Solved Spyware download fail

[samsont1]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4653

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/6/2010 8:11:59 PM
mbam-log-2010-10-06 (20-11-59).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 286122
Time elapsed: 55 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

 

[samsont1]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 88):
0x01E02000 \SystemRoot\system32\ntoskrnl.exe
0x023DE000 \SystemRoot\system32\hal.dll
0x01D25000 \SystemRoot\system32\kdcom.dll
0x00C2E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C72000 \SystemRoot\system32\PSHED.dll
0x00C86000 \SystemRoot\system32\CLFS.SYS
0x00CE4000 \SystemRoot\system32\CI.dll
0x00EF6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA9000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E71000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E7D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E92000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DA4000 \SystemRoot\System32\drivers\mountmgr.sys
0x01016000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01132000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0113D000 \SystemRoot\system32\drivers\fltmgr.sys
0x01189000 \SystemRoot\system32\drivers\fileinfo.sys
0x0135A000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0145C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01366000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C0000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x017B2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01273000 \SystemRoot\System32\drivers\rdyboost.sys
0x01693000 \SystemRoot\System32\Drivers\mup.sys
0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x013C4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01435000 \SystemRoot\system32\DRIVERS\disk.sys
0x0119D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x027E8000 \SystemRoot\System32\Drivers\Null.SYS
0x027F1000 \SystemRoot\System32\Drivers\Beep.SYS
0x02600000 \SystemRoot\System32\drivers\vga.sys
0x0260E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02633000 \SystemRoot\System32\drivers\watchdog.sys
0x02643000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0264E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0265F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x012AD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0266C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0267D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x01303000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00DBE000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x026A1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0144B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01321000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x026B0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x011CD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011DE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0134B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01000000 \SystemRoot\system32\DRIVERS\termdd.sys
0x027F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02827000 \SystemRoot\system32\DRIVERS\ks.sys
0x0286A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0287C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x028D6000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x02910000 \SystemRoot\System32\Drivers\USBD.SYS
0x02912000 \SystemRoot\System32\Drivers\crashdmp.sys
0x026B9000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02920000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02933000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x02950000 \SystemRoot\System32\drivers\Dxapi.sys
0x00580000 \SystemRoot\System32\drivers\dxg.sys
0x006E0000 \SystemRoot\System32\TSDDD.dll
0x00970000 \SystemRoot\System32\framebuf.dll
0x0295C000 \SystemRoot\system32\drivers\WudfPf.sys
0x77600000 \Windows\System32\ntdll.dll
0x47D70000 \Windows\System32\smss.exe
0xFF920000 \Windows\System32\apisetschema.dll
0x777E0000 \Windows\SysWOW64\ntdll.dll
0x775C0000 \Windows\System32\wow64.dll
0x77560000 \Windows\System32\wow64win.dll
0x777D0000 \Windows\System32\wow64cpu.dll
0x77440000 \Windows\System32\kernel32.dll
0x77460000 \Windows\SysWOW64\kernel32.dll
0x77320000 \Windows\System32\kernel32.dll

Processes (total 25):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
376 csrss.exe
412 C:\Windows\System32\wininit.exe
428 csrss.exe
484 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
532 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\svchost.exe
768 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
872 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
108 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
304 C:\Windows\System32\svchost.exe
1140 C:\Windows\explorer.exe
1204 C:\Windows\System32\ctfmon.exe
1468 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1600 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1996 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1080 C:\Users\Samson\Downloads\MBRCheck.exe
1128 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-75A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

[Broni]

Looks good now

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

 

[samsont1]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/24/2010 at 05:06 PM

Application Version : 4.44.1000

Core Rules Database Version : 5743
Trace Rules Database Version: 3555

Scan type : Complete Scan
Total Scan Time : 00:32:41

Memory items scanned : 350
Memory threats detected : 0
Registry items scanned : 15022
Registry threats detected : 0
File items scanned : 35654
File threats detected : 168

