also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Hard-to-remove redirect virus, frequent system lag

Discussion in 'Virus and Malware Removal' started by pianodactyl, Dec 28, 2011.

Page 2 of 2

  1. pianodactyl Newcomer, in training

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-15 221184]
    "Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
    .
    c:\documents and settings\Benjamin Provost\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-12-26 20:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"=19918014261.CPX
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Trillian\\trillian.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Benjamin Provost\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Ruby187\\bin\\ruby.exe"=
    "c:\\Program Files\\Steam\\steamapps\\pianosaurus\\mass effect trailer\\smp.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\chime\\Chime.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1030:TCP"= 1030:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [12/19/2011 6:59 PM 18056]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/19/2011 6:59 PM 494816]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67656]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [11/23/2011 5:27 AM 1052472]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2009 1:25 AM 652872]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/28/2011 2:53 AM 20464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 Messenger32;Messenger ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/12/2009 11:18 PM 14336]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
    S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [6/1/2009 1:54 PM 73464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    TCP: Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{D8056995-A140-4724-BC62-8F78DC7D4C91}: NameServer = 8.26.56.26,156.154.70.22
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-BlueJ_is1 - c:\bluej\uninst\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-09 14:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
    "5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(532)
    c:\windows\system32\guard32.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'lsass.exe'(588)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'csrss.exe'(504)
    c:\windows\system32\cmdcsr.dll
    .
    Completion time: 2012-01-09 14:51:47
    ComboFix-quarantined-files.txt 2012-01-09 19:51
    ComboFix2.txt 2011-12-31 20:00
    ComboFix3.txt 2011-09-09 17:52
    ComboFix4.txt 2011-08-02 04:40
    ComboFix5.txt 2012-01-02 05:21
    .
    Pre-Run: 10,867,580,928 bytes free
    Post-Run: 10,830,487,552 bytes free
    .
    - - End Of File - - A784DB5EC56D372C0BBD12E8D3B9436A
    pianodactyl, Jan 9, 2012
    #21

  2. pianodactyl Newcomer, in training

    </wall of log text>
    pianodactyl, Jan 9, 2012
    #22

  3. Broni Malware Annihilator

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, Jan 9, 2012
    #23

  4. pianodactyl Newcomer, in training

    The only consistent issue has been the overall slugishness of the computer. It takes forever to boot and then awhile to run programs. Firefox likes to freeze. I may upgrade some components to see if that helps.

    OTL.txt

    OTL logfile created on: 1/11/2012 12:30:25 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Benjamin Provost\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    509.98 Mb Total Physical Memory | 282.33 Mb Available Physical Memory | 55.36% Memory free
    1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.23% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.72 Gb Total Space | 10.27 Gb Free Space | 14.73% Space Free | Partition Type: NTFS

    Computer Name: D9L71B81 | User Name: Benjamin Provost | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/09 15:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/21 00:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    PRC - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    PRC - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
    PRC - [2011/11/23 05:27:04 | 000,992,056 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe
    PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2005/07/28 08:32:20 | 000,094,208 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/19 18:59:44 | 000,068,424 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\scanners\smart.cav
    MOD - [2011/11/23 05:27:10 | 004,284,728 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll
    MOD - [2011/11/23 05:27:10 | 002,085,688 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\GuiListener\export.dll
    MOD - [2011/11/23 05:27:10 | 001,764,664 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Export.dll
    MOD - [2011/11/23 05:27:10 | 000,339,768 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll
    MOD - [2011/11/23 05:27:10 | 000,049,976 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll
    MOD - [2011/11/23 05:27:08 | 000,464,184 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\CRF\export.dll
    MOD - [2011/11/23 05:27:08 | 000,328,504 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll
    MOD - [2011/11/23 05:27:08 | 000,126,776 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll
    MOD - [2011/11/23 05:27:06 | 001,131,320 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPS_RES.dll
    MOD - [2011/11/23 05:27:06 | 000,020,280 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLANG.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/10/02 11:07:40 | 000,320,064 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll
    MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2005/07/28 08:32:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
    MOD - [2005/04/22 12:43:58 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll
    MOD - [2005/04/22 12:43:32 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
    MOD - [2005/04/22 12:42:36 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
    MOD - [2005/04/22 12:42:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
    MOD - [2005/04/22 12:42:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
    MOD - [2005/04/15 05:18:34 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPRPR.DLL
    MOD - [2005/04/15 04:55:56 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPRP.DLL
    MOD - [2005/04/15 04:42:34 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\dlbtutil.dll
    MOD - [2005/02/28 19:58:44 | 000,287,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTSTRN.DLL
    MOD - [2005/02/28 19:57:44 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPCFG.DLL
    MOD - [2005/02/28 19:57:40 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL
    MOD - [2005/02/28 19:57:10 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUI5C.DLL
    MOD - [2004/09/28 01:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2004/03/10 14:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Messenger32)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/02/06 01:34:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/07/14 04:09:28 | 000,073,464 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCore.exe -- (BOCore)
    SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2005/03/03 22:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/19 18:59:22 | 000,494,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/12/19 18:59:20 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/26 15:00:32 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/12/26 15:00:32 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/12/26 15:00:31 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2007/04/17 14:14:10 | 000,015,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/12/04 21:17:55 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    DRV - [2005/11/03 18:12:10 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2005/08/17 13:43:20 | 000,330,240 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
    DRV - [2005/06/08 17:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
    DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
    DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
    IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
    IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
    IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
    FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
    FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.4


