TechSpot

Redirected when surfing

Solved
By doda69
Sep 26, 2011
  1. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Your router has been hijacked.
    We need to reset it.

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE

    Now re-run Combofix.
  2. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    ComboFix 11-10-03.01 - Owner 10/03/2011 15:46:58.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.370 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-03 15:45 . 2011-10-03 15:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
    2011-09-28 19:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-09-28 19:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-09-28 19:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
    2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
    2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
    2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
    2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-03 16:40 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-14 13:58 . 2011-05-09 16:17 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
    2011-09-09 09:12 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
    2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
    2011-07-15 13:29 . 2004-08-26 16:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-08 14:02 . 2004-08-26 16:12 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-09-29_13.13.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-10-03 17:27 . 2011-10-03 17:27 16384 c:\windows\Temp\Perflib_Perfdata_768.dat
    + 2011-10-03 17:29 . 2011-10-03 17:29 16384 c:\windows\Temp\Perflib_Perfdata_590.dat
    + 2011-10-03 15:21 . 2011-10-03 16:40 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
    + 2011-10-03 15:21 . 2011-10-03 16:40 328864 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
    "nwiz"="nwiz.exe" [2005-09-18 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 6:17 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 6:17 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110929.001\BHDrvx86.sys [9/29/2011 5:35 PM 816760]
    R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys [5/3/2011 1:42 PM 25032]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 6:17 PM 136312]
    R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [4/3/2011 1:29 PM 1029480]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:16 PM 130008]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/25/2011 9:30 AM 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/25/2011 9:30 AM 126392]
    R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [4/3/2011 1:29 PM 1037672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 2:18 PM 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110930.030\IDSXpx86.sys [10/3/2011 5:10 AM 356280]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/9/2011 12:17 PM 225592]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/26/2011 2:20 PM 74240]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
    S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [4/3/2011 1:29 PM 128248]
    S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [4/3/2011 1:29 PM 108800]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
    .
    2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
    .
    2011-09-30 c:\windows\Tasks\NUSchedule.job
    - c:\program files\Norton Utilities 15\nu.exe [2011-04-03 06:23]
    .
    2011-10-03 c:\windows\Tasks\strvm.job
    - c:\windows\system32\mstext40H.dll [2011-04-01 19:03]
    .
    2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ca.yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-03 15:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\33.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3464)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2011-10-03 16:02:02
    ComboFix-quarantined-files.txt 2011-10-03 20:01
    ComboFix2.txt 2011-10-03 18:06
    ComboFix3.txt 2011-09-29 13:17
    ComboFix4.txt 2011-09-29 04:06
    .
    Pre-Run: 112,331,587,584 bytes free
    Post-Run: 112,315,191,296 bytes free
    .
    - - End Of File - - E1A6A7F6A8F5F973A13F558B30C49A00
  3. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    so far the redirecting is gone ..crossing my fingers .. it looks like i did lose my router.. but it has been so long I don't know where the paper work is.

    I will keep you posted on the redirecting .
    is there more i need to do ?
  4. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Yes, we need to run some more checks.

    Good news though :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    OTL Extras logfile created on: 10/6/2011 10:30:02 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.42 Mb Total Physical Memory | 396.43 Mb Available Physical Memory | 44.32% Memory free
    2.11 Gb Paging File | 1.49 Gb Available in Paging File | 70.42% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.79 Gb Total Space | 97.43 Gb Free Space | 67.29% Space Free | Partition Type: NTFS
    Drive D: | 18.64 Gb Total Space | 12.17 Gb Free Space | 65.28% Space Free | Partition Type: FAT32
    Drive E: | 4.24 Gb Total Space | 1.88 Gb Free Space | 44.41% Space Free | Partition Type: FAT32