Adware.Tracking Cookie
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@user.lucidmedia[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@www.burstnet[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@ar.atwola[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@invitemedia[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@adbrite[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@dc.tremormedia[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@tacoda[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@atwola[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@at.atwola[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@insightexpressai[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@mediatakeout[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@ru4[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@tacoda[3].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@fastclick[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@adxpose[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@ad.yieldmanager[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@ads.pointroll[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@doubleclick[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@bs.serving-sys[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@zedo[3].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@media6degrees[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@apmebf[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@mediaplex[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@advertising[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@ar.atwola[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@yieldmanager[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@citi.bridgetrack[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@revsci[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@pointroll[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@questionmarket[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@casalemedia[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@imrworldwide[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@zedo[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@serving-sys[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@adserver.adtechus[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@collective-media[2].txt
www.extreme-animalsex.nl [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.extreme-animalsex.nl [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.extreme-animalsex.nl [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.extreme-animalsex.nl [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.shocking-animalsex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.shocking-animalsex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
dutch.extreme-animalsex.nl [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.shocking-animalsex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.shocking-animalsex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
gotacha.rotator.hadj7.adjuggler.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rts.pgmediaserve.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bravenet.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.sexynaked.org [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.richmedia.yahoo.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
clickthrough.wegcash.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
clickthrough.wegcash.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
login.tracking101.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
login.tracking101.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.sexuality.about.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.webbranddeals.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.webbranddeals.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.webbranddeals.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.entrepreneur.122.2o7.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atlas.entrepreneur.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
counter.surfcounters.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickboothlnk.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
publishers.clickbooth.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
publishers.clickbooth.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediatakeout.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediatakeout.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edgeadx.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mto.mediatakeout.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mto.mediatakeout.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediatakeout.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediatakeout.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.examinercom.122.2o7.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
googleads.g.doubleclick.net [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Samson\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
a.ads2.msads.net [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
ads2.msads.net [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
adsatt.espn.go.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
b.ads2.msads.net [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
content.oddcast.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
core.insightexpressai.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
media.mtvnservices.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
media.scanscout.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
s0.2mdn.net [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
secure-us.imrworldwide.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
serving-sys.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
video.redorbit.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
www.mofosex.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
www.naiadsystems.com [ C:\Users\Samson\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB9YCTK4 ]
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@ar.atwola[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@tacoda[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@at.atwola[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@bs.serving-sys[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@serving-sys[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@atdmt[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@advertising[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\Low\samson@atwola[2].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@atwola[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@doubleclick[1].txt
C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Cookies\samson@advertising[1].txt

 

[Broni]

It looks like email notification missed me.
I apologize for the delay

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[samsont1]

OTL logfile created on: 11/4/2010 7:15:20 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Samson\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 392.37 Gb Free Space | 86.98% Space Free | Partition Type: NTFS

Computer Name: SAMSON-PC | User Name: Samson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 19:08:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Samson\Downloads\OTL.exe
PRC - [2010/10/28 15:42:49 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 15:42:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/28 12:28:32 | 019,071,672 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/10/08 10:01:14 | 000,086,184 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
PRC - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2010/10/05 15:30:15 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/08/24 00:14:28 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/04/13 18:48:15 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/04/04 11:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/04/04 11:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/03/31 12:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/25 18:08:06 | 001,573,376 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/13 18:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 19:08:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Samson\Downloads\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/31 20:32:58 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/05/31 20:32:58 | 000,199,032 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/05/31 20:32:58 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 09:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 06:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2010/10/05 15:30:15 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/13 18:48:15 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/02/25 07:39:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/02/11 07:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/31 20:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/05/31 20:32:58 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/05/31 20:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/09/23 16:04:52 | 000,025,944 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 07:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/24 22:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/23 16:04:42 | 000,261,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 16:04:42 | 000,017,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 16:04:38 | 000,712,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Lockerz Share Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2582800&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Lockerz Share Customized Web Search"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {02549309-0dbb-41e7-8366-768cfe100341}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {c5c721ec-8b71-4bbd-bcb4-907bf4240597}:2.7.1.3
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 15:42:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 15:42:52 | 000,000,000 | ---D | M]

