WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

mystery virus?

Started by trevorcangemi , Dec 20 2010 08:06 AM

This topic is locked

16 replies to this topic

#1 trevorcangemi

New Member

Authentic Member
9 posts

Posted 20 December 2010 - 08:06 AM

i cannot start programs from shortcuts or .exe or 'run as administrator.
anti virus wont run
gmail and incredimail are working.
i have access to the internet
OTL report follows
OTL logfile created on: 12/20/2010 9:44:52 PM - Run 2
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\user\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 424.42 Gb Free Space | 91.14% Space Free | Partition Type: NTFS
Drive E: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 499.41 Mb Total Space | 3.89 Mb Free Space | 0.78% Space Free | Partition Type: FAT

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Program Files\Wise Registry Cleaner\WiseRegistryCleaner.exe (WiseCleaner.com)
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\IObit\IObit Security 360\is360.exe (IObit)
PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\user\Desktop\Driverwhiz.exe (Driver Whiz )
PRC - C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Everything\Everything.exe ()
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FAMTFSP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)

========== Modules (SafeList) ==========

MOD - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\System32\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\System32\drivers\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\System32\drivers\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\System32\drivers\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\System32\drivers\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\System32\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\System32\drivers\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\System32\drivers\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\System32\drivers\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\System32\drivers\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\System32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\System32\drivers\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\System32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\System32\drivers\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\System32\drivers\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\System32\drivers\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\System32\drivers\bxvbdx.sys (Broadcom Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 11 CC 63 56 D7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "TranslatorBar 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/"
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {548f6736-8fe4-4680-82f2-170d6c07e1d2}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..keyword.URL: "http://au.search.yah...type=685749&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/12/16 23:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 16:27:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 16:27:59 | 000,000,000 | ---D | M]

