53:34 PM | Computer Name = Don-PC | Source = Perflib | ID = 1023
Description =

Error - 12/11/2011 11:53:35 PM | Computer Name = Don-PC | Source = Perflib | ID = 1008
Description =

Error - 12/11/2011 11:53:35 PM | Computer Name = Don-PC | Source = Perflib | ID = 1023
Description =

Error - 12/13/2011 12:49:31 PM | Computer Name = Don-PC | Source = Perflib | ID = 1023
Description =

Error - 12/13/2011 12:49:31 PM | Computer Name = Don-PC | Source = Perflib | ID = 1008
Description =

Error - 12/13/2011 12:49:31 PM | Computer Name = Don-PC | Source = Perflib | ID = 1023
Description =

Error - 12/15/2011 2:43:50 AM | Computer Name = Don-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 12/27/2011 2:11:39 AM | Computer Name = Don-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/27/2011 2:11:39 AM | Computer Name = Don-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/27/2011 2:11:39 AM | Computer Name = Don-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/27/2011 2:11:39 AM | Computer Name = Don-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/27/2011 3:25:29 AM | Computer Name = Don-PC | Source = DCOM | ID = 10016
Description =

Error - 12/27/2011 3:25:29 AM | Computer Name = Don-PC | Source = DCOM | ID = 10016
Description =

Error - 12/27/2011 3:25:29 AM | Computer Name = Don-PC | Source = DCOM | ID = 10016
Description =

Error - 12/27/2011 5:20:39 AM | Computer Name = Don-PC | Source = DCOM | ID = 10016
Description =

Error - 12/27/2011 5:20:39 AM | Computer Name = Don-PC | Source = DCOM | ID = 10016
Description =

Error - 12/27/2011 12:25:20 PM | Computer Name = Don-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.66 for the Network Card with network
address 0022FBC00016 has been denied by the DHCP server 192.168.5.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

    Advertisements

Register to Remove


#2 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 December 2011 - 11:54 PM

OTL.Txt:

OTL logfile created on: 12/28/2011 12:27:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Don\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.70 Gb Available Physical Memory | 61.79% Memory free
12.17 Gb Paging File | 9.61 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.68 Gb Total Space | 255.78 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.71 Gb Free Space | 38.04% Space Free | Partition Type: NTFS