[2010/06/15 23:29:03 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\Mozilla\Extensions
[2010/11/04 00:08:48 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\Mozilla\Firefox\Profiles\gp56kfnj.default\extensions
[2010/06/17 19:56:07 | 000,000,000 | ---D | M] (Lockerz-Checkerz Toolbar) -- C:\Users\Samson\AppData\Roaming\Mozilla\Firefox\Profiles\gp56kfnj.default\extensions\{02549309-0dbb-41e7-8366-768cfe100341}
[2010/06/17 23:40:28 | 000,000,000 | ---D | M] (Lockerz Share Toolbar) -- C:\Users\Samson\AppData\Roaming\Mozilla\Firefox\Profiles\gp56kfnj.default\extensions\{c5c721ec-8b71-4bbd-bcb4-907bf4240597}
[2010/06/15 23:37:20 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\Mozilla\Firefox\Profiles\gp56kfnj.default\extensions\autofillForms@blueimp.net
[2010/10/26 23:34:15 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\Mozilla\Firefox\Profiles\gp56kfnj.default\extensions\vshare@toolbar
[2010/06/08 11:40:52 | 000,000,929 | ---- | M] () -- C:\Users\Samson\AppData\Roaming\Mozilla\Firefox\Profiles\gp56kfnj.default\searchplugins\conduit.xml
[2010/06/15 23:28:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100812041229.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100812041229.dll (McAfee, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [MyCleanPC Registry Cleaner] c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe File not found
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Samson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 19:10:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/01 19:33:09 | 000,000,000 | ---D | C] -- C:\Users\Samson\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/01 19:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/30 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Samson\AppData\Local\Windows Live
[2010/10/30 00:57:24 | 000,029,184 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\CtLoJack.dll
[2010/10/27 23:26:55 | 000,000,000 | ---D | C] -- C:\Users\Samson\AppData\Local\Microsoft Help
[2010/10/24 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/24 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/23 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Samson\AppData\Local\ElevatedDiagnostics
[2010/10/23 17:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/10/23 17:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/10/20 22:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/20 22:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/10/19 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\Samson\Documents\College essay's
[2010/10/17 23:03:54 | 000,000,000 | ---D | C] -- C:\Users\Samson\AppData\Roaming\Spyware Terminator
[2010/10/17 23:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010/10/17 23:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2010/03/07 14:55:21 | 011,310,752 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Samson\AppData\Roaming\LoJackSetup.exe
[3 C:\Users\Samson\Documents\*.tmp files -> C:\Users\Samson\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/04 14:47:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/04 14:47:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/04 14:39:23 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/11/04 14:39:22 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/11/04 14:38:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/04 14:38:53 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 14:38:49 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/11/04 14:38:49 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/11/03 15:44:22 | 000,747,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/03 15:44:22 | 000,628,764 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/03 15:44:22 | 000,108,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/02 14:50:05 | 000,343,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/01 19:33:05 | 000,001,810 | ---- | M] () -- C:\Users\Samson\Desktop\SUPERAntiSpyware Professional.lnk
[2010/10/31 21:05:31 | 000,016,244 | ---- | M] () -- C:\Users\Samson\Documents\Samson College essay.docx
[2010/10/31 01:26:08 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\abtsvchost.xml
[2010/10/31 01:05:43 | 000,013,359 | ---- | M] () -- C:\Users\Samson\Documents\Office of Undergraduate Admission.docx
[2010/10/30 22:31:31 | 000,000,162 | -H-- | M] () -- C:\Users\Samson\Documents\~$mson College essay.docx
[2010/10/30 00:57:26 | 000,029,184 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\CtLoJack.dll
[2010/10/30 00:30:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/29 14:54:58 | 473,314,015 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/28 22:27:20 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/28 22:27:20 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/28 22:21:15 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010/10/28 22:19:21 | 000,001,367 | ---- | M] () -- C:\Users\Samson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/27 23:32:34 | 000,024,331 | ---- | M] () -- C:\Users\Samson\Documents\Hage work.xlsx
[2010/10/26 22:18:09 | 000,015,695 | ---- | M] () -- C:\Users\Samson\Documents\Samson Tessem eco 10-12-10.docx
[2010/10/24 15:57:50 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/23 17:17:09 | 000,001,009 | ---- | M] () -- C:\Users\Samson\Desktop\SpywareBlaster.lnk
[2010/10/22 15:05:00 | 000,018,998 | ---- | M] () -- C:\Users\Samson\Documents\Vick.jpg
[2010/10/22 00:35:00 | 000,014,431 | ---- | M] () -- C:\Users\Samson\Documents\Human relations.docx