    Computer Name: YOUR-24C8796E56 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
    "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
    "{1B17E0F9-8872-4F6D-8429-7CC9ECC27529}" = calibre
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
    "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
    "{D181A318-28DF-4B83-8F13-24C2D0BDA12D}" = Garmin POI Loader
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
    "conduitEngine" = Conduit Engine
    "Freemake Video Converter_is1" = Freemake Video Converter version 2.3.4
    "Google Chrome" = Google Chrome
    "InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
    "KeyScrambler" = KeyScrambler
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "MSNINST" = MSN
    "MyAshampoo Toolbar" = MyAshampoo Toolbar
    "NIS" = Norton Internet Security
    "Norton Utilities 15_is1" = Norton Utilities 15
    "NortonPCCheckup" = Norton PC Checkup
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa 3" = Picasa 3
    "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
    "RealPlayer 6.0" = RealPlayer Basic
    "Searchqu 406 MediaBar" = Windows iLivid Toolbar
    "Trusted Software Assistant_is1" = File Type Assistant
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.7
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "YInstHelper" = Yahoo! Install Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/23/2011 8:53:21 PM | Computer Name = YOUR-24C8796E56 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 8/23/2011 8:53:21 PM | Computer Name = YOUR-24C8796E56 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 8/23/2011 8:53:25 PM | Computer Name = YOUR-24C8796E56 | Source = crypt32 | ID = 131075
    Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: This operation returned because the timeout period expired.

    Error - 8/23/2011 8:53:25 PM | Computer Name = YOUR-24C8796E56 | Source = crypt32 | ID = 131075
    Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The specified server cannot perform the requested operation.

    Error - 8/30/2011 8:00:06 AM | Computer Name = YOUR-24C8796E56 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/30/2011 8:17:26 AM | Computer Name = YOUR-24C8796E56 | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 9/3/2011 6:27:41 PM | Computer Name = YOUR-24C8796E56 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/3/2011 6:27:41 PM | Computer Name = YOUR-24C8796E56 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/3/2011 6:27:41 PM | Computer Name = YOUR-24C8796E56 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/5/2011 8:08:43 AM | Computer Name = YOUR-24C8796E56 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 10/3/2011 11:58:21 AM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error - 10/3/2011 1:27:22 PM | Computer Name = YOUR-24C8796E56 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.103 for the Network Card with network
    address 0040CAB1D7A7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/3/2011 1:29:31 PM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7022
    Description = The Freemake Service service hung on starting.

    Error - 10/3/2011 1:29:32 PM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error - 10/3/2011 1:43:29 PM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7034
    Description = The Freemake Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/4/2011 7:20:35 AM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7022
    Description = The Freemake Service service hung on starting.

    Error - 10/4/2011 7:20:35 AM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error - 10/5/2011 1:12:50 PM | Computer Name = YOUR-24C8796E56 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 10/5/2011 1:16:33 PM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7022
    Description = The Freemake Service service hung on starting.

    Error - 10/5/2011 1:16:33 PM | Computer Name = YOUR-24C8796E56 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE


    < End of report >
  6. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    i hope you got both .. thecomp is running realy slow is this norman right now at this stag
  7. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    i don't see the otl tex i will send again
  8. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    is everything good to go ... redirecting looks to be gone ,,but comp. is really slow takes a long time to load up a page

    thank you for all your help.
  9. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Good news :)
    Sorry for the delay. Email notification missed me somehow.
    Let me take a look at OTL logs....
  10. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    I still need OTL.txt log.
  11. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    OTL logfile created on: 10/6/2011 10:30:02 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.42 Mb Total Physical Memory | 396.43 Mb Available Physical Memory | 44.32% Memory free
    2.11 Gb Paging File | 1.49 Gb Available in Paging File | 70.42% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.79 Gb Total Space | 97.43 Gb Free Space | 67.29% Space Free | Partition Type: NTFS
    Drive D: | 18.64 Gb Total Space | 12.17 Gb Free Space | 65.28% Space Free | Partition Type: FAT32
    Drive E: | 4.24 Gb Total Space | 1.88 Gb Free Space | 44.41% Space Free | Partition Type: FAT32