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 17:46:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/06 03:53:48 | 000,000,000 | ---D | M]

    [2009/06/26 11:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Extensions
    [2012/01/06 16:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions
    [2010/04/29 04:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/14 04:32:10 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2)
    [2010/04/19 02:27:36 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(3)
    [2010/08/18 23:13:40 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(4)
    [2010/10/09 16:30:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(5)
    [2010/08/18 23:13:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
    [2010/08/18 23:13:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2)
    [2010/08/17 00:54:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2009/08/21 01:19:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
    [2010/06/28 02:42:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(3)
    [2010/07/27 03:26:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(4)
    [2010/08/18 23:52:37 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
    [2010/08/18 23:13:41 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}(2)
    [2010/03/26 01:21:02 | 000,000,000 | ---D | M] (Amazon Button) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\AmazonHotStuff@wangtom(2).com
    [2010/08/18 23:13:41 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\support@lastpass(2).com
    [2009/07/21 11:26:25 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\searchplugins\bing.xml
    [2010/03/05 22:51:39 | 000,002,064 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\searchplugins\youtube-video-search.xml
    [2011/11/10 16:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
    [2012/01/07 17:46:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/04/05 16:12:12 | 000,229,376 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npcpbrk7.dll
    [2009/11/30 18:28:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2003/11/18 12:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
    [2009/11/24 12:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
    [2009/11/28 11:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    [2011/05/11 23:20:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/10 16:41:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/01/09 14:34:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
    O4 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Benjamin Provost\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    pianodactyl, Jan 11, 2012
    #24

