TechSpot

Search engine results redirect

By zobbers
Jan 5, 2011
  1. Title pretty much says it all. Whenever I click a search engine result I get redirected to some spam site, it has also on occassion been redirecting me when I type in the url into the address bar. Help me TechSpot, you're my only hope.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5466

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    1/5/2011 9:33:21 PM
    mbam-log-2011-01-05 (21-33-21).txt

    Scan type: Quick scan
    Objects scanned: 131808
    Time elapsed: 3 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -----------------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-05 21:40:12
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS541010G9AT00 rev.MBZOA60A
    Running: r7ou3ofg.exe; Driver: C:\Users\Zee\AppData\Local\Temp\ufldapog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
    Run by zee at 21:41:23.97 on Wed 01/05/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1549 [GMT -5:00]

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\ctfmon.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Zee\Desktop\the team\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [boincmgr] "d:\program files\boinc\boincmgr.exe" /a /s
    mRun: [boinctray] "d:\program files\boinc\boinctray.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [GrpConv] grpconv -o
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.11.0.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\zee\appdata\roaming\mozilla\firefox\profiles\gdmyvqu7.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

    ============= SERVICES / DRIVERS ===============

    R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-8-29 6637056]
    S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-1-5 42664]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-5 135336]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-5 267944]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-5 61960]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-6-15 6638080]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-23 1343400]

    =============== Created Last 30 ================

    2011-01-06 02:22:40 -------- d-----w- c:\users\zee\appdata\roaming\Avira
    2011-01-06 02:20:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-06 02:20:32 -------- d-----w- c:\program files\Avira
    2011-01-06 02:20:32 -------- d-----w- c:\progra~2\Avira
    2011-01-06 01:34:19 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-01-06 00:57:16 -------- d-----w- c:\users\zee\appdata\local\ElevatedDiagnostics
    2011-01-05 21:45:55 -------- d-----w- c:\users\zee\appdata\roaming\SUPERAntiSpyware.com
    2011-01-05 21:45:55 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
    2011-01-05 21:45:45 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-04 16:45:50 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{81af373d-14dc-4f28-901e-17cf304a257a}\mpengine.dll
    2010-12-15 11:00:52 -------- d-----w- c:\progra~2\F-Secure
    2010-12-15 09:42:15 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-12-14 22:00:15 516096 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-14 22:00:10 2048 ----a-w- c:\windows\system32\tzres.dll

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    ============= FINISH: 21:42:22.00 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/23/2010 3:17:37 PM
    System Uptime: 1/5/2011 9:25:11 PM (0 hours ago)

    Motherboard: Acer | | Grapevine
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U1 | 1662/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 45 GiB total, 13.81 GiB free.
    D: is FIXED (NTFS) - 44 GiB total, 35.058 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd

    ==== System Restore Points ===================

    RP92: 1/4/2011 11:45:17 AM - Windows Update
    RP93: 1/5/2011 7:41:03 PM - Windows Modules Installer

    ==== Installed Programs ======================

    µTorrent
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Avira AntiVir Personal - Free Antivirus
    Character Builder
    Comical 0.8
    Creative Centrale
    Creative Software Update
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    ExtractNow
    GameSpy Arcade
    Google Toolbar for Internet Explorer
    Google Update Helper
    Guild Wars
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 22
    Malwarebytes' Anti-Malware
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox (3.6.13)
    MSVCRT
    Polipo 1.0.4.1
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Skype Toolbars
    Skype™ 4.2
    Star Wars: Knights of the Old Republic
    Steam
    SUPERAntiSpyware
    System Requirements Lab for Intel
    Tor 0.2.1.26
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Vidalia 0.2.10
    VLC media player 1.1.3
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    World Community Grid