    Computer Name: YOUR-24C8796E56 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/06 10:25:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2011/09/23 01:45:17 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
    PRC - [2011/08/24 16:32:42 | 000,074,240 | ---- | M] (Freemake) -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    PRC - [2011/08/09 14:06:05 | 001,599,376 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
    PRC - [2011/04/02 19:05:49 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2011/02/10 17:14:25 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2010/11/30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
    PRC - [2010/11/30 02:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
    PRC - [2010/11/30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
    PRC - [2010/11/30 02:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
    PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
    PRC - [2009/03/08 05:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/09/26 12:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
    PRC - [2005/09/14 20:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.exe
    PRC - [2004/11/15 19:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/29 07:39:51 | 001,859,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3e5c07211446b947b1ecb6963946320a\System.Web.Services.ni.dll
    MOD - [2011/09/29 07:39:43 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
    MOD - [2011/09/29 07:39:09 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
    MOD - [2011/09/29 07:38:29 | 002,452,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2f83c7b63b1443a26f40b9f66bec3e2a\Microsoft.JScript.ni.dll
    MOD - [2011/09/29 07:36:45 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\1f12624743789147c54a5c70b34e47b7\System.Configuration.Install.ni.dll
    MOD - [2011/09/29 07:35:46 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b9f7f5b0b28dd57cb5400c437c388545\System.Runtime.DurableInstancing.ni.dll
    MOD - [2011/09/29 07:35:40 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b028b6680f5a3b315320a5bf7b659518\SMDiagnostics.ni.dll
    MOD - [2011/09/29 07:35:36 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ce480f313eb8be9a3a4dd6d7902325\System.Runtime.Serialization.ni.dll
    MOD - [2011/09/29 01:06:44 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
    MOD - [2011/09/29 01:06:19 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
    MOD - [2011/09/29 01:05:55 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
    MOD - [2011/09/29 01:04:40 | 009,085,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
    MOD - [2011/09/29 00:56:46 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
    MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
    SRV - [2011/09/23 01:45:17 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2011/08/24 16:32:42 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
    SRV - [2011/02/10 17:14:25 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2010/11/30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
    SRV - [2010/11/30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
    SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe -- (PCCUJobMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/29 17:35:11 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110929.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/09/14 09:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
    DRV - [2011/09/09 16:44:22 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111005.033\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/09/09 16:44:22 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111005.033\NAVENG.SYS -- (NAVENG)
    DRV - [2011/08/23 00:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111005.031\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/07/27 19:51:59 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/07/27 19:51:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/11 13:40:09 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
    DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/02/10 17:21:26 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2010/11/30 02:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
    DRV - [2010/11/30 02:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymDSMon.sys -- (SymDSMon)
    DRV - [2009/10/07 14:34:30 | 000,025,032 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\nvc\bin\ngs.sys -- (NGS)
    DRV - [2007/05/09 22:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/05/09 22:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2005/09/26 12:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/07/29 14:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/29 14:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2004/11/15 21:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
    DRV - [2004/06/17 11:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2004/06/17 11:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 11:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


    ========== Standard Registry (SafeList) ==========
     
  12. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2475029&SearchSource=13"
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{32587DEF-3E43-4222-9055-A116954D97A5}: C:\Documents and Settings\Owner\Local Settings\Application Data\{32587DEF-3E43-4222-9055-A116954D97A5} [2011/04/01 15:04:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/09/27 13:07:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_2_3 [2011/10/05 13:15:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/08/26 14:20:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/30 09:00:44 | 000,000,000 | ---D | M]

    [2011/08/11 15:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2011/10/03 11:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\extensions
    [2011/08/11 15:57:22 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2011/09/20 13:29:24 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
    [2011/08/26 14:05:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\extensions\engine@conduit.com
    [2011/10/03 11:54:39 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\extensions\keyscrambler@qfx.software.corporation
    [2011/08/29 17:48:18 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\searchplugins\conduit.xml
    [2011/06/07 05:35:24 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\searchplugins\safesearch.xml
    [2011/08/11 15:57:11 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\searchplugins\SearchResults.xml
    [2011/08/11 15:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/06/30 11:10:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/05 13:15:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_2_3
    [2011/09/27 13:07:39 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
    [2011/04/01 15:04:41 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{32587DEF-3E43-4222-9055-A116954D97A5}
    [2011/08/26 14:20:16 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
    [2011/02/11 13:40:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/08/30 09:00:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/08/11 15:57:11 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

    ========== Chrome ==========

    CHR - default_search_provider: Web Search ()
    CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Bandoo = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\