Computer Name: DON-PC | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Don\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Don\AppData\Local\tapiMapdll32\HandlerobjHelper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (SASDIFSV) -- C:\Users\Don\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Users\Don\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D6 E3 8A 0C B9 26 39 44 B5 A9 2B 57 37 34 85 1F [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Don\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Don\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2009/10/10 13:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\Mozilla\Extensions
[2009/10/10 13:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2009/10/10 13:06:19 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2009/10/10 13:06:21 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Don\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Don\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Don\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Don\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Entanglement = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111012132917.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012132917.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HandlerobjHelper] C:\Users\Don\AppData\Local\tapiMapdll32\HandlerobjHelper.dll ()
O4 - HKCU..\Run: [Stardock] C:\Users\Don\AppData\Local\DataSafeOnline\DataSafeOnlineUpdate\DataSafeOnlineupdt32.dll (Autodesk Inc.)
O4 - HKCU..\Run: [Steam] C:\STEAM\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94817593-74A8-481A-987B-EE348E02F746}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A27A0950-6B05-4217-920C-01893AB7E4DB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\x-mem1 - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Matrix Games\PureSim Baseball 2007\wowctl2.dll (EzTools Software)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{d159cc56-4b29-11e0-aabc-002219f27ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{d159cc56-4b29-11e0-aabc-002219f27ed2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 00:25:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
[2011/12/27 01:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/12/23 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\SWTOR
[2011/12/23 15:16:22 | 000,000,000 | ---D | C] -- C:\Users\Don\Documents\HeroBlade Logs
[2011/12/23 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/23 14:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/12/23 14:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/12/19 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\tapiMapdll32
[2011/12/18 01:22:32 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/17 01:59:46 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/15 01:44:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 01:44:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 01:44:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 01:44:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 01:44:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 01:44:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 01:44:40 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 01:44:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 01:44:39 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 01:44:39 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 01:44:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 22:23:21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 22:23:14 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 22:23:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[1 C:\Users\Don\Documents\*.tmp files -> C:\Users\Don\Documents\*.tmp -> ]
[1 C:\Users\Don\Desktop\*.tmp files -> C:\Users\Don\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 00:35:16 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2785736246-1828795547-2981138639-1000UA.job
[2011/12/28 00:35:07 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2785736246-1828795547-2981138639-1000Core.job
[2011/12/28 00:25:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/28 00:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/27 16:48:36 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/27 16:48:36 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/27 16:48:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/27 16:48:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/27 13:57:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/27 13:57:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/27 13:25:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 13:25:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 13:14:04 | 000,192,865 | ---- | M] () -- C:\Users\Don\Documents\Master of Stones - Full.fdx
[2011/12/27 12:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/27 12:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/27 11:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/27 11:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/27 03:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/27 03:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/27 02:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/27 02:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/27 01:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/27 01:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/27 01:15:04 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/27 01:15:04 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/27 01:15:04 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/27 01:08:23 | 2142,130,175 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 00:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/27 00:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/26 23:36:41 | 000,088,064 | ---- | M] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/24 13:27:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\4ScS50I.dat
[2011/12/24 13:25:53 | 000,029,184 | ---- | M] () -- C:\Windows\SysWow64\ew6Yy3.com
[2011/12/23 14:48:28 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/18 23:03:30 | 000,154,374 | ---- | M] () -- C:\Users\Don\Documents\Master of Stones - Full.pdf
[2011/12/17 22:58:51 | 000,002,556 | -HS- | M] () -- C:\Users\Don\AppData\Local\rljpre3t3lkp4gxq3pvr3x844p3r
[2011/12/17 22:58:51 | 000,002,556 | -HS- | M] () -- C:\ProgramData\rljpre3t3lkp4gxq3pvr3x844p3r
[2011/12/15 11:39:17 | 000,272,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 22:37:29 | 000,002,034 | ---- | M] () -- C:\Users\Don\Desktop\Google Chrome.lnk
[2011/12/13 22:37:29 | 000,001,996 | ---- | M] () -- C:\Users\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/06 13:32:37 | 000,105,381 | ---- | M] () -- C:\Users\Don\Documents\Cookie Police.pdf
[2011/12/06 13:32:32 | 000,063,920 | ---- | M] () -- C:\Users\Don\Documents\Cookie Police.fdx
[2011/12/02 12:13:16 | 000,049,411 | ---- | M] () -- C:\Users\Don\Documents\Trailer - Shack and Exterior bits.pdf
[2011/12/02 12:12:38 | 000,051,150 | ---- | M] () -- C:\Users\Don\Documents\Trailer - Shack and Exterior bits.fdx
[2011/12/02 11:32:52 | 000,100,943 | ---- | M] () -- C:\Users\Don\Documents\Trailer - Apartment bits.pdf
[2011/12/02 11:30:48 | 000,055,800 | ---- | M] () -- C:\Users\Don\Documents\Trailer - Apartment bits.fdx
[2011/12/01 15:05:37 | 000,049,097 | ---- | M] () -- C:\Users\Don\Documents\Audition Scene 2 - Rick, Johnny, and Emerald.fdx
[2 C:\Users\Don\Documents\*.tmp files -> C:\Users\Don\Documents\*.tmp -> ]
[1 C:\Users\Don\Desktop\*.tmp files -> C:\Users\Don\Desktop\*.tmp -> ]

end pt 1...