[2010/04/09 04:14:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2010/12/20 10:43:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\extensions
[2010/12/16 14:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010/12/16 23:14:07 | 000,000,000 | ---D | M] (TranslatorBar 1.2 Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}
[2010/12/16 23:19:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/16 23:14:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2010/09/29 21:25:49 | 000,002,558 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\searchplugins\askcom.xml
[2010/04/21 18:40:34 | 000,000,937 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\searchplugins\conduit.xml
[2010/11/03 10:30:23 | 000,002,149 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kvm8k1lb.default\searchplugins\MyStart Search.xml
[2010/12/20 10:43:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/16 23:18:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/09 21:46:51 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [EPSON TX710W Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFSP.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...swflash5r42.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.242.33 61.9.226.33
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/19 05:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{abd91f12-673c-11df-b196-90e6bade0791}\Shell - "" = AutoRun
O33 - MountPoints2\{abd91f12-673c-11df-b196-90e6bade0791}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- [2009/11/14 03:25:22 | 003,280,672 | ---- | M] (Western Digital)
O33 - MountPoints2\{f94287e1-46d6-11df-9862-90e6bade0791}\Shell - "" = AutoRun
O33 - MountPoints2\{f94287e1-46d6-11df-9862-90e6bade0791}\Shell\AutoRun\command - "" = F:\Connect.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 23:17:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2010/12/18 21:25:14 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/12/18 21:25:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2010/12/18 21:18:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/18 16:08:29 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2010/12/18 16:08:28 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2010/12/18 16:08:28 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2010/12/18 16:08:26 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2010/12/18 13:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/12/18 13:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2010/12/18 13:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2010/12/16 23:30:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/16 23:30:23 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/16 23:30:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/16 23:30:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/16 23:30:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/16 23:30:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/16 23:30:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/16 23:30:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/16 23:30:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/16 23:30:22 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/16 23:30:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/16 23:30:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/16 23:29:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/16 23:29:58 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/16 23:29:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/16 23:29:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/16 23:29:57 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/16 23:29:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/16 23:29:33 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/16 23:29:22 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/16 23:29:12 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/16 20:58:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\LogMeIn
[2010/12/16 20:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/12/16 20:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/12/16 15:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/12/16 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\SightSpeed Recordings
[2010/12/16 15:48:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\LogiShrd
[2010/12/16 15:47:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Leadertech
[2010/12/16 15:47:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd
[2010/12/16 15:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/12/16 15:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/12/16 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/12/16 15:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/12/16 14:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/12/16 14:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/12/16 14:08:04 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/12/16 12:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/16 12:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/12/16 12:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\RadarSync2
[2010/12/16 12:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\RadarSync
[2010/12/16 12:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2010/12/07 11:59:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\skypePM
[2010/12/07 11:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/07 11:44:53 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/07 11:44:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2010/12/07 11:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/12/04 12:41:40 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\eswiaud.dll
[2010/12/04 12:41:40 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2010/12/04 12:41:40 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escdev.dll
[2010/12/04 12:04:13 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Printer Drivers
[2010/12/04 11:23:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\InstallShield
[2010/11/30 19:00:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2010/11/30 09:13:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG10
[2010/11/29 14:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/29 13:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010/11/29 13:41:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/11/29 13:17:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/29 12:59:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/29 12:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/29 12:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/29 12:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/29 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\COMODO
[2010/05/20 16:36:25 | 008,116,768 | ---- | C] (IObit ) -- C:\Program Files\is360setup141.exe
[2010/04/21 17:32:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2010/12/20 21:42:42 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010/12/20 17:30:05 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 17:30:05 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 17:22:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/20 17:22:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/12/20 17:22:43 | 2817,875,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/18 23:19:14 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2010/12/18 21:26:47 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010/12/18 21:25:18 | 000,001,226 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2010/12/18 21:25:14 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/12/18 21:25:14 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2010/12/18 16:09:23 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2010/12/18 16:09:22 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2010/12/18 16:09:22 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2010/12/18 16:08:23 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/12/18 15:12:52 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\NoVirusThanks Malware Remover.lnk
[2010/12/18 15:07:38 | 000,000,017 | ---- | M] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2010/12/17 03:07:10 | 000,417,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/07 11:59:42 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/07 11:44:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/04 18:28:32 | 000,619,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/04 18:28:32 | 000,105,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/04 12:41:41 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/12/04 12:20:52 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/12/04 12:20:52 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/12/04 12:05:39 | 000,001,436 | ---- | M] () -- C:\Users\user\Desktop\My DAP Downloads.lnk
[2010/12/02 09:51:40 | 000,021,504 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/30 18:58:04 | 000,027,648 | ---- | M] () -- C:\Users\user\Documents\October Conair.doc
[2010/11/30 18:49:58 | 000,027,136 | ---- | M] () -- C:\Users\user\Documents\Invoice144.doc
[2010/11/29 14:10:51 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/29 14:04:43 | 000,001,027 | ---- | M] () -- C:\Users\user\Desktop\Eusing Free Registry Cleaner.lnk
[2010/11/29 13:46:22 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/11/29 13:46:22 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2010/11/29 13:30:03 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2010/11/29 12:37:27 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/29 11:44:07 | 000,001,226 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2010/11/29 11:43:28 | 002,409,944 | ---- | M] () -- C:\Users\user\Documents\revosetup.exe
[2010/11/29 10:13:27 | 000,000,791 | ---- | M] () -- C:\Users\user\Documents\Service Record for Bobby.htm
[2010/11/28 22:40:17 | 005,910,708 | ---- | M] () -- C:\Users\user\Desktop\2010-RER-Navigation-System-User-Manual-2nd.pdf
[2010/11/28 22:40:09 | 001,382,583 | ---- | M] () -- C:\Users\user\Desktop\2010-RBZ-Multimedia-System-User-Manual-2nd.pdf
[2010/11/28 22:39:21 | 001,455,151 | ---- | M] () -- C:\Users\user\Documents\2010-REN-Multimedia-System-User-Manual-2nd.pdf
[2010/11/25 21:51:51 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2010/11/25 21:51:51 | 000,001,975 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk

========== Files Created - No Company Name ==========

[2010/12/18 21:26:47 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010/12/18 21:25:18 | 000,001,226 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2010/12/18 21:25:18 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2010/12/18 15:12:52 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\NoVirusThanks Malware Remover.lnk
[2010/12/18 15:07:38 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2010/12/17 03:03:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/12/16 20:57:58 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/12/07 11:59:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/07 11:44:54 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/04 12:41:41 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/11/30 18:50:27 | 000,027,648 | ---- | C] () -- C:\Users\user\Documents\October Conair.doc
[2010/11/30 18:48:40 | 000,027,136 | ---- | C] () -- C:\Users\user\Documents\Invoice144.doc
[2010/11/29 14:10:51 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/29 14:04:43 | 000,001,027 | ---- | C] () -- C:\Users\user\Desktop\Eusing Free Registry Cleaner.lnk
[2010/11/29 13:30:03 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2010/11/29 12:36:58 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/29 11:44:07 | 000,001,226 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2010/11/29 11:42:09 | 002,409,944 | ---- | C] () -- C:\Users\user\Documents\revosetup.exe
[2010/11/29 10:13:26 | 000,000,791 | ---- | C] () -- C:\Users\user\Documents\Service Record for Bobby.htm
[2010/11/28 22:39:19 | 001,455,151 | ---- | C] () -- C:\Users\user\Documents\2010-REN-Multimedia-System-User-Manual-2nd.pdf
[2010/11/28 22:36:39 | 001,382,583 | ---- | C] () -- C:\Users\user\Desktop\2010-RBZ-Multimedia-System-User-Manual-2nd.pdf
[2010/11/28 22:32:29 | 005,910,708 | ---- | C] () -- C:\Users\user\Desktop\2010-RER-Navigation-System-User-Manual-2nd.pdf
[2010/11/10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/09/13 21:08:49 | 000,021,504 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 22:06:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/09/07 21:24:00 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2010/09/07 17:04:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/05/24 21:58:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll
[2010/04/21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/15 13:30:25 | 000,000,825 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/04/15 13:30:25 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/04/15 13:27:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/04/11 18:51:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/10 07:40:55 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/04/10 07:40:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/04/09 03:00:12 | 000,024,488 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/04/09 02:59:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/09 02:59:47 | 000,019,283 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/16 11:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/02 20:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2003/01/08 06:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/12/16 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2010/12/16 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
[2010/12/16 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit
[2010/12/16 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GlarySoft
[2010/04/13 18:53:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InterTrust
[2010/12/16 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2010/12/16 15:47:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2010/11/29 09:34:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MP3Rocket
[2010/12/16 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OLYMPUS
[2010/04/09 06:46:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2010/04/27 21:50:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC-FAX TX
[2010/11/30 19:00:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2010/12/16 23:14:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Western Digital
[2010/09/19 22:26:08 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/18 16:08:23 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/11 05:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/11 05:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/20 17:22:43 | 2817,875,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 18:31:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/13 18:31:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/20 17:22:46 | 3757,170,688 | -HS- | M] () -- C:\pagefile.sys
[2010/04/09 03:01:05 | 000,002,027 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 12:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 12:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 12:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 12:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 05:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 09:15:18 | 000,033,280 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2010/12/18 16:09:22 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/10 04:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 09:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2010/07/21 14:04:50 | 000,014,712 | ---- | M] () -- C:\Windows\System32\header.jpg

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 12:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/05/20 16:40:25 | 008,116,768 | ---- | M] (IObit ) -- C:\Program Files\is360setup141.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/11 19:12:03 | 000,000,221 | -HS- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/06/09 21:50:28 | 000,000,199 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url