    O1 HOSTS File: ([2011/09/29 09:13:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
    O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
    O4 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297374933125 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{354A64A7-4185-40C3-BF23-E824C5A1252B}: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/12/02 18:35:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/06 10:25:03 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/10/05 11:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
    [2011/10/05 10:10:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/10/03 11:45:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/09/28 15:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
    [2011/09/28 13:36:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/09/28 13:34:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/09/28 13:34:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/09/28 13:34:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/09/28 13:34:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/09/28 13:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/09/28 13:33:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/28 13:32:28 | 004,240,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/09/28 12:53:36 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/09/28 09:50:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/09/27 17:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/27 17:03:47 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/09/27 13:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2011/09/27 11:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/09/27 11:44:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2011/09/26 13:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/09/26 09:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2011/09/26 09:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\thecleaner
    [2011/09/26 09:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Online TV Player 4
    [2011/09/19 10:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\music
    [2011/09/08 00:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/09/08 00:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/06 10:30:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
    [2011/10/06 10:25:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/10/06 10:21:03 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\NUSchedule.job
    [2011/10/06 10:06:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/05 19:06:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/05 14:10:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/10/05 13:19:02 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Yahoo! Canada.url
    [2011/10/05 13:14:35 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/10/05 13:14:21 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\strvm.job
    [2011/10/05 13:14:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/10/05 13:14:04 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/05 11:38:11 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/05 11:02:45 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shaw Webmail.url
    [2011/10/03 13:44:15 | 004,240,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/10/03 11:45:45 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/10/03 04:49:26 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/29 17:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/09/29 09:13:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/09/29 08:18:31 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011/09/29 07:30:43 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/29 01:10:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/09/29 01:03:19 | 000,422,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/09/29 01:03:19 | 000,061,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/09/28 13:36:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/09/28 12:53:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/09/28 09:50:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/09/28 08:01:18 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Intellicast - Sault Ste Marie Weather Report in Michigan (49783).url
    [2011/09/27 17:28:58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cvc7pmoe.exe
    [2011/09/27 17:03:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/26 13:25:36 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/09/26 09:04:45 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\810429tv4-test.jun
    [2011/09/25 23:59:34 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\Cache.db
    [2011/09/22 16:53:00 | 000,011,723 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Understanding the Stack and Tilt Golf Swing eBook.pdf
    [2011/09/20 10:54:46 | 074,054,476 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Archive.zip
    [2011/09/14 09:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
    [2011/09/09 13:23:48 | 000,000,472 | ---- | M] () -- C:\{F730B996-5498-4AB6-9C49-7A75AB67AD8F}
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/29 00:51:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/09/28 13:36:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/09/28 13:36:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/09/28 13:34:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/09/28 13:34:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/09/28 13:34:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/09/28 13:34:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/09/28 13:34:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/09/27 17:28:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cvc7pmoe.exe
    [2011/09/27 17:03:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/26 13:25:36 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/09/26 13:23:43 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/09/26 13:23:39 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2011/09/26 09:04:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\810429tv4-test.jun
    [2011/09/23 09:08:03 | 000,011,723 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Understanding the Stack and Tilt Golf Swing eBook.pdf
    [2011/09/20 11:25:28 | 074,054,476 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Archive.zip
    [2011/09/09 13:23:36 | 000,000,472 | ---- | C] () -- C:\{F730B996-5498-4AB6-9C49-7A75AB67AD8F}
    [2011/08/27 06:20:29 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\netstat.bat
    [2011/05/14 06:41:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2011/04/03 13:29:28 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
    [2011/04/03 10:16:15 | 000,013,034 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12