#3 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 December 2011 - 11:56 PM

OTL.Txt, pt. 2
========== Files Created - No Company Name ==========

[2011/12/24 13:27:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\4ScS50I.dat
[2011/12/24 13:27:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/24 13:27:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/24 13:27:01 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/24 13:27:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/24 13:26:59 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/24 13:26:58 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/24 13:26:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/24 13:26:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/24 13:26:54 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/24 13:26:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/24 13:26:52 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/24 13:26:47 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/24 13:26:45 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/24 13:26:45 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/24 13:26:44 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/24 13:26:43 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/24 13:26:42 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/24 13:26:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/24 13:26:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/24 13:26:38 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/24 13:26:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/24 13:26:35 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/24 13:26:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/24 13:26:33 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/24 13:26:32 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/24 13:26:30 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/24 13:26:29 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/24 13:26:28 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/24 13:26:27 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/24 13:26:26 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/24 13:26:24 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/24 13:26:23 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/24 13:26:22 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/24 13:26:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/24 13:26:20 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/24 13:26:19 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/24 13:26:18 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/24 13:26:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/24 13:26:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/24 13:26:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/24 13:26:13 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/24 13:26:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/24 13:26:10 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/24 13:26:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/24 13:26:08 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/24 13:26:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/24 13:26:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/24 13:26:03 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\ew6Yy3.com
[2011/12/24 13:26:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/23 14:48:27 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/17 20:20:43 | 000,002,556 | -HS- | C] () -- C:\Users\Don\AppData\Local\rljpre3t3lkp4gxq3pvr3x844p3r
[2011/12/17 20:20:43 | 000,002,556 | -HS- | C] () -- C:\ProgramData\rljpre3t3lkp4gxq3pvr3x844p3r
[2011/12/11 12:40:13 | 000,154,374 | ---- | C] () -- C:\Users\Don\Documents\Master of Stones - Full.pdf
[2011/12/06 13:32:36 | 000,105,381 | ---- | C] () -- C:\Users\Don\Documents\Cookie Police.pdf
[2011/12/06 13:29:09 | 000,063,920 | ---- | C] () -- C:\Users\Don\Documents\Cookie Police.fdx
[2011/12/02 12:13:15 | 000,049,411 | ---- | C] () -- C:\Users\Don\Documents\Trailer - Shack and Exterior bits.pdf
[2011/12/02 12:12:38 | 000,051,150 | ---- | C] () -- C:\Users\Don\Documents\Trailer - Shack and Exterior bits.fdx
[2011/12/02 11:32:51 | 000,100,943 | ---- | C] () -- C:\Users\Don\Documents\Trailer - Apartment bits.pdf
[2011/12/02 11:30:47 | 000,055,800 | ---- | C] () -- C:\Users\Don\Documents\Trailer - Apartment bits.fdx
[2011/07/26 17:18:49 | 000,000,465 | -HS- | C] () -- C:\ProgramData\xwizards32.dll
[2011/02/12 00:09:13 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/12 00:09:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/16 14:04:26 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2010/08/02 12:30:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/14 12:09:48 | 000,000,680 | ---- | C] () -- C:\Users\Don\AppData\Local\d3d9caps.dat
[2009/12/03 17:32:33 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 17:31:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 17:31:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/08 16:34:38 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2009/11/08 16:32:58 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2009/09/20 11:18:52 | 000,088,064 | ---- | C] () -- C:\Users\Don\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 01:20:44 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/08/26 00:38:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/24 22:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/08/16 14:03:44 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Final Draft
[2009/10/10 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Greyfirst
[2011/06/28 00:16:03 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Pamela
[2009/09/10 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Stardock
[2010/01/26 19:32:04 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\uqm
[2011/12/27 00:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/12/27 00:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/12/27 11:25:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/12/27 11:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/12/27 11:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/12/27 12:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/12/27 12:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/12/27 13:57:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/12/27 13:57:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/12/27 16:48:36 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/12/27 01:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/27 16:48:36 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/12/27 16:48:36 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/12/27 16:48:36 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/12/27 01:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/12/28 00:22:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/12/28 00:22:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/12/27 02:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/12/27 02:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/12/27 03:58:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/12/27 03:58:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/27 11:25:14 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/12/27 01:06:55 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

