Solved: Computer has been infected! Vista 64 W/logs - Page 4

miller330i · 25-Oct-2009, 08:32 PM **#46**

All processes killed
========== PROCESSES ==========
========== OTL ==========
Prefs.js: "Sky Web Search" removed from browser.search.defaultenginename
Prefs.js: "Sky Web Search" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridg e deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{71927353-afab-11de-b56d-002618359de8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71927353-afab-11de-b56d-002618359de8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{71927353-afab-11de-b56d-002618359de8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71927353-afab-11de-b56d-002618359de8}\ not found.
File move failed. F:\Startup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Desktop
File delete failed. C:\Users\Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
->Temp folder emptied: 233063207 bytes
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I1QTU18N\ads[7].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\870015-computer-has-been-infected-vista-3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\a[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QILHB84\01[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0I8TEQFK\eBayISAPI[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT scheduled to be deleted on reboot.
File delete failed. C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 26541796 bytes
->Java cache emptied: 15101767 bytes
->FireFox cache emptied: 63586686 bytes
->Google Chrome cache emptied: 6238565 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1564672 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be deleted on reboot.
Windows Temp folder emptied: 501476 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 330.54 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.0.22.1 log created on 10252009_161452
Files\Folders moved on Reboot...
File move failed. F:\Startup.exe scheduled to be moved on reboot.
C:\Users\Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I1QTU18N\ads[7].htm moved successfully.
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\870015-computer-has-been-infected-vista-3[1].htm moved successfully.
File\Folder C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3A9VWJ9\a[1].htm not found!
File\Folder C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QILHB84\01[2].htm not found!
File\Folder C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0I8TEQFK\eBayISAPI[2].htm not found!
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
DllUnregisterServer procedure not found in C:\Windows\temp\logishrd\LVPrcInj01.dll
C:\Windows\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\Windows\temp\logishrd\LVPrcInj02.dll
C:\Windows\temp\logishrd\LVPrcInj02.dll NOT unregistered.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...

emeraldnzl · 25-Oct-2009, 08:51 PM **#47**

Quote:

The report, many failures!

I guess it looks like that but I think it did what we want.

Let's have a look.

Close all windows and open OTL again.
Click Run Scan and let the program run uninterrupted
It will produce a log for you. Post the log here.

miller330i · 25-Oct-2009, 10:47 PM **#48**

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2009 at 06:32 PM

Application Version : 4.29.1004

Core Rules Database Version : 4189
Trace Rules Database Version: 2103

Scan type : Complete Scan
Total Scan Time : 01:37:26

Memory items scanned : 203
Memory threats detected : 0
Registry items scanned : 7292
Registry threats detected : 0
File items scanned : 306861
File threats detected : 36

Adware.Tracking Cookie
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\desktop@advertis ing[2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\desktop@at.atwol a[2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\desktop@tacoda[1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\desktop@atwola[2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\desktop@ar.atwol a[1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\desktop@cdn.at.a twola[1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\desktop@a1.i nterclick[1].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\desktop@ad.y ieldmanager[2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\desktop@ads. bridgetrack[2].txt
C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Cookies\Low\desktop@ads. pointroll[2].txt

emeraldnzl · 25-Oct-2009, 10:51 PM **#49**

Hello miller330i,

That wasn't the log I was looking for.

This is the one I wanted you to run:

This time though click the Run Scan button and post the log back here.

Turning to the SAS log. All it is showing is harmless cookies. They won't hurt your computer. In fact you won't be able to use many sites unless you let them load there cookies.

miller330i · 26-Oct-2009, 12:47 AM **#50**

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2009 at 08:24 PM

Application Version : 4.29.1004

Core Rules Database Version : 4189
Trace Rules Database Version: 2103

Scan type : Complete Scan
Total Scan Time : 01:36:41

Memory items scanned : 225
Memory threats detected : 0
Registry items scanned : 7292
Registry threats detected : 0
File items scanned : 306874
File threats detected : 0

emeraldnzl · 26-Oct-2009, 12:52 AM **#51**

Thank you for that SuperAntiSpyWare log.

It wasn't the one I was looking for... see my last post.