    [2011/04/03 10:16:15 | 000,013,034 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12
    [2011/04/01 15:04:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lpayo.dat
    [2011/04/01 15:04:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rnizokesikomeje.bin
    [2011/04/01 15:03:12 | 000,090,112 | RHS- | C] () -- C:\WINDOWS\System32\mstext40H.dll
    [2011/03/31 23:05:23 | 000,475,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2876227700-2714291294-179404300-1003-0.dat
    [2011/03/31 23:05:22 | 000,164,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/02/20 17:35:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2011/02/18 17:27:17 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/10 17:57:52 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2011/02/10 17:57:51 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2011/02/10 17:57:51 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2011/02/10 17:57:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2011/02/10 17:57:47 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2011/02/10 17:57:47 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2011/02/10 17:57:47 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2011/02/10 17:57:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2011/02/10 17:57:43 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2011/02/10 17:57:43 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2011/02/10 17:57:41 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2011/02/10 17:47:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2011/02/10 17:20:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/02/10 17:19:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2011/02/10 17:18:56 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2011/02/10 17:18:51 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2011/02/10 17:18:35 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
    [2011/02/10 17:17:27 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
    [2011/02/10 17:06:48 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
    [2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2007/05/09 21:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
    [2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/26 12:12:43 | 000,001,430 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/08/26 12:12:43 | 000,000,490 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/26 12:12:10 | 000,422,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/26 12:12:10 | 000,061,974 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/26 06:54:01 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2011/08/26 14:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
    [2011/09/29 08:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/08/11 15:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2011/09/03 18:16:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/02/22 11:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2011/02/11 02:21:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/06/30 13:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2011/08/26 14:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2011/02/11 01:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kingsoft
    [2011/09/29 08:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/09/26 09:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2011/05/03 13:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norman
    [2011/05/09 12:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
    [2011/10/06 10:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/08/02 14:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/02/11 01:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Kingsoft
    [2011/08/26 14:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
    [2011/02/11 02:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
    [2011/08/11 15:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bandoo
    [2011/07/05 09:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\calibre
    [2011/03/20 15:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
    [2011/02/10 17:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
    [2011/10/06 10:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
    [2011/05/09 12:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QFX Software
    [2011/06/30 13:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RegistryKeys
    [2011/02/11 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2011/08/11 15:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchquband
    [2011/08/11 16:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchqutoolbar
    [2011/02/20 17:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
    [2011/09/26 09:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\thecleaner
    [2011/08/25 09:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
    [2011/10/06 10:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2011/10/06 10:21:03 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\NUSchedule.job
    [2011/10/05 13:14:21 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\strvm.job
    [2011/10/06 10:30:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/02/10 17:19:09 | 000,000,189 | ---- | M] () -- C:\audio.log
    [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/08/25 09:25:04 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/09/28 13:36:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/10/03 16:02:03 | 000,014,430 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/10/05 13:14:04 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
    [2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/02/10 17:21:59 | 000,001,098 | -H-- | M] () -- C:\IPH.PH
    [2011/02/10 17:14:49 | 000,000,086 | ---- | M] () -- C:\lan.log
    [2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/02/10 17:19:57 | 000,000,160 | ---- | M] () -- C:\napster.log
    [2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/02/10 17:00:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/02/10 17:19:37 | 000,000,086 | ---- | M] () -- C:\nvida.log
    [2011/10/05 13:14:03 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
    [2005/06/12 11:34:01 | 000,000,256 | ---- | M] () -- C:\SmartInstaller.log
    [2011/02/10 17:13:44 | 000,000,002 | RHS- | M] () -- C:\USER
    [2011/05/03 15:18:11 | 000,004,152 | ---- | M] () -- C:\{1E04B144-F812-4E5E-BE6C-B0AB87E85A7B}
    [2011/09/05 23:27:57 | 000,000,288 | ---- | M] () -- C:\{2233D9BA-EFCD-4DD0-9D55-2AABCD7D45B1}
    [2011/04/29 12:41:09 | 000,002,336 | ---- | M] () -- C:\{EA876432-8E62-41A8-AF92-6AAC132751B3}
    [2011/09/09 13:23:48 | 000,000,472 | ---- | M] () -- C:\{F730B996-5498-4AB6-9C49-7A75AB67AD8F}
    [2011/08/26 15:16:37 | 000,009,888 | ---- | M] () -- C:\{FBF82BE1-D37D-42FE-AD7E-6E8FE3E54A85}