#4 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 December 2011 - 11:56 PM

OTL.Txt pt.3:

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/08/26 03:21:46 | 000,005,154 | RH-- | M] () -- C:\dell.sdr
[2011/12/27 01:08:23 | 2142,130,175 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 01:08:20 | 2455,744,511 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/04/17 23:24:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/04 22:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/10/11 11:06:28 | 000,000,286 | -HS- | M] () -- C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/28 00:25:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
[1 C:\Users\Don\Desktop\*.tmp files -> C:\Users\Don\Desktop\*.tmp -> ]

#5 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 December 2011 - 11:59 PM

OTL.Txt pt. 4: Note: I can't add any more from the file, whenever I attempt to add the reply I get an "Internet Explorer cannot display the webpage" message. If there's data in the rest of the file that you need please let me know.

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 December 2011 - 03:20 AM

:welcome:

I removed your other post, just so you know that our helpers look for threads with Zero replies to work logs and by replying to your own thread you removed yourself from that category.


Your infected with the Zero Access Rootkit



Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image




Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 28 December 2011 - 11:39 AM

Thank you for helping! Okay, here are my results. First, I am unable to complete a scan using aswMBR. 1) Attempting to run it in Windows normally results in a blue screen crash (whether run as admin or double clicked, verified 3x) 2) Attempting to run it in Safe Mode results in partial success, but program fails to initialize a driver and is unable to progress beyond the point indicated below I'm attaching the log of the progress I was able to make: aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software Run date: 2011-12-28 11:39:53 ----------------------------- 11:39:53.919 OS Version: Windows x64 6.0.6002 Service Pack 2 11:39:53.919 Number of processors: 2 586 0x170A 11:39:53.919 ComputerName: DON-PC UserName: Don 11:39:57.601 Initialze error C0000061 - driver not loaded 11:40:01.235 AVAST engine defs: 11122800 11:40:04.870 Service scanning 11:40:07.226 Modules scanning 11:40:07.226 Disk 0 trace - called modules: 11:40:07.226 11:40:10.549 AVAST engine scan C:\Windows 11:40:15.166 AVAST engine scan C:\Windows\system32 11:40:27.865 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk] 11:42:06.332 AVAST engine scan C:\Windows\system32\drivers 11:42:19.451 AVAST engine scan C:\Users\Don 11:42:20.419 File: C:\Users\Don\AppData\Local\DataSafeOnline\DataSafeOnlineUpdate\DataSafeOnlineupdt32.dll **INFECTED** Win32:Malware-gen 11:45:30.255 The log file has been saved successfully to "C:\Users\Don\Desktop\aswMBR.txt" The program stops progressing at the same point (verified 3x): Scanning: C:\Users\Don\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbdef4c14... (it goes off the screen at this point) For this log, it was scanning this file for 5 minutes before I finally gave up and just told it to save the log and quit. The DDS scan, however, worked fine. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Don at 12:27:18 on 2011-12-28 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6138.4103 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Users\Don\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer provided by Dell mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012132917.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Steam] "C:\STEAM\Steam.exe" -silent uRun: [Google Update] "C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [HandlerobjHelper] rundll32.exe "C:\Users\Don\AppData\Local\tapiMapdll32\HandlerobjHelper.dll",SmartPathdrm AgereMouseCtrl uRun: [Stardock] rundll32.exe C:\Users\Don\AppData\Local\DataSafeOnline\DataSafeOnlineUpdate\DataSafeOnlineupdt32.dll,DllRegisterServer mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey StartupFolder: C:\Users\Don\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Don\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.5.1 TCP: Interfaces\{94817593-74A8-481A-987B-EE348E02F746} : DhcpNameServer = 192.168.15.1 TCP: Interfaces\{A27A0950-6B05-4217-920C-01893AB7E4DB} : DhcpNameServer = 192.168.5.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Matrix Games\PureSim Baseball 2007\wowctl2.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012132917.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 SASDIFSV;SASDIFSV;C:\Users\Don\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Users\Don\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2011-7-12 12368] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-14 355440] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-14 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-14 200056] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-14 245352] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-8-26 636144] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?] R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-14 355440] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-24 1153368] S2 WerSvc32;Windows Error Reporting Service ;C:\Windows\system32\cnvfat32.exe --> C:\Windows\system32\cnvfat32.exe [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-12-24 18:26:03 29184 ----a-w- C:\Windows\SysWow64\ew6Yy3.com 2011-12-23 20:16:24 -------- d-----w- C:\Users\Don\AppData\Local\SWTOR 2011-12-23 19:01:40 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare 2011-12-19 19:28:58 -------- d-----w- C:\Users\Don\AppData\Local\tapiMapdll32 2011-12-18 06:22:32 -------- d-----w- C:\Users\Don\AppData\Roaming\SUPERAntiSpyware.com 2011-12-17 06:59:46 -------- d-----we C:\Windows\system64 2011-12-15 03:23:21 85504 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-15 03:23:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-15 03:23:18 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-15 03:23:14 559616 ----a-w- C:\Windows\System32\EncDec.dll 2011-12-15 03:23:14 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-15 03:23:13 2764800 ----a-w- C:\Windows\System32\win32k.sys 2011-12-15 03:23:12 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2011-12-15 03:23:12 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 12:27:49.15 =============== DDS attach file is attached in compressed folder.