    ==== Event Viewer Messages From Past Week ========

    1/5/2011 9:40:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 9:40:23 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 9:26:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/5/2011 9:26:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/5/2011 9:26:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/5/2011 9:26:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/5/2011 9:25:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SASDIFSV SASKUTIL spldr sptd ssmdrv Wanarpv6
    1/5/2011 9:25:19 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    1/5/2011 9:12:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr sptd Wanarpv6
    1/5/2011 8:39:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x85f333a8, 0x85f33514, 0x81e33dd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010511-37580-01.
    1/5/2011 8:25:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x84dc6d40, 0x84dc6eac, 0x81e44dd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010511-30498-01.
    1/5/2011 7:46:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    1/5/2011 7:34:27 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    1/5/2011 7:33:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Planar\zee SID (S-1-5-21-1886019037-689991878-1689539834-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/5/2011 7:25:03 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    1/5/2011 7:23:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 7:13:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/5/2011 7:13:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/5/2011 7:12:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx Wanarpv6 WfpLwf
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 7:12:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 7:09:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    1/5/2011 7:04:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x86c08138, 0x86c082a4, 0x82a32dd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010511-37783-01.
    1/5/2011 6:04:35 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    1/5/2011 1:10:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MUSE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1EFD6DF0-9342-4219-99DB-D99327F7D43C}. The master browser is stopping or an election is being forced.
    1/5/2011 1:04:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/4/2011 10:30:22 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1EFD6DF0-9342-4219-99DB-D99327F7D43C} because another computer on the network has the same name. The server could not start.
    1/1/2011 6:43:31 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    1/1/2011 3:44:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Any particular reason, why all scans were run from Safe Mode?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. zobbers