[2010/10/21 21:57:39 | 000,013,896 | ---- | M] () -- C:\Users\Samson\Documents\ENGLISH.docx
[2010/10/21 20:37:52 | 000,000,392 | ---- | M] () -- C:\Users\Samson\Desktop\101MEDIA.lnk
[2010/10/19 00:14:29 | 000,013,897 | ---- | M] () -- C:\Users\Samson\Documents\Samson Tessem Human relations.docx
[2010/10/12 15:39:57 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/06 00:30:08 | 000,013,837 | ---- | M] () -- C:\Users\Samson\Documents\Samson Tessema English 4.docx
[2010/10/06 00:24:54 | 000,013,567 | ---- | M] () -- C:\Users\Samson\Documents\Samson Tessema English 10-6-10.docx
[3 C:\Users\Samson\Documents\*.tmp files -> C:\Users\Samson\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 19:33:05 | 000,001,810 | ---- | C] () -- C:\Users\Samson\Desktop\SUPERAntiSpyware Professional.lnk
[2010/10/31 01:05:43 | 000,013,359 | ---- | C] () -- C:\Users\Samson\Documents\Office of Undergraduate Admission.docx
[2010/10/30 22:31:31 | 000,000,162 | -H-- | C] () -- C:\Users\Samson\Documents\~$mson College essay.docx
[2010/10/30 00:51:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\abtsvchost.xml
[2010/10/30 00:30:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/28 22:21:15 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010/10/27 17:36:52 | 000,024,331 | ---- | C] () -- C:\Users\Samson\Documents\Hage work.xlsx
[2010/10/24 15:57:50 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/23 17:17:09 | 000,001,009 | ---- | C] () -- C:\Users\Samson\Desktop\SpywareBlaster.lnk
[2010/10/22 15:04:55 | 000,018,998 | ---- | C] () -- C:\Users\Samson\Documents\Vick.jpg
[2010/10/21 22:49:56 | 000,014,431 | ---- | C] () -- C:\Users\Samson\Documents\Human relations.docx
[2010/10/21 21:57:38 | 000,013,896 | ---- | C] () -- C:\Users\Samson\Documents\ENGLISH.docx
[2010/10/21 20:13:47 | 000,000,392 | ---- | C] () -- C:\Users\Samson\Desktop\101MEDIA.lnk
[2010/10/20 22:18:11 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/20 22:18:11 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/19 00:14:28 | 000,013,897 | ---- | C] () -- C:\Users\Samson\Documents\Samson Tessem Human relations.docx
[2010/10/12 00:36:29 | 000,015,695 | ---- | C] () -- C:\Users\Samson\Documents\Samson Tessem eco 10-12-10.docx
[2010/10/08 10:01:06 | 000,000,003 | ---- | C] () -- C:\ProgramData\AbsoluteNotifier.txt
[2010/10/06 00:30:08 | 000,013,837 | ---- | C] () -- C:\Users\Samson\Documents\Samson Tessema English 4.docx
[2010/10/06 00:24:54 | 000,013,567 | ---- | C] () -- C:\Users\Samson\Documents\Samson Tessema English 10-6-10.docx
[2010/09/11 00:54:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/01 16:44:56 | 000,008,192 | ---- | C] () -- C:\Users\Samson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 11:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/03/11 19:07:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/03/08 00:11:58 | 000,006,912 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/07 17:15:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/07 14:55:09 | 000,000,276 | ---- | C] () -- C:\Users\Samson\AppData\Roaming\FactoryInstaller.xml
[2010/03/04 21:57:47 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/09 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\Absolute
[2010/03/03 19:13:54 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\acccore
[2010/05/16 01:39:40 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2010/09/07 01:31:13 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\ManyCam
[2010/09/18 00:21:33 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\NeopleLauncherDFO
[2010/03/04 21:58:36 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\NVD
[2010/03/03 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\ooVoo Details
[2010/06/10 17:34:36 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\oovooinstaller
[2010/10/31 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\SoftGrid Client
[2010/10/17 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\Spyware Terminator
[2010/05/20 19:26:34 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\TeamViewer
[2010/03/04 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\TP
[2010/03/21 21:09:07 | 000,000,000 | ---D | M] -- C:\Users\Samson\AppData\Roaming\WildTangent
[2010/10/29 14:55:35 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/14 20:13:11 | 000,003,217 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2010/02/25 09:18:21 | 000,003,744 | RH-- | M] () -- C:\dell.sdr
[2010/11/04 14:38:53 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/26 19:30:07 | 000,000,694 | -H-- | M] () -- C:\IPH.PH
[2010/11/04 14:38:52 | 4291,145,728 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 14:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/28 22:19:21 | 000,000,221 | -HS- | M] () -- C:\Users\Samson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/06/12 23:28:54 | 1189,285,496 | ---- | M] (Nexon) -- C:\Users\Samson\Desktop\DFOSetup21.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/03/07 15:13:34 | 000,061,224 | ---- | M] () -- C:\Users\Samson\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 02:26:30 | 000,000,402 | -HS- | M] () -- C:\Users\Samson\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/08 10:01:06 | 000,000,003 | ---- | M] () -- C:\ProgramData\AbsoluteNotifier.txt
[2010/10/31 02:39:17 | 000,006,912 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/09/11 00:54:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