Attached Files



#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 December 2011 - 11:45 AM

Hi,

Your doing just fine and I have seen enough from what you just posted to confirm that Zero Access is the problem, lets do this.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 28 December 2011 - 12:27 PM

ComboFix ran successfully. Log below: ComboFix 11-12-28.03 - Don 12/28/2011 13:03:17.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6138.4225 [GMT -5:00] Running from: c:\users\Don\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Don\AppData\Local\DataSafeOnline\DataSafeOnlineUpdate\DataSafeOnlineupdt32.dll c:\users\Don\AppData\Local\tapiMapdll32\HandlerobjHelper.dll c:\users\Don\AppData\Roaming\Microsoft\Windows\Templates\rljpre3t3lkp4gxq3pvr3x844p3r c:\users\Don\Documents\~WRL0001.tmp c:\users\Don\Documents\~WRL3538.tmp c:\windows\assembly\temp\@ c:\windows\assembly\temp\bckfg.tmp c:\windows\assembly\temp\cfg.ini c:\windows\assembly\temp\keywords c:\windows\assembly\temp\kwrd.dll c:\windows\system32\java.exe c:\windows\System64 c:\windows\SysWow64\ew6Yy3.com D:\AUTORUN.INF . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 ))))))))))))))))))))))))))))))) . . 2011-12-28 18:12 . 2011-12-28 18:16 -------- d-----w- c:\users\Don\AppData\Local\temp 2011-12-28 18:12 . 2011-12-28 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-23 20:16 . 2011-12-23 20:16 -------- d-----w- c:\users\Don\AppData\Local\SWTOR 2011-12-23 19:01 . 2011-12-23 19:46 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2011-12-23 19:01 . 2011-12-23 19:01 -------- d-----w- c:\program files (x86)\Electronic Arts 2011-12-19 19:28 . 2011-12-28 18:11 -------- d-----w- c:\users\Don\AppData\Local\tapiMapdll32 2011-12-18 06:22 . 2011-12-18 06:22 -------- d-----w- c:\users\Don\AppData\Roaming\SUPERAntiSpyware.com 2011-12-15 03:23 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 03:23 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-15 03:23 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-15 03:23 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 03:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-15 03:23 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 03:23 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-15 03:23 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-11 15:31 . 2011-10-11 15:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-10-11 15:31 . 2011-10-11 15:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-10-11 15:31 . 2011-10-11 15:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-10-11 15:31 . 2011-10-11 15:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-10-11 15:31 . 2011-10-11 15:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-10-11 15:31 . 2011-10-11 15:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-10-11 15:31 . 2011-10-11 15:31 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-10-11 15:31 . 2011-10-11 15:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-10-11 15:31 . 2011-10-11 15:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-10-11 15:31 . 2011-10-11 15:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-10-11 15:31 . 2011-10-11 15:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-10-11 15:31 . 2011-10-11 15:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-10-11 15:31 . 2011-10-11 15:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-10-11 15:31 . 2011-10-11 15:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-10-11 15:31 . 2011-10-11 15:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-10-11 15:31 . 2011-10-11 15:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-10-11 15:31 . 