  5. pianodactyl Newcomer, in training

    OTL.txt (continued)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: DhcpNameServer = 192.168.0.1 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8056995-A140-4724-BC62-8F78DC7D4C91}: NameServer = 8.26.56.26,156.154.70.22
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: wave1 - 19918014261.CPX File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/11 04:46:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Benjamin Provost\Recent
    [2012/01/11 00:32:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2012/01/09 19:21:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/01/09 15:55:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
    [2012/01/04 12:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin Provost\Desktop\16flashdrive
    [2012/01/04 02:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin Provost\Desktop\type 2
    [2012/01/04 02:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin Provost\Desktop\systems
    [2012/01/04 01:23:27 | 001,005,262 | ---- | C] (pendrivelinux.com) -- C:\Documents and Settings\Benjamin Provost\Desktop\Universal-USB-Installer-1.8.7.5.exe
    [2012/01/03 18:31:05 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2012/01/02 00:14:55 | 004,376,389 | R--- | C] (Swearware) -- C:\Documents and Settings\Benjamin Provost\Desktop\ComboFix.exe
    [2011/12/30 10:35:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/30 10:35:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/30 10:35:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/30 10:35:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/28 21:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2011/12/28 21:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
    [2011/12/28 20:28:13 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.exe
    [2011/12/28 20:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2011/12/28 20:11:14 | 085,874,016 | ---- | C] (COMODO) -- C:\Documents and Settings\Benjamin Provost\Desktop\cav_installer.exe
    [2011/12/27 15:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
    [2011/12/27 14:40:58 | 000,000,000 | ---D | C] -- C:\backups
    [2011/12/27 14:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
    [2011/12/23 14:11:11 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Benjamin Provost\Desktop\arose.exe
    [2011/12/19 18:59:24 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2011/12/19 18:59:22 | 000,494,816 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [2011/12/19 18:59:22 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2011/12/19 18:59:20 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
    [2011/12/19 18:58:58 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
    [2011/12/19 18:58:56 | 000,301,224 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2005/08/28 17:51:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [1 C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp files -> C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/11 00:04:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/11 00:04:22 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/11 00:04:07 | 000,151,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2012/01/09 19:53:03 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music2.bmp
    [2012/01/09 19:52:44 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music.bmp
    [2012/01/09 15:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
    [2012/01/09 14:34:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/09 13:34:40 | 004,376,389 | R--- | M] (Swearware) -- C:\Documents and Settings\Benjamin Provost\Desktop\ComboFix.exe
    [2012/01/04 16:09:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\MBR.dat
    [2012/01/04 12:43:01 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/04 06:26:50 | 000,000,732 | ---- | M] () -- C:\WINDOWS\dellstat.ini
    [2012/01/04 01:23:19 | 001,005,262 | ---- | M] (pendrivelinux.com) -- C:\Documents and Settings\Benjamin Provost\Desktop\Universal-USB-Installer-1.8.7.5.exe
    [2012/01/03 19:16:24 | 000,075,950 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\worstday homer.jpg
    [2012/01/03 14:53:18 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/12/31 15:11:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/12/31 00:01:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/30 23:58:58 | 000,013,530 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
    [2011/12/30 23:58:58 | 000,013,530 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
    [2011/12/30 09:00:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/28 20:28:03 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.exe
    [2011/12/28 20:24:43 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
    [2011/12/28 20:23:43 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2011/12/28 20:23:43 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2011/12/28 20:23:06 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2011/12/28 20:15:52 | 085,874,016 | ---- | M] (COMODO) -- C:\Documents and Settings\Benjamin Provost\Desktop\cav_installer.exe
    [2011/12/28 03:29:20 | 000,089,781 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\songity.MUS
    [2011/12/27 14:47:31 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\ibnov2bj.exe
    [2011/12/27 14:34:05 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\hijackthis_sfx.exe
    [2011/12/27 13:06:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/23 13:46:42 | 000,014,268 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y6jt60i6vx7dac
    [2011/12/23 13:46:40 | 000,014,268 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\y6jt60i6vx7dac
    [2011/12/19 18:59:24 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2011/12/19 18:59:22 | 000,494,816 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [2011/12/19 18:59:22 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2011/12/19 18:59:20 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
    [2011/12/19 18:58:58 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
    [2011/12/19 18:58:56 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2011/12/14 07:58:06 | 002,235,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp files -> C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/09 19:52:57 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music2.bmp
    [2012/01/09 19:52:40 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music.bmp
    [2012/01/07 03:17:52 | 000,091,345 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\what the heck is this.MUS
    [2012/01/07 03:17:42 | 000,089,781 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\songity.MUS
    [2012/01/07 03:15:09 | 394,235,022 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\HeartStringTheory at the Stella 6-4-11.wav
    [2012/01/04 16:09:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\MBR.dat
    [2012/01/03 19:13:54 | 000,075,950 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\worstday homer.jpg
    [2011/12/31 00:01:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/30 23:56:28 | 000,013,530 | -HS- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
    [2011/12/30 23:56:28 | 000,013,530 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
    [2011/12/30 10:35:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/30 10:35:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/30 10:35:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/30 10:35:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/30 10:35:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/28 21:32:34 | 000,151,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2011/12/28 20:24:43 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
    [2011/12/28 20:23:43 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2011/12/28 20:23:43 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2011/12/28 20:23:06 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2011/12/27 14:52:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\ibnov2bj.exe
    [2011/12/27 14:34:21 | 000,251,392 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\hijackthis_sfx.exe
    [2011/12/23 13:54:46 | 000,001,205 | ---- | C] () -- C:\FixNCR.reg
    [2011/12/23 13:43:59 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
    [2011/12/23 13:11:05 | 000,014,268 | -HS- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\y6jt60i6vx7dac
    [2011/12/23 13:11:05 | 000,014,268 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y6jt60i6vx7dac
    [2011/11/27 12:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\I8j5y.com.b
    [2011/11/27 12:56:58 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xF7tW6h.dat
    [2011/11/27 01:18:00 | 000,012,948 | -HS- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q
    [2011/11/27 01:18:00 | 000,012,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q
    [2010/05/15 20:49:19 | 000,000,604 | ---- | C] () -- C:\Program Files\STFT Notifier
    [2009/07/30 17:13:04 | 000,001,680 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2009/06/01 13:54:20 | 000,013,888 | ---- | C] () -- C:\WINDOWS\BOC427.INI
    [2009/04/12 23:19:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2009/04/12 23:18:43 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
    [2009/04/12 23:18:43 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2009/01/20 19:42:20 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\WT2
    [2009/01/14 12:38:50 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
    [2008/09/27 15:20:54 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
    [2008/03/21 21:21:16 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
    [2007/08/12 17:44:55 | 000,000,580 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2007/07/02 12:21:36 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2007/05/31 13:10:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\uccspecc.sys
    [2007/04/14 18:15:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2007/04/14 18:15:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2007/04/14 18:15:57 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2007/03/19 18:48:53 | 000,004,519 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/10/29 20:01:11 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2006/10/26 08:13:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2006/05/21 10:21:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
    [2006/02/07 19:07:25 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2006/02/07 19:06:05 | 000,011,585 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2005/11/24 16:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SOL.INI
    [2005/10/17 16:25:25 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/09/28 20:38:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
    [2005/09/26 14:48:31 | 000,002,733 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2005/09/06 17:43:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
    [2005/09/06 17:09:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2005/09/01 23:38:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/08/31 20:52:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/08/31 18:44:42 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\fusioncache.dat
    [2005/08/31 17:49:38 | 000,000,732 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2005/08/28 18:37:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/08/28 18:27:31 | 000,002,750 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/08/28 18:21:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/08/28 18:16:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2005/08/28 18:16:53 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
    [2005/08/28 18:16:27 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
    [2005/08/28 18:16:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2005/08/28 18:16:15 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2005/08/28 17:51:36 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2005/08/28 17:51:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2005/08/28 17:51:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2005/08/28 17:51:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2005/08/28 17:51:02 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/05/04 19:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/04/15 05:18:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
    [2005/04/15 05:18:38 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
    [2005/04/15 05:18:22 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
    [2005/04/15 04:57:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
    [2005/04/15 04:57:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
    [2005/04/15 04:57:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
    [2005/04/15 04:56:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
    [2005/04/15 04:42:34 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
    [2005/04/12 21:20:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
    [2005/04/12 21:19:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
    [2005/02/23 21:14:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
    [2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/19 16:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/19 16:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/19 16:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/19 15:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/19 15:57:07 | 002,235,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/19 15:49:47 | 000,678,240 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/19 15:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/19 15:49:47 | 000,160,228 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/19 15:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/19 15:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/19 15:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/19 15:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/19 15:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/19 15:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/19 15:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [1999/03/21 20:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/03/22 12:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    ========== LOP Check ==========