    zobbers TS Rookie Topic Starter

    I just always run scans in safe mode, is that a bad thing?
    And thank you for the help, it is very much appreciated.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 150):
    0x82851000 \SystemRoot\system32\ntkrnlpa.exe
    0x8281A000 \SystemRoot\system32\halmacpi.dll
    0x80BCE000 \SystemRoot\system32\kdcom.dll
    0x82E30000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x82EA8000 \SystemRoot\system32\PSHED.dll
    0x82EB9000 \SystemRoot\system32\BOOTVID.dll
    0x82EC1000 \SystemRoot\system32\CLFS.SYS
    0x82F03000 \SystemRoot\system32\CI.dll
    0x88619000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8868A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x88698000 \SystemRoot\System32\Drivers\sppo.sys
    0x8878B000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x88794000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x82FAE000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x887BA000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x887C2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x887CD000 \SystemRoot\system32\DRIVERS\pci.sys
    0x88600000 \SystemRoot\System32\drivers\partmgr.sys
    0x88611000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x82E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x82E0B000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x88805000 \SystemRoot\System32\drivers\volmgrx.sys
    0x88850000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x88857000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x88865000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x88893000 \SystemRoot\System32\drivers\mountmgr.sys
    0x888A9000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x888B2000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x888D5000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x888DE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x88912000 \SystemRoot\system32\drivers\fileinfo.sys
    0x88A22000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88B51000 \SystemRoot\System32\Drivers\msrpc.sys
    0x88B7C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x88B8F000 \SystemRoot\System32\Drivers\cng.sys
    0x88BEC000 \SystemRoot\System32\drivers\pcw.sys
    0x88A00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x88923000 \SystemRoot\system32\drivers\ndis.sys
    0x88C0C000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88C4A000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x88C6F000 \SystemRoot\System32\drivers\tcpip.sys
    0x88DB8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88E23000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x88E62000 \SystemRoot\System32\Drivers\spldr.sys
    0x88E6A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x88E97000 \SystemRoot\System32\Drivers\mup.sys
    0x88EA7000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x88EAF000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x88EE1000 \SystemRoot\system32\Drivers\fsbts.sys
    0x88EEA000 \SystemRoot\system32\DRIVERS\disk.sys
    0x88EFB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x88F52000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x88F71000 \SystemRoot\System32\Drivers\Null.SYS
    0x88F78000 \SystemRoot\System32\Drivers\Beep.SYS
    0x88F7F000 \SystemRoot\System32\drivers\vga.sys
    0x88F8B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x88FAC000 \SystemRoot\System32\drivers\watchdog.sys
    0x88FB9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x88FC1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x88FC9000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x88FD1000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x88FDC000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x88E00000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x88E17000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8E408000 \SystemRoot\system32\drivers\afd.sys
    0x8E462000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8E494000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8E49B000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8E4BA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8E4C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8E4DB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8E4EB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x8E50D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x8E513000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8E554000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8E55E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8E568000 \SystemRoot\System32\drivers\discache.sys
    0x8E574000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8E58C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8E59A000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8E5BB000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8E5CD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8FC0C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x90115000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8F632000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x8F66B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x94203000 \SystemRoot\system32\DRIVERS\NETwLv32.sys
    0x94862000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x9486D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x948B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x948C7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0x948D8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x948DC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x948F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x94901000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x9490E000 \SystemRoot\System32\Drivers\atmvl4po.SYS
    0x94947000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x94954000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x94966000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9497E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x94989000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x949AB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x949C3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x949DA000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x949F1000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8F68A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8F6BE000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8F6CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8F710000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8F721000 \SystemRoot\system32\drivers\HdAudio.sys
    0x8F771000 \SystemRoot\system32\drivers\portcls.sys
    0x8F7A0000 \SystemRoot\system32\drivers\drmk.sys
    0x8F7B9000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
    0x95403000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    0x95505000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    0x955BA000 \SystemRoot\system32\drivers\modem.sys
    0x95920000 \SystemRoot\System32\win32k.sys
    0x955C7000 \SystemRoot\System32\drivers\Dxapi.sys
    0x955D1000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x955DC000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x955E9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x955F4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x8F600000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x95B80000 \SystemRoot\System32\TSDDD.dll
    0x95BB0000 \SystemRoot\System32\cdd.dll
    0x8F611000 \SystemRoot\system32\drivers\luafv.sys
    0x901CC000 \SystemRoot\system32\drivers\WudfPf.sys
    0x901E6000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x97204000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9724A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9725A000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9726D000 \SystemRoot\system32\drivers\HTTP.sys
    0x972F2000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9730B000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9731D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x97340000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9737B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xAB80F000 \SystemRoot\system32\drivers\peauth.sys
    0xAB8A6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAB8B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xAB8D1000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAB8DE000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xAB92D000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAB97E000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xAB9A8000 \SystemRoot\system32\DRIVERS\tmcomm.sys
    0x77550000 \Windows\System32\ntdll.dll
    0x47640000 \Windows\System32\smss.exe
    0x77790000 \Windows\System32\apisetschema.dll
    0x004F0000 \Windows\System32\autochk.exe
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 72):
    0 System Idle Process
    4 System
    236 C:\Windows\System32\smss.exe
    324 csrss.exe
    364 csrss.exe
    372 C:\Windows\System32\wininit.exe
    424 C:\Windows\System32\services.exe
    456 C:\Windows\System32\winlogon.exe
    468 C:\Windows\System32\lsass.exe
    476 C:\Windows\System32\lsm.exe
    600 C:\Windows\System32\svchost.exe
    680 C:\Windows\System32\svchost.exe
    744 C:\Windows\System32\svchost.exe
    812 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1340 C:\Windows\System32\spoolsv.exe
    1392 C:\Windows\System32\svchost.exe
    1476 C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    1532 C:\Windows\System32\svchost.exe
    1592 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    1740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    1996 C:\Windows\System32\svchost.exe
    212 C:\Windows\System32\svchost.exe
    1912 C:\Windows\System32\svchost.exe
    912 C:\Program Files\Windows Media Player\wmpnetwk.exe
    616 C:\Windows\System32\SearchIndexer.exe
    2172 C:\Windows\System32\SearchProtocolHost.exe
    2656 C:\Windows\System32\taskhost.exe
    2728 C:\Windows\System32\dwm.exe
    2764 C:\Windows\explorer.exe
    3060 C:\Windows\System32\igfxtray.exe
    3068 C:\Windows\System32\hkcmd.exe
    3076 C:\Windows\System32\igfxpers.exe
    3140 C:\Windows\System32\igfxsrvc.exe
    3148 D:\Program Files\BOINC\boincmgr.exe
    3172 D:\Program Files\BOINC\boinctray.exe
    3256 C:\Windows\System32\audiodg.exe
    3356 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3364 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3372 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3380 C:\Program Files\Creative\Software Update 3\SoftAuto.exe
    3396 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    3448 D:\Program Files\Steam\Steam.exe
    3544 D:\Program Files\BOINC\boinc.exe
    3552 C:\Windows\System32\conhost.exe
    3804 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    2392 C:\Windows\System32\svchost.exe
    2836 C:\Program Files\Common Files\Steam\SteamService.exe
    3328 C:\Program Files\Skype\Phone\Skype.exe
    1944 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    1528 dllhost.exe
    4220 D:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_c4cw_lmps_6.14_windows_intelx86
    4228 D:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_c4cw_lmps_6.14_windows_intelx86
    4236 C:\Windows\System32\conhost.exe
    4252 C:\Windows\System32\conhost.exe
    5032 C:\Users\Zee\AppData\Local\Temp\HouseCall\housecall.bin
    5956 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    2060 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    5256 C:\Program Files\Internet Explorer\iexplore.exe
    5476 C:\Program Files\Internet Explorer\iexplore.exe
    5564 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    5636 C:\Program Files\Windows Live\Companion\companionuser.exe
    4108 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    5448 C:\Program Files\Internet Explorer\iexplore.exe
    1044 C:\Windows\System32\SearchFilterHost.exe
    4296 C:\Program Files\Internet Explorer\iexplore.exe
    5328 C:\Windows\System32\taskeng.exe
    5376 C:\Users\Zee\Desktop\MBRCheck.exe
    3188 C:\Windows\System32\conhost.exe
    2080 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x0000000c`1223be00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`f98bf800 (NTFS)

    PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    ComboFix 11-01-05.02 - Zee 01/06/2011 1:02.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1032 [GMT -5:00]
    Running from: c:\users\Zee\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\install.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    Infected copy of c:\windows\System32\wininit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
    .

    2011-01-06 05:58 . 2011-01-06 05:59 -------- d-----w- C:\32788R22FWJFW
    2011-01-06 04:06 . 2011-01-06 04:06 -------- d-----w- C:\avrescue
    2011-01-06 01:34 . 2011-01-06 01:34 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-01-06 00:57 . 2011-01-06 00:57 -------- d-----w- c:\users\Zee\AppData\Local\ElevatedDiagnostics
    2011-01-05 21:45 . 2011-01-05 21:45 -------- d-----w- c:\users\Zee\AppData\Roaming\SUPERAntiSpyware.com
    2011-01-05 21:45 . 2011-01-05 21:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-01-05 21:45 . 2011-01-05 21:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-04 16:45 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81AF373D-14DC-4F28-901E-17CF304A257A}\mpengine.dll
    2010-12-15 11:00 . 2010-12-15 11:00 -------- d-----w- c:\programdata\F-Secure
    2010-12-14 22:00 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-14 22:00 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2010-08-23 19:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-08-23 19:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-01 02:12 . 2010-11-01 02:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-10-19 15:41 . 2010-08-23 19:34 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-23 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Steam"="d:\program files\Steam\Steam.exe" [2010-12-29 1242448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "boincmgr"="d:\program files\BOINC\boincmgr.exe" [2010-09-23 4543232]
    "boinctray"="d:\program files\BOINC\boinctray.exe" [2010-09-23 58112]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
    R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-05-31 6638080]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-23 1343400]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-01-06 42664]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-01 691696]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 19:40]

    2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 19:40]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Zee\AppData\Roaming\Mozilla\Firefox\Profiles\gdmyvqu7.default\
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Creative\Shared Files\CTDevSrv.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-06 01:13:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-06 06:13

    Pre-Run: 15,531,405,312 bytes free
    Post-Run: 15,487,635,456 bytes free

    - - End Of File - - 589802F40F119DACAA604C42D2AE32B0
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Unless there are some special circumstances, all scan should be run form normal mode.

    Combofix log looks good.

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    explorer.exe
    wininit.exe
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. zobbers

    zobbers TS Rookie Topic Starter

    Alrighty then, I'll be sure to scan in normal from now on.
    Redirect seems to be gone :D





    OTL Extras logfile created on: 1/7/2011 3:39:00 AM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Zee\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 44.87 Gb Total Space | 14.30 Gb Free Space | 31.86% Space Free | Partition Type: NTFS
    Drive D: | 44.38 Gb Total Space | 35.11 Gb Free Space | 79.10% Space Free | Partition Type: NTFS

    Computer Name: PLANAR | User Name: Zee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1AA901AC-7B46-4EFD-B0DD-4970A99D0D0A}" = System Requirements Lab for Intel
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
    "{31B25CCC-C459-4A7B-8059-0D9913D4FAA1}" = World Community Grid
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Comical_is1" = Comical 0.8
    "Creative Centrale" = Creative Centrale
    "ExtractNow_is1" = ExtractNow
    "GameSpy Arcade" = GameSpy Arcade
    "Guild Wars" = Guild Wars
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Polipo" = Polipo 1.0.4.1
    "Steam App 32370" = Star Wars: Knights of the Old Republic
    "Tor" = Tor 0.2.1.26
    "uTorrent" = µTorrent
    "Vidalia" = Vidalia 0.2.10
    "VLC media player" = VLC media player 1.1.3
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/20/2010 1:48:04 PM | Computer Name = Planar | Source = System Restore | ID = 8193
    Description =