< %USERPROFILE%\Desktop\*.exe >
[2010/09/16 23:19:37 | 043,425,624 | ---- | M] ( ) -- C:\Users\user\Desktop\AdbeRdr934_en_US.exe
[2010/04/26 16:15:27 | 001,046,736 | ---- | M] (Driver Whiz ) -- C:\Users\user\Desktop\Driverwhiz.exe
[2010/06/09 19:25:56 | 007,010,816 | ---- | M] (Foxit Software Company) -- C:\Users\user\Desktop\FoxitReader331_enu_Setup.exe
[2010/06/16 15:53:21 | 013,801,120 | ---- | M] () -- C:\Users\user\Desktop\jre-6u1-windows-i586-p-s.exe
[2010/05/20 16:07:33 | 000,519,976 | ---- | M] (Microsoft Corporation) -- C:\Users\user\Desktop\Mats_Run.AudioPlayback.exe
[2010/09/30 15:14:53 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\user\Desktop\Norton_Removal_Tool.exe
[2010/09/30 15:15:55 | 005,273,512 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\user\Desktop\registrybooster.exe
[2010/05/20 16:19:58 | 000,579,597 | ---- | M] () -- C:\Users\user\Desktop\unlocker1.8.9.exe
[2010/05/20 17:57:55 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Users\user\Desktop\wmp11-windowsxp-x86-enu.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-18 17:32:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D2F2F703
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >
OTL second report
OTL Extras logfile created on: 12/20/2010 9:33:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\user\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 424.42 Gb Free Space | 91.14% Space Free | Partition Type: NTFS
Drive E: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 499.41 Mb Total Space | 3.89 Mb Free Space | 0.78% Space Free | Partition Type: FAT

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10ACC836-F47B-4236-96A5-DF52076EE70A}_is1" = NoVirusThanks Malware Remover 2.7.0.2
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7B8BA496-E201-4246-9A8B-687B49145F53}" = IObit Toolbar v4.1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.03.10
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"CCleaner" = CCleaner
"COMODO GeekBuddy" = COMODO GeekBuddy
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EPSON Scanner" = EPSON Scan
"EPSON TX710W Series" = EPSON TX710W Series Printer Uninstall
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Everything" = Everything 1.2.1.371
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities 2.30.0.1066
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IncrediMail" = IncrediMail 2.0
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoMail" = PhotoMail Maker
"QuickTime" = QuickTime
"Revo Uninstaller" = Revo Uninstaller 1.90
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.8.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2010 9:45:19 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccbc Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x000599af Faulting
process id: 0x1fb4 Faulting application start time: 0x01cb9d8c0dc261bc Faulting application
path: C:\Program Files\Windows Media Player\wmpnscfg.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 4d1b644e-097f-11e0-9097-90e6bade0791

Error - 12/18/2010 3:09:50 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IncMail.exe, version: 6.2.5.4824, time
stamp: 0x4ce52448 Faulting module name: wflash3.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4c82780b Exception code: 0xc0000005 Fault offset: 0x093c4f96 Faulting process
id: 0xefc Faulting application start time: 0x01cb9e80dece9ba2 Faulting application
path: C:\Program Files\IncrediMail\bin\IncMail.exe Faulting module path: wflash3.dll
Report
Id: cd430742-0a75-11e0-b37f-90e6bade0791

Error - 12/18/2010 4:02:09 AM | Computer Name = user-PC | Source = Windows Backup | ID = 4104
Description =

Error - 12/19/2010 2:54:11 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ois.exe, version: 11.0.8161.0, time stamp:
0x46031e2f Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaae Exception code: 0xe06d7363 Fault offset: 0x00009617 Faulting process id:
0x16fcc Faulting application start time: 0x01cb9f4989cf7d1e Faulting application
path: C:\PROGRA~1\MICROS~4\OFFICE11\ois.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: c7f60460-0b3c-11e0-af15-90e6bade0791

Error - 12/19/2010 2:54:11 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ois.exe, version: 11.0.8161.0, time stamp:
0x46031e2f Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaae Exception code: 0xe06d7363 Fault offset: 0x00009617 Faulting process id:
0x16508 Faulting application start time: 0x01cb9f4989e72427 Faulting application
path: C:\PROGRA~1\MICROS~4\OFFICE11\ois.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: c7f5410d-0b3c-11e0-af15-90e6bade0791

Error - 12/19/2010 3:18:45 AM | Computer Name = user-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x80070008)

Error - 12/19/2010 3:18:45 AM | Computer Name = user-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x80070008)