    [2009/02/01 00:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
    [2010/06/06 11:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2007/11/17 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2009/06/19 20:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC427
    [2011/12/30 09:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2008/01/18 17:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2010/07/26 13:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
    [2007/09/07 18:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
    [2008/02/17 18:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2009/04/22 09:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/01/18 00:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/10/26 19:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/06/06 11:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\acccore
    [2010/06/06 22:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Ambient Design
    [2009/08/11 15:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Any Video Converter
    [2011/05/31 13:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Chime
    [2012/01/11 00:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox
    [2009/04/22 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\FileZilla
    [2009/11/30 18:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Foxit
    [2010/03/08 13:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Foxit Software
    [2009/08/14 13:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\GenieSoft
    [2010/07/28 20:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\InfraRecorder
    [2006/01/27 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Leadertech
    [2010/07/26 13:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\MakeMusic
    [2010/06/23 00:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Moyea
    [2010/12/27 23:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Notepad++
    [2009/08/29 18:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Trillian
    [2009/04/22 09:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\ACAMPREF
    [2005/10/24 06:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Leadertech
    [2009/04/22 09:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\MSNInstaller
    [2009/04/22 09:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Registry Cleaner
    [2006/10/09 15:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Systweak
    [2007/02/23 08:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint
    [2009/02/01 00:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Jetico Personal Firewall
    [2009/01/20 19:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Personal Composer DEMO
    [2009/04/22 09:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Thunderbird