    Error - 12/25/2010 4:51:48 AM | Computer Name = Planar | Source = Application Error | ID = 1000
    Description = Faulting application name: vlc.exe, version: 1.1.3.0, time stamp:
    0x4c6c2da5 Faulting module name: vlc.exe, version: 1.1.3.0, time stamp: 0x4c6c2da5
    Exception
    code: 0xc0000005 Fault offset: 0x000016e8 Faulting process id: 0xcf0 Faulting application
    start time: 0x01cba40d5a6d86f2 Faulting application path: C:\Program Files\VideoLAN\VLC\vlc.exe
    Faulting
    module path: C:\Program Files\VideoLAN\VLC\vlc.exe Report Id: 352e4e59-1004-11e0-9964-000fb0f2269b

    Error - 12/28/2010 5:58:37 PM | Computer Name = Planar | Source = Application Error | ID = 1000
    Description = Faulting application name: vlc.exe, version: 1.1.3.0, time stamp:
    0x4c6c2da5 Faulting module name: vlc.exe, version: 1.1.3.0, time stamp: 0x4c6c2da5
    Exception
    code: 0xc0000005 Fault offset: 0x00001749 Faulting process id: 0x10c0 Faulting application
    start time: 0x01cba6c83d6af475 Faulting application path: C:\Program Files\VideoLAN\VLC\vlc.exe
    Faulting
    module path: C:\Program Files\VideoLAN\VLC\vlc.exe Report Id: 9f280cc4-12cd-11e0-8fea-000fb0f2269b

    Error - 12/30/2010 3:34:44 AM | Computer Name = Planar | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: f00 Start
    Time: 01cba66051a073c5 Termination Time: 63 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 40ca6b1a-13e7-11e0-8fea-000fb0f2269b

    Error - 12/30/2010 3:44:55 AM | Computer Name = Planar | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a4c Start
    Time: 01cba7f40fc33d6c Termination Time: 172 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: aeed7f02-13e8-11e0-8fea-000fb0f2269b

    Error - 1/5/2011 10:37:38 PM | Computer Name = Planar | Source = PerfNet | ID = 2004
    Description =

    Error - 1/5/2011 10:55:46 PM | Computer Name = Planar | Source = System Restore | ID = 8193
    Description =

    Error - 1/5/2011 10:55:51 PM | Computer Name = Planar | Source = System Restore | ID = 8193
    Description =

    Error - 1/6/2011 12:07:28 AM | Computer Name = Planar | Source = VSS | ID = 12310
    Description =

    Error - 1/6/2011 12:12:02 AM | Computer Name = Planar | Source = Application Hang | ID = 1002
    Description = The program avscan.exe version 10.0.3.5 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 1734 Start Time:
    01cbad56c56bf830 Termination Time: 2558 Application Path: C:\Program Files\Avira\AntiVir
    Desktop\avscan.exe Report Id: 180938bc-194b-11e0-9e87-000fb0f2269b

    [ System Events ]
    Error - 1/6/2011 2:02:00 AM | Computer Name = Planar | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/6/2011 2:07:34 AM | Computer Name = Planar | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/6/2011 2:09:17 AM | Computer Name = Planar | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:08:15 AM on ?1/?6/?2011 was unexpected.

    Error - 1/6/2011 7:06:38 AM | Computer Name = Planar | Source = Microsoft-Windows-HAL | ID = 12
    Description = The platform firmware has corrupted memory across the previous system
    power transition. Please check for updated firmware for your system.

    Error - 1/6/2011 1:06:39 PM | Computer Name = Planar | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Netman service.

    Error - 1/6/2011 2:47:53 PM | Computer Name = Planar | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Netman service.

    Error - 1/6/2011 4:04:03 PM | Computer Name = Planar | Source = bowser | ID = 8003
    Description =

    Error - 1/6/2011 5:21:22 PM | Computer Name = Planar | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 1/6/2011 5:45:22 PM | Computer Name = Planar | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 1/6/2011 6:16:37 PM | Computer Name = Planar | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.