Error - 12/19/2010 6:16:43 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IncMail.exe, version: 6.2.5.4824, time
stamp: 0x4ce52448 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1b458 Faulting application
start time: 0x01cb9f65ca5e7bfe Faulting application path: C:\Program Files\IncrediMail\bin\IncMail.exe
Faulting
module path: unknown Report Id: 13715def-0b59-11e0-af15-90e6bade0791

Error - 12/19/2010 6:57:31 AM | Computer Name = user-PC | Source = LogMeIn Guardian | ID = 131176
Description = LogMeIn Guardian has detected a problem with the LogMeIn software
installed on this machine. The problem is locally identified by the following reference
ID: '93388360a0bd47325fc8dd003ffca1d9'.

Error - 12/19/2010 12:27:38 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: EXPLORERFRAME.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bda55 Exception code: 0xc0000005 Fault offset: 0x0000b45e Faulting
process id: 0xd04 Faulting application start time: 0x01cb9ec68b27a9d1 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\EXPLORERFRAME.dll
Report
Id: e4387e4b-0b8c-11e0-af15-90e6bade0791

[ System Events ]
Error - 11/2/2010 10:51:03 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 11/2/2010 9:34:45 PM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/2/2010 9:34:53 PM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/2/2010 10:40:20 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 11/4/2010 6:02:10 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/4/2010 6:02:16 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/4/2010 6:08:41 AM | Computer Name = user-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.93.1130.0).

Error - 11/4/2010 10:50:40 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 11/4/2010 7:35:53 PM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/4/2010 7:36:02 PM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

< End of report >

Advertisements

Register to Remove

#2 patndoris

SuperMember

Malware Team
2,593 posts

Posted 20 December 2010 - 03:55 PM

Hello and

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:

Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!

Please be advised I am still in training, and all of my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice.
This may cause a delay in response time, but I will do my best to keep it as short as possible.

I will post back shortly with instructions.

~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#3 trevorcangemi

New Member

Authentic Member
9 posts

Posted 21 December 2010 - 11:29 AM

nice to meet you Patndoris. We are two retired Navy mates trying to work with PC's and need all the help we can get. nice of you to help. I can follow and understand your instructions so far and await your further instructions to fix the problem we have with windows 7. cheers Trevor

#4 patndoris

SuperMember

Malware Team
2,593 posts

Posted 21 December 2010 - 04:09 PM

If you have CDEmulation drivers installed (such as Daemon Tools, Alcohol120) please follow the instructions below to run DeFogger prior to and after running GMER. If you do not have any CDEmulation drivers installed, you do not need to run DeFogger and you can go right to the instructions to run GMER.

Download DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Download and Run GMER

Posted Image

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

#5 trevorcangemi

New Member

Authentic Member
9 posts

Posted 23 December 2010 - 01:38 AM

Hi Patndoris, thanks for those instructions. However we have another problem. We cannot access the internet with any of our browsers to download the programs you suggested. The PC seems to be clogging up more and more as time passes. We cannot run any programs or open any files now from the desktop. Only incredimail opens from the taskbar. Over to you now - got any answers? thanks, Trevor

#6 trevorcangemi

New Member

Authentic Member
9 posts

Posted 23 December 2010 - 10:59 AM

Hi Doris. i managed to get the PC into safe mode and ran Glary utilities modules which showed a suspicious file with no description or properties so i deleted it and restarted our PC. Voila we had access to the internet again. I carried out your instructions and the report is attached for you to look at. I know that i was not supposed to do anything other than what you instructed but as i could not access the programs i had to take other actions to be able to carry out your instructions. Thanks for your help and i wait for your response. BTW i might have fixed it????