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/26 14:03:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2010/08/25 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA9.DLL
    [2010/08/25 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA9.DLL

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/10/05 03:51:47 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/02/10 17:03:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2011/09/25 23:59:34 | 000,003,072 | ---- | M] () -- C:\WINDOWS\system32\Cache.db
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/02/10 17:45:03 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/26 14:09:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/28 12:53:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/10/03 13:44:15 | 004,240,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/10/06 10:25:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/09/27 17:28:58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cvc7pmoe.exe
    [2011/02/11 11:40:33 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\My Documents\utorrent.exe
    [2011/02/22 11:40:45 | 005,178,688 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\My Documents\WebUpdater_242.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/10 17:45:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/10/06 10:30:08 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/11 05:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 11:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 11:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 11:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 11:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 11:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 11:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 11:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A96964
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF

    < End of report >
  13. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    6
    quick question: is combofix something i leave on the comp. and run once and awhile?
  14. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
      IE - HKU\S-1-5-21-2876227700-2714291294-179404300-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2011/04/03 10:16:15 | 000,013,034 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12
      [2011/04/03 10:16:15 | 000,013,034 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12
      [2011/04/01 15:04:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lpayo.dat
      [2011/04/01 15:04:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rnizokesikomeje.bin
      [2011/09/29 08:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
      [2011/02/11 02:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
      @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      @Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A96964
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
      @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  15. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    No, Combofix shouldn't be run without supervision.
  16. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    Service gusvc stopped successfully!
    Service gusvc deleted successfully!
    HKU\S-1-5-21-2876227700-2714291294-179404300-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
    C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\002681_.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12 moved successfully.
    C:\Documents and Settings\All Users\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12 moved successfully.
    C:\WINDOWS\Lpayo.dat moved successfully.
    C:\WINDOWS\Rnizokesikomeje.bin moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\lsdb\prev folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\lsdb folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\cfgall folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\Cfg folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\AVG10\cfgall folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\AVG10 folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3A96964 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes
    ->Flash cache emptied: 56502 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 328038 bytes
    ->Java cache emptied: 196293 bytes
    ->Flash cache emptied: 74168 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 15678 bytes

    User: Owner
    ->Temp folder emptied: 16374082 bytes
    ->Temporary Internet Files folder emptied: 12268174 bytes
    ->Java cache emptied: 13149942 bytes
    ->FireFox cache emptied: 6935168 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2152 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 53303 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 5889959 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33234 bytes
    RecycleBin emptied: 1599 bytes

    Total Files Cleaned = 53.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Error: Unable to interpret <[Reboot]•Then click the Run Fix button at the top> in the current context!
    Error: Unable to interpret <•Let the program run unhindered, reboot the PC when it is done> in the current context!

    OTL by OldTimer - Version 3.2.29.1 log created on 10122011_143707

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7FFF.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8011.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8414.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8426.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF852C.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8542.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFF09E.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFF0BB.tmp not found!
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3JDQLV91\component[1].html moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3JDQLV91\topic171347-2[1].html moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_230.dat not found!

    Registry entries deleted on Reboot...
  17. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    Norton Internet Security
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 27
    Out of date Java installed!
    Adobe Flash Player 10.2.159.1
    Adobe Reader 7.0
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````
  18. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    D:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
  19. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  20. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33234 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 389860 bytes
    ->Temporary Internet Files folder emptied: 30147557 bytes
    ->Java cache emptied: 279335 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 700 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 611244 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 418013 bytes

    Total Files Cleaned = 30.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.29.1 log created on 10132011_084956

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF70C3.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7121.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF71B4.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF71C4.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7307.tmp not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7317.tmp not found!
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TZAYH6OD\918[1].htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G13EV9Q1\topic171347-3[1].html moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0AW90PBC\component[1].html moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0AW90PBC\partner[1].htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2bc.dat not found!

    Registry entries deleted on Reboot...
  21. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Whenever ready.
  22. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    ok.. I'm not being redirected which is good ..when I went to startup check list I have some programs that it says to remove .. when i disable them and apply it sats I need an addministators acount which i am ..do I go to norman mode now?

    comp is slow on start up to fiirst page then better
  23. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    I'm not sure what you're saying...

    Do you mean browser?
  24. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    I went to Techspot ..extras..start up list progams .

    ran msconfig.. gave me all my start up.. i checked them against the list and tryied to remove the ones it said were dangerous..
    popup read need an addministrators account to make changes here..which my comp says I am.
    when popup says go back to normal mode all the programs are back in statup .

    when I open internet explorer,or other site from the desktop it takes about a minute to open .. hour glass comes right away disappears and a long while later the page opens. when surfing from site to site pages take a while

    I hope this explains this better

    thank you again for your help
  25. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Why are you playing with "msconfig"?
    "msconfig" should never be used as a startup control.
    Who said that?

    As for your browser?
    Close IE.
    Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same problem?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.