    < End of report >
     
  6. zobbers

    zobbers TS Rookie Topic Starter

    OTL logfile created on: 1/7/2011 3:39:00 AM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Zee\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 44.87 Gb Total Space | 14.30 Gb Free Space | 31.86% Space Free | Partition Type: NTFS
    Drive D: | 44.38 Gb Total Space | 35.11 Gb Free Space | 79.10% Space Free | Partition Type: NTFS

    Computer Name: PLANAR | User Name: Zee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/07 03:37:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zee\Desktop\OTL.exe
    PRC - [2010/08/23 14:40:41 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/07 03:37:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zee\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/28 23:12:37 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/08/23 16:02:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2008/05/21 06:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
    SRV - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Zee\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2011/01/05 20:34:19 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
    DRV - [2010/10/31 21:12:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/08/16 09:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
    DRV - [2010/05/31 13:58:33 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
    DRV - [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
    DRV - [2009/07/13 17:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 17:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E DA B8 A5 6A AD CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 19:35:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/05 19:35:35 | 000,000,000 | ---D | M]

    [2010/10/05 21:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zee\AppData\Roaming\Mozilla\Extensions
    [2010/09/22 01:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zee\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/01/04 02:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zee\AppData\Roaming\Mozilla\Firefox\Profiles\gdmyvqu7.default\extensions
    [2010/10/13 02:18:31 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Zee\AppData\Roaming\Mozilla\Firefox\Profiles\gdmyvqu7.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
    [2010/11/22 15:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/22 15:29:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/22 15:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/01/06 01:09:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [boincmgr] D:\Program Files\BOINC\boincmgr.exe (World Community Grid)
    O4 - HKLM..\Run: [boinctray] D:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.11.0.cab (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/07 03:37:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zee\Desktop\OTL.exe
    [2011/01/06 01:09:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/06 01:07:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/01/06 01:07:43 | 000,000,000 | ---D | C] -- C:\Users\Zee\AppData\Local\temp
    [2011/01/06 00:59:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/06 00:59:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/06 00:59:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/06 00:59:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/06 00:58:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/06 00:58:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/06 00:58:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/01/05 23:06:26 | 000,000,000 | ---D | C] -- C:\avrescue
    [2011/01/05 21:10:54 | 000,000,000 | ---D | C] -- C:\Users\Zee\Desktop\the team
    [2011/01/05 19:57:16 | 000,000,000 | ---D | C] -- C:\Users\Zee\AppData\Local\ElevatedDiagnostics
    [2011/01/05 19:56:51 | 112,748,400 | ---- | C] (F-Secure Corporation) -- C:\Users\Zee\Desktop\fseasyclean.exe
    [2011/01/05 18:54:55 | 001,912,872 | ---- | C] (Trend Micro Inc.) -- C:\Users\Zee\Desktop\HousecallLauncher.exe
    [2011/01/05 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Zee\AppData\Roaming\SUPERAntiSpyware.com
    [2011/01/05 16:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/01/05 16:45:48 | 000,000,000 | ---D | C] -- C:\Users\Zee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/01/05 16:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/12/28 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\Zee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2010/12/28 23:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2010/12/16 11:56:51 | 000,000,000 | ---D | C] -- C:\Users\Zee\Desktop\BLF
    [2010/12/15 06:10:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/12/15 06:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2010/12/15 03:19:45 | 000,000,000 | ---D | C] -- C:\Users\Zee\Desktop\IMG
    [2010/12/11 01:31:15 | 000,000,000 | ---D | C] -- C:\Users\Zee\Desktop\RANDS1
    [2010/12/11 01:30:09 | 000,000,000 | ---D | C] -- C:\Users\Zee\Desktop\FoM