2011-10-11 15:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-10-11 15:31 . 2011-10-11 15:31 222208 ----a-w- c:\windows\system32\msls31.dll 2011-10-11 15:31 . 2011-10-11 15:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-10-11 15:31 . 2011-10-11 15:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-10-11 15:31 . 2011-10-11 15:31 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-10-11 15:31 . 2011-10-11 15:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-10-11 15:31 . 2011-10-11 15:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-10-11 15:31 . 2011-10-11 15:31 12288 ----a-w- c:\windows\system32\mshta.exe 2011-10-11 15:31 . 2011-10-11 15:31 114176 ----a-w- c:\windows\system32\admparse.dll 2011-10-11 15:31 . 2011-10-11 15:31 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-10-11 15:31 . 2011-10-11 15:31 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-10-11 15:31 . 2011-10-11 15:31 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-10-11 15:31 . 2011-10-11 15:31 448512 ----a-w- c:\windows\system32\html.iec 2011-10-11 15:31 . 2011-10-11 15:31 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-10-11 15:31 . 2011-10-11 15:31 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-10-11 15:31 . 2011-10-11 15:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-10-11 15:31 . 2011-10-11 15:31 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-10-11 15:31 . 2011-10-11 15:31 160256 ----a-w- c:\windows\system32\wextract.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "Steam"="c:\steam\Steam.exe" [2011-08-04 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-21 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392] . c:\users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288] ImpulseNow.lnk - c:\program files (x86)\Stardock\Impulse\Now\ImpulseNow.exe [2009-9-8 464176] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R1 SASDIFSV;SASDIFSV;c:\users\Don\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\Don\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 WerSvc32;Windows Error Reporting Service ;c:\windows\system32\cnvfat32.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x] S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x] S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785736246-1828795547-2981138639-1000Core.job - c:\users\Don\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-07 22:33] . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785736246-1828795547-2981138639-1000UA.job - c:\users\Don\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-07 22:33] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-27 309760] "combofix"="c:\combofix\CF25456.3XE" [2008-01-21 363008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.5.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKCU-Run-HandlerobjHelper - c:\users\Don\AppData\Local\tapiMapdll32\HandlerobjHelper.dll Wow6432Node-HKCU-Run-Stardock - c:\users\Don\AppData\Local\DataSafeOnline\DataSafeOnlineUpdate\DataSafeOnlineupdt32.dll HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe AddRemove-GoToAssist - c:\program files (x86)\Citrix\GoToAssist\514\G2AUninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2011-12-28 13:24:29 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-28 18:24 . Pre-Run: 274,997,932,032 bytes free Post-Run: 274,695,446,528 bytes free . - - End Of File - - 21BA2D46363FA05D4CB1ED205CEED4E9

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 December 2011 - 12:34 PM

Hey,

I am looking for other entries that should have been removed, go ahead and run aswMBR once more and post the new log please.

Then after you post it do this.

Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 28 December 2011 - 12:57 PM

aswMBR produced a blue screen crash again. From Safe Mode, it didn't even seem to scan anything, just went quickly to a "scan complete." aswMBR log: aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software Run date: 2011-12-28 13:44:43 ----------------------------- 13:44:43.145 OS Version: Windows x64 6.0.6002 Service Pack 2 13:44:43.145 Number of processors: 2 586 0x170A 13:44:43.145 ComputerName: DON-PC UserName: Don 13:44:45.563 Initialze error C0000061 - driver not loaded 13:44:49.166 Service scanning 13:44:50.570 Modules scanning 13:44:50.570 Disk 0 trace - called modules: 13:44:50.570 13:44:50.570 Scan finished successfully 13:45:00.944 The log file has been saved successfully to "C:\Users\Don\Desktop\aswMBR2.txt" Malwarebytes found nothing: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122605 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 9.0.8112.16421 12/28/2011 1:47:54 PM mbam-log-2011-12-28 (13-47-54).txt Scan type: Quick scan Objects scanned: 174307 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 December 2011 - 03:09 PM

Hi,

Go ahead and run DDS again and post a NEW log please


Then run this quick rootkit scanner


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#13 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 29 December 2011 - 09:55 AM

Results of second DDS run: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Don at 0:36:12 on 2011-12-29 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6138.4629 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\system32\taskeng.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\mobsync.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\System32\svchost.exe -k wdisvc C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Windows\splwow64.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012132917.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Steam] "C:\STEAM\Steam.exe" -silent mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey StartupFolder: C:\Users\Don\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Don\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.5.1 TCP: Interfaces\{94817593-74A8-481A-987B-EE348E02F746} : DhcpNameServer = 192.168.15.1 TCP: Interfaces\{A27A0950-6B05-4217-920C-01893AB7E4DB} : DhcpNameServer = 192.168.5.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Matrix Games\PureSim Baseball 2007\wowctl2.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012132917.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-14 355440] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-14 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-14 200056] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-14 245352] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-24 1153368] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-8-26 636144] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?] R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-14 355440] S2 WerSvc32;Windows Error Reporting Service ;C:\Windows\system32\cnvfat32.exe --> C:\Windows\system32\cnvfat32.exe [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-12-28 18:15:49 -------- d-sh--w- C:\$RECYCLE.BIN 2011-12-28 18:12:28 -------- d-----w- C:\Users\Don\AppData\Local\temp 2011-12-28 18:01:45 98816 ----a-w- C:\Windows\sed.exe 2011-12-28 18:01:45 518144 ----a-w- C:\Windows\SWREG.exe 2011-12-28 18:01:45 256000 ----a-w- C:\Windows\PEV.exe 2011-12-28 18:01:45 208896 ----a-w- C:\Windows\MBR.exe 2011-12-23 20:16:24 -------- d-----w- C:\Users\Don\AppData\Local\SWTOR 2011-12-23 19:01:40 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare 2011-12-19 19:28:58 -------- d-----w- C:\Users\Don\AppData\Local\tapiMapdll32 2011-12-18 06:22:32 -------- d-----w- C:\Users\Don\AppData\Roaming\SUPERAntiSpyware.com 2011-12-15 03:23:21 85504 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-15 03:23:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-15 03:23:18 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-15 03:23:14 559616 ----a-w- C:\Windows\System32\EncDec.dll 2011-12-15 03:23:14 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-15 03:23:13 2764800 ----a-w- C:\Windows\System32\win32k.sys 2011-12-15 03:23:12 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2011-12-15 03:23:12 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 0:38:36.06 =============== "art.txt" is empty because GMER found no rootkit changes. If something's still there it seems pretty well hidden. A couple things: 1) Some time after runing "ComboFix" I noticed a new icon on my desktop called "The Internet" - looks like the IE icon. Never seen it before. 2) I've tested out the machine a bit and haven't noticed any symptoms. No TCP/IP Ping stops, no redirects, no suspicious run.dll files.

Attached Files



#14 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 December 2011 - 11:22 AM

Wonderful, lets clean you up a bit more.

You should still have OTL on your desktop, lets do this

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     :processes
     killallprocesses
     
     :OTL
     
     :Services
     
     :Reg
     
     :Files
     ipconfig /flushdns /c
     
     :Commands
     [purity]
     [resethosts]
     [emptytemp]
     [start explorer]
     [Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#15 xr4ti

xr4ti

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 30 December 2011 - 02:14 PM

OTL run goes down to [empty temp] and then the program becomes unresponsive. Log: Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot...

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users