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/23 16:21:58 | 000,005,984 | ---- | M] () -- C:\aaw7boot.log
    [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/09/18 16:49:54 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/05/24 12:12:20 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2012/01/09 14:51:50 | 000,152,725 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/08/28 17:56:14 | 000,005,935 | R--- | M] () -- C:\dell.sdr
    [2008/09/08 00:35:35 | 000,004,365 | ---- | M] () -- C:\dlbt.log
    [2010/04/15 21:42:32 | 000,000,027 | ---- | M] () -- C:\dscript.log
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2011/11/09 01:32:14 | 000,001,205 | ---- | M] () -- C:\FixNCR.reg
    [2012/01/11 00:21:11 | 000,303,236 | ---- | M] () -- C:\git_shell_ext_debug.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/01/11 00:04:22 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
    [2005/09/01 21:49:42 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\IO.SYS
    [2011/02/12 04:25:04 | 000,001,922 | ---- | M] () -- C:\IPH.PH
    [2010/12/26 14:24:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
    [2009/04/22 17:51:45 | 000,047,564 | ---- | M] () -- C:\ntdetect.com
    [2001/08/23 07:00:00 | 000,674,304 | ---- | M] (Microsoft Corporation) -- C:\NTDLL.DLL
    [2009/04/22 17:51:45 | 000,250,048 | ---- | M] () -- C:\ntldr
    [2006/12/04 16:30:00 | 000,004,096 | ---- | M] () -- C:\ntldr.srm
    [2012/01/11 00:04:08 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/23 14:06:06 | 000,000,528 | ---- | M] () -- C:\rkill.log
    [2005/08/28 18:23:02 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2011/10/04 23:21:50 | 000,000,000 | ---- | M] () -- C:\t10o.1
    [2011/03/17 23:52:20 | 000,000,000 | ---- | M] () -- C:\t11k.1
    [2011/07/20 22:09:09 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_20.07.2011_23.08.45_log.txt
    [2009/09/13 03:47:44 | 000,000,000 | ---- | M] () -- C:\tr8.1
    [2010/01/13 00:23:19 | 000,000,000 | ---- | M] () -- C:\tr8.2
    [2009/11/19 20:12:56 | 000,000,000 | ---- | M] () -- C:\tro.1
    [2010/01/25 20:13:02 | 000,000,000 | ---- | M] () -- C:\ts0.1
    [2011/10/03 23:14:30 | 000,000,000 | ---- | M] () -- C:\ts8.1
    [2010/03/20 20:05:16 | 000,000,000 | ---- | M] () -- C:\tv0.1
    [2011/06/02 22:07:15 | 000,000,000 | ---- | M] () -- C:\tv0.2
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2007/06/12 19:17:33 | 001,326,066 | -HS- | M] () -- C:\vm404.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/19 16:06:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
    [12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2005/02/28 19:57:40 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/11/25 13:31:09 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2010/05/15 20:49:19 | 000,000,604 | ---- | M] () -- C:\Program Files\STFT Notifier

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/19 15:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/19 15:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/19 15:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/09 01:48:58 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Benjamin Provost\Desktop\arose.exe
    [2011/12/28 20:28:03 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.exe
    [2011/12/28 20:15:52 | 085,874,016 | ---- | M] (COMODO) -- C:\Documents and Settings\Benjamin Provost\Desktop\cav_installer.exe
    [2012/01/09 13:34:40 | 004,376,389 | R--- | M] (Swearware) -- C:\Documents and Settings\Benjamin Provost\Desktop\ComboFix.exe
    [2011/12/27 14:34:05 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\hijackthis_sfx.exe
    [2011/12/27 14:47:31 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\ibnov2bj.exe
    [2012/01/09 15:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
    [2012/01/04 01:23:19 | 001,005,262 | ---- | M] (pendrivelinux.com) -- C:\Documents and Settings\Benjamin Provost\Desktop\Universal-USB-Installer-1.8.7.5.exe
    [1 C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp files -> C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp -> ]
    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/04/21 15:25:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/11 12:15:38 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2005/01/28 12:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
    pianodactyl, Jan 11, 2012
    #25