    ========== Files - Modified Within 30 Days ==========

    [2011/01/07 03:37:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zee\Desktop\OTL.exe
    [2011/01/07 03:37:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/07 03:31:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/07 03:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/06 01:17:29 | 000,019,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/06 01:17:29 | 000,019,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/06 01:09:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/06 01:09:04 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/06 00:58:08 | 004,148,858 | R--- | M] () -- C:\Users\Zee\Desktop\ComboFix.exe
    [2011/01/06 00:54:38 | 000,080,384 | ---- | M] () -- C:\Users\Zee\Desktop\MBRCheck.exe
    [2011/01/05 20:34:19 | 000,042,664 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
    [2011/01/05 19:56:55 | 112,748,400 | ---- | M] (F-Secure Corporation) -- C:\Users\Zee\Desktop\fseasyclean.exe
    [2011/01/05 18:55:22 | 001,912,872 | ---- | M] (Trend Micro Inc.) -- C:\Users\Zee\Desktop\HousecallLauncher.exe
    [2011/01/05 16:45:48 | 000,001,961 | ---- | M] () -- C:\Users\Zee\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/05 06:41:20 | 000,041,438 | ---- | M] () -- C:\Users\Zee\Desktop\zeke.docx
    [2011/01/05 02:27:16 | 000,021,327 | ---- | M] () -- C:\Users\Zee\Desktop\louetta.docx
    [2010/12/29 00:55:37 | 000,014,103 | ---- | M] () -- C:\Users\Zee\Desktop\Card Worths.xlsx
    [2010/12/28 23:18:35 | 000,000,215 | ---- | M] () -- C:\Users\Zee\Desktop\Star Wars Knights of the Old Republic.url
    [2010/12/28 23:13:50 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/18 22:13:01 | 000,000,162 | -H-- | M] () -- C:\Users\Zee\Desktop\~$sponse.docx
    [2010/12/15 05:10:22 | 000,408,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/15 04:42:04 | 000,000,036 | ---- | M] () -- C:\Users\Zee\AppData\Local\housecall.guid.cache
    [2010/12/11 02:15:30 | 001,037,993 | ---- | M] () -- C:\Users\Zee\Desktop\Abstract_dudeguy_png.png
    [2010/12/11 01:33:24 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/11 01:33:24 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2011/01/06 00:59:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/06 00:59:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/06 00:59:52 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/06 00:59:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/06 00:59:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/06 00:55:56 | 004,148,858 | R--- | C] () -- C:\Users\Zee\Desktop\ComboFix.exe
    [2011/01/06 00:54:34 | 000,080,384 | ---- | C] () -- C:\Users\Zee\Desktop\MBRCheck.exe
    [2011/01/05 20:34:19 | 000,042,664 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
    [2011/01/05 16:45:48 | 000,001,961 | ---- | C] () -- C:\Users\Zee\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/04 02:32:07 | 000,021,327 | ---- | C] () -- C:\Users\Zee\Desktop\louetta.docx
    [2010/12/28 23:18:35 | 000,000,215 | ---- | C] () -- C:\Users\Zee\Desktop\Star Wars Knights of the Old Republic.url
    [2010/12/28 23:08:18 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2010/12/28 18:50:50 | 000,014,103 | ---- | C] () -- C:\Users\Zee\Desktop\Card Worths.xlsx
    [2010/12/18 22:13:01 | 000,000,162 | -H-- | C] () -- C:\Users\Zee\Desktop\~$sponse.docx
    [2010/12/18 15:44:25 | 000,041,438 | ---- | C] () -- C:\Users\Zee\Desktop\zeke.docx
    [2010/12/15 04:42:04 | 000,000,036 | ---- | C] () -- C:\Users\Zee\AppData\Local\housecall.guid.cache
    [2010/12/11 02:15:17 | 001,037,993 | ---- | C] () -- C:\Users\Zee\Desktop\Abstract_dudeguy_png.png
    [2010/10/31 22:11:50 | 000,000,004 | ---- | C] () -- C:\Users\Zee\AppData\Roaming\vfzwln.dat
    [2010/10/31 21:12:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2010/10/22 08:21:52 | 000,010,240 | ---- | C] () -- C:\Users\Zee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/23 16:26:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/09/09 14:33:44 | 000,000,000 | ---D | M] -- C:\Users\Zee\AppData\Roaming\Chime
    [2010/10/31 21:18:47 | 000,000,000 | ---D | M] -- C:\Users\Zee\AppData\Roaming\DAEMON Tools Lite
    [2011/01/05 18:02:54 | 000,000,000 | ---D | M] -- C:\Users\Zee\AppData\Roaming\uTorrent
    [2009/07/13 23:53:46 | 000,014,164 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/08/23 18:05:55 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/01/06 01:13:22 | 000,009,167 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/01/06 01:09:04 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/23 14:17:34 | 000,206,312 | RHS- | M] () -- C:\KCOUG
    [2010/11/22 15:43:41 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2011/01/06 01:09:05 | 2137,120,768 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/23 14:17:34 | 000,000,009 | RHS- | M] () -- C:\wedaolu