#7 trevorcangemi

New Member

Authentic Member
9 posts

Posted 23 December 2010 - 11:25 AM

Doris, sorry forgot the Gmer.txt document. it was too large to upload so i have zipped it. Please find attached to this reply. Kind regards, Trevor

Attached Files

Gmer.zip 28.91KB 376 downloads

#8 patndoris

SuperMember

Malware Team
2,593 posts

Posted 23 December 2010 - 07:28 PM

Hi Trevor -

My next instructions were going to be starting in safe mode. I'm glad you were able to at least reconnect to the internet.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#9 trevorcangemi

New Member

Authentic Member
9 posts

Posted 24 December 2010 - 07:56 AM

hi Doris, i carried out your instructions and i did not get the impression that combofix ran. there was no indication of this after an hour and no report was generated. So i repeated the run and got feedback that it ran. a report was also generated this time. Unfortunately it looks like a 're run' my apologies if it is a 're run'. thanks for your help. report is attached. Regards Trevor.

Attached Files

ComboFix.txt 22.36KB 294 downloads

#10 patndoris

SuperMember

Malware Team
2,593 posts

Posted 24 December 2010 - 01:18 PM

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services
:OTL
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
[2010/12/18 13:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/12/18 13:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

Can you please advise how your system is behaving now.

Advertisements

Register to Remove

#11 trevorcangemi

New Member

Authentic Member
9 posts

Posted 25 December 2010 - 12:05 AM

Hi Doris i ran OTL as you asked and the log is attached as OTL2.txt The OS seems to be OK now but some desktop shortcuts don't work Can now open docs in windows office A couple of desktop icons that disappeared have returned Thanks for your help Merry Christmas. regards Trevor

Attached Files

OTL2.Txt 90.21KB 289 downloads

#12 patndoris

SuperMember

Malware Team
2,593 posts

Posted 25 December 2010 - 05:44 PM

Merry Christmas!

It's great to hear we are making progress! Stick with me because we aren't finished yet.

First, let's try to get those desktop shortcuts working again. The easiest way to try and fix this is to run the Fix-it tool from Microsoft for "Fix broken desktop shortcuts and common system maintenance tasks". You should use Internet Explorer when accessing this page. Just click on the big green "Run Now" and it should automatically try and fix that problem for you. Please let me know if that is successful.

I see you have Malwarebytes already on your machine. Please run it and do the following:

Click on the tab labeled Update and then click on the button Check for updates. Allow it to check for and apply any updates.
Select the Scanner tab, and Perform Quick Scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Please post the log in your next reply.

#13 trevorcangemi

New Member

Authentic Member
9 posts

Posted 27 December 2010 - 10:15 AM

Hi Doris, Christmas day was 40 Celsius for us - how was it for you? I was not able to run 'fix desktop shortcuts' as a screen popped up saying 'this troubleshooter is not compatable with your system'. I ran malwarebytes and the log is attached. Happy New Year! regards Trevor.

Attached Files

mbam_log_2010_12_27__11_49_43_.txt 881bytes 309 downloads

#14 patndoris

SuperMember

Malware Team
2,593 posts

Posted 27 December 2010 - 01:15 PM

We actually had a white Christmas here. It was about 20 degrees Fahrenheit which I believe is below 0 Celsius

Thankfully we didn't get too much snow! Just enough to make it nice.

Can you tell me if it is all the desktop shortcuts or only a few of them. If it is only a few of them, are you able to create a new icon and it works? Do any of your desktop shortcut work ok now?

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt] Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply.

#15 trevorcangemi

New Member

Authentic Member
9 posts

Posted 29 December 2010 - 09:41 AM

Hi Doris, BRRRR 20 F is -7 C. We have had a problem with Trevors pc - it has 'bricked' itself! Only incredimail will open but will not open attachments. All other programs give an error message 'not enough memory to open this program' Trevors pc would not operate at all. I am typing this on Ian's pc at yagan60@gmail.com We reinstalled win7 on partition 2 and it seems to work ok, so email should get through. If not , then please use the above address I am installing the basic downloads that i had before. I managed to get a 3 disc backup before the pc bricked up - but i suppose the virus will be on it? Will the virus spread from 1 partition to 2 partition? How can I prevent that? Should we delete partition 1? we will work on doing a Kaspersky online scan tomorrow as it's now midnight in perth and need beauty sleep! Kind regards, Trevor

Body Background

skin color theme