  6. pianodactyl Newcomer, in training

    Extras.txt

    OTL Extras logfile created on: 1/11/2012 12:30:25 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Benjamin Provost\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    509.98 Mb Total Physical Memory | 282.33 Mb Available Physical Memory | 55.36% Memory free
    1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.23% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.72 Gb Total Space | 10.27 Gb Free Space | 14.73% Space Free | Partition Type: NTFS

    Computer Name: D9L71B81 | User Name: Benjamin Provost | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    jsfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "1030:TCP" = 1030:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Disabled:Trillian -- (Cerulean Studios)
    "C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Ruby187\bin\ruby.exe" = C:\Ruby187\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.7.330 [i386-mingw32] -- ()
    "C:\Program Files\Steam\steamapps\pianosaurus\mass effect trailer\smp.exe" = C:\Program Files\Steam\steamapps\pianosaurus\mass effect trailer\smp.exe:*:Enabled:Mass Effect Trailer -- (Valve)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Steam\steamapps\common\chime\Chime.exe" = C:\Program Files\Steam\steamapps\common\chime\Chime.exe:*:Enabled:Chime -- (Zoe Mode)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
    "{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
    "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
    "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "CBOClean" = BOClean
    "CCleaner" = CCleaner (remove only)
    "Comodo Dragon" = Comodo Dragon
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
    "Finale NotePad 2011" = Finale NotePad 2011
    "Foxit Reader" = Foxit Reader
    "Git_is1" = Git version 1.7.3.1-preview20101002
    "HijackThis" = HijackThis 1.99.1
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Notepad++" = Notepad++
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "SBC Yahoo! Applications" = SBC Yahoo! Applications
    "SBC.MCCInstall" = SBC Self Support Tool
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpywareBlaster_is1" = SpywareBlaster 4.2
    "VLC media player" = VLC media player 1.1.7
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{F6377277-9DF1-4a1f-A487-CB5D34DCD793}_is1" = Ruby 1.8.7-p330
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/11/2012 1:04:47 AM | Computer Name = D9L71B81 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 1/11/2012 1:04:47 AM | Computer Name = D9L71B81 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 1/11/2012 1:04:47 AM | Computer Name = D9L71B81 | Source = COM+ | ID = 135894
    Description = A condition has occurred that indicates this COM+ application is in
    an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

    Server
    Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
    ID: {16E21470-602E-429A-A695-96126B553D9D} Server Application Name: System Application
    The
    serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
    : Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
    Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

    Error - 1/11/2012 1:04:54 AM | Computer Name = D9L71B81 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 1/11/2012 1:04:55 AM | Computer Name = D9L71B81 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 1/11/2012 1:04:55 AM | Computer Name = D9L71B81 | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
    hr = 80040206: Failed to CoCreate EventSystem objec

    Error - 1/11/2012 1:04:55 AM | Computer Name = D9L71B81 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 1/11/2012 1:04:55 AM | Computer Name = D9L71B81 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 1/11/2012 1:04:55 AM | Computer Name = D9L71B81 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 1/11/2012 1:04:55 AM | Computer Name = D9L71B81 | Source = COM+ | ID = 135894
    Description = A condition has occurred that indicates this COM+ application is in
    an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

    Server
    Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
    ID: {7BCB02BE-ACFE-4B5E-B120-B2800264B9B3} Server Application Name: System Application
    The
    serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
    : Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
    Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

    [ System Events ]
    Error - 1/11/2012 1:18:44 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:18:44 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:23:43 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:28:43 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:33:43 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:38:43 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:43:43 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:43:43 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:48:42 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058

    Error - 1/11/2012 1:53:42 PM | Computer Name = D9L71B81 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1058


    < End of report >
    pianodactyl, Jan 11, 2012
    #26

  7. Broni Malware Annihilator

    Let's see how it goes when we're totally done.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [Auto | Stopped] -- -- (Messenger32)
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2011/12/30 23:58:58 | 000,013,530 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
[2011/12/30 23:58:58 | 000,013,530 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
[2011/12/23 13:46:42 | 000,014,268 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y6jt60i6vx7dac
[2011/12/23 13:46:40 | 000,014,268 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\y6jt60i6vx7dac
[2011/11/27 01:18:00 | 000,012,948 | -HS- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 01:18:00 | 000,012,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q
[2007/11/17 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/01/18 17:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/01/18 00:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/23 08:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint
[2009/02/01 00:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Jetico Personal Firewall