 

[samsont1]

I didnt get the other 1

 

[Broni]

That's fine.
Let me see, what you have there.

 

[Broni]

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [FAStartup] File not found
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
  O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  [2010/10/17 23:03:54 | 000,000,000 | ---D | C] -- C:\Users\Samson\AppData\Roaming\Spyware Terminator
  [2010/10/17 23:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
  [2010/10/17 23:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
  [3 C:\Users\Samson\Documents\*.tmp files -> C:\Users\Samson\Documents\*.tmp -> ]
  @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans.....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[samsont1]

The Java re thing isnt working do i continue with the other steps

 

[Broni]

You have to be more specific.
What do you mean by "not working"?

 

[samsont1]

ok i downloaded the Java RE but where am i suppose to extract it 2

 

[Broni]

It doesn't matter.

 

[samsont1]

i opened it and ran it and it says it will open its log file but the notepad is emptyy

 

[Broni]

Proceed with next steps.

 

[samsont1]

idk how to turn off my Macfeeee

 

[Broni]

For Eset scan?
That's the last step.
Did you finish previous steps?
I need to see OTL fix log and SecurityCheck logs.

How to turn McAfee off: http://www.bleepingcomputer.com/forums/topic114351.html

 

[samsont1]

1. Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.



My Macfee says its a trojan and wouldnt allow it

 

[samsont1]

but it says that it that step when i click the security check . exe after the download that it couldnt be saved because the source file couldn't be read

 

[Broni]

Turn McAfee off, as described in my link and re-download SecurityCheck.
Did you run OTL fix yet?

 

[samsont1]

wheres the otl

 

[Broni]

Look, you have to read my replies...
It doesn't take too much effort to scroll back and see, if you performed all steps, I requested.

Look at my reply #35.

 

[samsont1]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cozi\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F}\ not found.
File {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Samson\AppData\Roaming\Spyware Terminator\Reports folder moved successfully.
C:\Users\Samson\AppData\Roaming\Spyware Terminator\LanguageAct folder moved successfully.
C:\Users\Samson\AppData\Roaming\Spyware Terminator folder moved successfully.
C:\ProgramData\Spyware Terminator folder moved successfully.
C:\Program Files (x86)\Spyware Terminator\update folder moved successfully.
C:\Program Files (x86)\Spyware Terminator\languages folder moved successfully.
C:\Program Files (x86)\Spyware Terminator\help folder moved successfully.
C:\Program Files (x86)\Spyware Terminator folder moved successfully.
C:\Users\Samson\Documents\~WRL0897.tmp deleted successfully.
C:\Users\Samson\Documents\~WRL1414.tmp deleted successfully.
C:\Users\Samson\Documents\~WRL1770.tmp deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119482 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-SAMSON-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Samson
->Temp folder emptied: 139989414 bytes
->Temporary Internet Files folder emptied: 32336410 bytes
->Java cache emptied: 6273 bytes
->FireFox cache emptied: 102784321 bytes
->Flash cache emptied: 58446 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26479972 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83369 bytes
RecycleBin emptied: 40817 bytes

Total Files Cleaned = 288.00 mb


OTL by OldTimer - Version 3.2.17.2 log created on 11052010_134916

Files\Folders moved on Reboot...
C:\Users\Samson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[samsont1]

But the securitycheck.exe keeps failing