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 20:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPWN7.DLL
    [2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 18:59:38 | 000,484,096 | ---- | M] (World Community Grid) -- C:\Windows\boinc.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/08/23 14:24:59 | 000,000,221 | -HS- | M] () -- C:\Users\Zee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/06 00:58:08 | 004,148,858 | R--- | M] () -- C:\Users\Zee\Desktop\ComboFix.exe
    [2011/01/05 19:56:55 | 112,748,400 | ---- | M] (F-Secure Corporation) -- C:\Users\Zee\Desktop\fseasyclean.exe
    [2011/01/05 18:55:22 | 001,912,872 | ---- | M] (Trend Micro Inc.) -- C:\Users\Zee\Desktop\HousecallLauncher.exe
    [2011/01/06 00:54:38 | 000,080,384 | ---- | M] () -- C:\Users\Zee\Desktop\MBRCheck.exe
    [2011/01/07 03:37:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zee\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/23 16:16:09 | 000,000,402 | -HS- | M] () -- C:\Users\Zee\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: EXPLORER.EXE >
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\ERDNT\cache\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
     
  7. zobbers

    zobbers TS Rookie Topic Starter

    < MD5 for: WININIT.EXE >
    [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
    [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
    [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < End of report >
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good news :)

    Now, I don't see any AV program running.
    Install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    Update it, run full scan, report on any findings.

    =====================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Are you still out there?
     
  10. zobbers

    zobbers TS Rookie Topic Starter

    Sorry about that, and again thank you very much for your help.

    Ran avast, it didn't find anything.
    -----------------------------------------
    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Zee
    ->Temp folder emptied: 6266512 bytes
    ->Temporary Internet Files folder emptied: 101793819 bytes
    ->Java cache emptied: 3680932 bytes
    ->FireFox cache emptied: 3064766 bytes
    ->Flash cache emptied: 7110 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6784577 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 116.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Zee
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01132011_031114

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF3E51951A92607520.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF424457C483A2AA9C.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF802E0B4A158664CA.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DFB5F061AF17AB5060.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DFC63DECF8E6EBF85C.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DFC6F571ADFB68A821.TMP not found!
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY54SUNB\crosspixel-dest[1].htm moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    ----------------------------------------------------------------------------------

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.82.76
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ``````````End of Log````````````


    C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EQ trojan
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Users\Public\Documents\Server\hlp.dat
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  12. zobbers

    zobbers TS Rookie Topic Starter

    Thank you again for you help, you're awesome.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Users\Public\Documents\Server\hlp.dat moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Zee
    ->Temp folder emptied: 2068202 bytes
    ->Temporary Internet Files folder emptied: 47111834 bytes
    ->Java cache emptied: 1671603 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 3182 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 69959 bytes
    RecycleBin emptied: 233322592 bytes

    Total Files Cleaned = 271.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Zee
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01142011_014258

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Zee\AppData\Local\Temp\hsperfdata_Zee\2580 not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF11DF839B500404FC.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF1F30E562D9D37C88.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF233A7ECD99909FBF.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF269CBE150CDD09D2.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF2BD31CA270007E61.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF34B5BDFC0BB2985A.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF5808E43A98D9982F.TMP not found!
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJZCB28L\listen_grooveshark_com[1].htm moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJZCB28L\xd_proxy[1].htm moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTZMXDI1\sidebar[3].htm moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ563T59\pixels[1].htm moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ563T59\sidebar[1].htm moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Z85YRDN\empty[1].htm moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Zee
    ->Temp folder emptied: 304976 bytes
    ->Temporary Internet Files folder emptied: 1876077 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 65907 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 2.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Zee
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.20.1 log created on 01142011_015147

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF23E6C6FB6EBD8AE4.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF41AF222FF9C198C8.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF8AFB79AEBB4972B7.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DF9539F977281A5A10.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DFB1C4DD1A2CDD16D8.TMP not found!
    File\Folder C:\Users\Zee\AppData\Local\Temp\~DFBDA9958206E9179D.TMP not found!
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4U7YMYV\topic159222[1].html moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38LAFGO3\sh30[1].html moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HWLDUWY\ads[1].htm moved successfully.
    C:\Users\Zee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HWLDUWY\crosspixel-dest[1].htm moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...