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Jan 11, 2012
    #27

  8. pianodactyl Newcomer, in training

    I've tried running OTL per your instructions a few times for several hours each go the past couple days, but it doesn't make any progress and instead just completely freezes the system (from the moment I run it). Now the computer takes about half an hour to load. Should I try again and leave it for say, 24 hours and see if it runs, or should I move on with the other scans?
    pianodactyl, Jan 14, 2012
    #28

  9. Broni Malware Annihilator

    No. Run the fix from safe mode.
    Broni, Jan 14, 2012
    #29

  10. pianodactyl Newcomer, in training

    All processes killed
    ========== OTL ==========
    Service Messenger32 stopped successfully!
    Service Messenger32 deleted successfully!
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2 moved successfully.
    C:\Documents and Settings\All Users\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2 moved successfully.
    C:\Documents and Settings\All Users\Application Data\y6jt60i6vx7dac moved successfully.
    C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\y6jt60i6vx7dac moved successfully.
    C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q moved successfully.
    C:\Documents and Settings\All Users\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avg7 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\TEMP\Application Data\Jetico Personal Firewall\1.0 folder moved successfully.
    C:\Documents and Settings\TEMP\Application Data\Jetico Personal Firewall folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Benjamin Provost
    ->Temp folder emptied: 180494 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 741440669 bytes
    ->Flash cache emptied: 1929542 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Jeanne Provost
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 117608917 bytes
    ->FireFox cache emptied: 53418250 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 7110790 bytes
    ->FireFox cache emptied: 1235322 bytes
    ->Flash cache emptied: 25321 bytes

    User: Sami Provost
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: TEMP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 15019524 bytes
    ->Flash cache emptied: 2893 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 97845 bytes
    %systemroot%\System32 .tmp files removed: 12583768 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 668395 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 24603132 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 62965 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 931.00 mb
    pianodactyl, Jan 18, 2012
    #30

  11. pianodactyl Newcomer, in training

    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Benjamin Provost
    ->Java cache emptied: 0 bytes

    User: Default User

    User: Jeanne Provost
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Sami Provost
    ->Java cache emptied: 0 bytes

    User: TEMP
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Benjamin Provost
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Jeanne Provost

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Sami Provost
    ->Flash cache emptied: 0 bytes

    User: TEMP
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01152012_142848

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    pianodactyl, Jan 18, 2012
    #31

  12. pianodactyl Newcomer, in training

    Security Check

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    COMODO Internet Security
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Out of date HijackThis installed!
    SpywareBlaster 4.2
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    SpywareBlaster 4.2 Out of Date!
    BOClean
    HijackThis 1.99.1
    CCleaner (remove only)
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
    Mozilla Firefox (Firefox, Opera, Netscape only..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    ``````````End of Log````````````
    pianodactyl, Jan 18, 2012
    #32

  13. pianodactyl Newcomer, in training

    Farbar Service Scanner
    Ran by Benjamin Provost (administrator) on 16-01-2012 at 09:28:26
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is set to Disabled. The default start type is 3.
    The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
    The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Bridge(2) BridgeMP(1) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(11) NwlnkNb(12) Tcpip(3)



    **** End of log ****
    pianodactyl, Jan 18, 2012
    #33

  14. Broni Malware Annihilator

    ...end Eset....
    Broni, Jan 18, 2012
    #34

  15. pianodactyl Newcomer, in training

    Eset

    C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\LOCALS~1\Temp\smtmp\2\eBay.url Win32/Adware.ADON application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009473.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009474.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009475.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009476.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009477.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009478.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009479.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP12\A0009480.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
    pianodactyl, Jan 19, 2012
    #35

  16. Broni Malware Annihilator

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ==============================================================

    Go Start>Run, type in:
    services.msc
    Click OK.

    Services window will open.

    Find Background Intelligent Transfer Service.
    Right click on it, click "Properties".
    Under "Startup type" select "Automatic" from drop down menu.

    Find System Event Notification Service.
    Right click on it, click "Properties".
    Under "Startup type" select "Manual" from drop down menu.

    OK your way out.

    =============================================================

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Jan 19, 2012
    #36

  17. Broni Malware Annihilator

    The issue seems to be resolved.
    Broni, Jan 25, 2012
    #37
Page 2 of 2