However, if you are happy with your computer now we can move to removing the tools we have been using.

miller330i · 26-Oct-2009, 01:15 AM **#52**

OTL logfile created on: 10/25/2009 8:47:57 PM - Run 7
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Desktop\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.26% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 156.09 Gb Free Space | 55.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.45 Gb Total Space | 10.51 Gb Free Space | 3.76% Space Free | Partition Type: NTFS
Drive F: | 3.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP1
Current User Name: Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Windows\runservice.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AODService [Disabled | Stopped]) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Disabled | Stopped]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca148920d17d96 [Disabled | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Sound Blaster X-Fi MB Licensing Service [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV:64bit: - (AEADIFilters [Disabled | Stopped]) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:64bit: - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64 [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:64bit: - (LVPrcS64 [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (MsMpSvc [Auto | Running]) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (atillk64 [On_Demand | Stopped]) -- C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys (ATI Technologies Inc.)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/08/02 17:24:44 | 00,000,000 | ---D | M]
DRV - (is-US5VGdrv [System | Stopped]) -- C:\Windows\SysWow64\DRIVERS\34972332.sys (Kaspersky Lab)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\SysWow64\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Partizan [Boot | Stopped]) -- C:\Windows\SysWow64\Partizan.RRI ()
DRV - (pwipf6 [System | Running]) -- C:\Windows\SysWow64\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RegGuard [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\regguard.sys (Greatis Software)
DRV - (RivaTuner64 [On_Demand | Stopped]) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV:64bit: - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (AmdTools [System | Stopped]) -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys (AMD, Inc.)
DRV:64bit: - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (LVPr2M64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (mcdbus [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (MpFilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV:64bit: - (MpNWMon [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\MpNWMon.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (pavboot [Boot | Running]) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS (Logitech Inc.)
DRV:64bit: - (pwipf6 [System | Running]) -- C:\Windows\SysNative\DRIVERS\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:64bit: - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ssfs0bbc [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (ssidrv [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (StarPortLite [System | Running]) -- C:\Windows\SysNative\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 12:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/30 22:19:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/14 12:40:10 | 00,000,000 | ---D | M]

miller330i · 26-Oct-2009, 01:16 AM **#53**

[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions
[2009/08/08 09:45:48 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/25 18:12:33 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\ extensions
[2009/09/23 13:54:59 | 00,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\mozilla\Firefox\Profiles\kwgeslrt.default\ extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/23 08:12:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/30 22:19:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/21 12:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/08/21 12:10:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 13:45:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk = C:\Users\Desktop\Desktop\Virus Removal Tool\is-US5VG\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 15:36:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/29 10:18:56 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/25 06:29:25 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

miller330i · 26-Oct-2009, 01:16 AM **#54**

========== Files/Folders - Created Within 30 Days ==========

[2009/10/20 23:12:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:06:06 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/10/22 21:51:09 | 00,000,000 | ---D | C] -- C:\ProgramData\is-US5VG
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/03 10:29:12 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/13 09:13:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/17 22:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/10/24 19:28:39 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/17 08:55:20 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/18 23:31:31 | 00,000,000 | ---D | C] -- C:\ProgramData\WebRoot
[2009/10/17 08:55:09 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Any DVD Converter Professional
[2009/10/07 20:09:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Canon
[2009/10/15 14:12:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\FastStone
[2009/10/16 08:48:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\ICQ
[2009/10/18 11:00:34 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Malwarebytes
[2009/10/13 09:12:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft Game Studios
[2009/10/17 22:46:11 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Sunbelt
[2009/10/24 19:28:35 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/11 21:54:08 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\vlc
[2009/10/19 00:28:44 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Webroot
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/23 16:47:24 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Adobe
[2009/10/21 12:49:00 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Apple
[2009/10/03 10:29:33 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\LogiShrd
[2009/10/13 09:13:25 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Microsoft Game Studios
[2009/10/22 14:35:45 | 00,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Visual Business Cards
[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2009/10/13 23:26:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/10/17 08:55:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Converter Professional
[2009/10/23 19:37:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2009/10/15 14:12:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2009/10/16 08:48:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2009/10/21 11:18:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/10/13 09:07:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2009/10/18 11:00:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/13 23:32:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/01 16:26:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2009/10/01 23:16:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/10/13 09:13:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2009/10/13 23:03:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/10/02 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/19 19:25:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2009/10/22 20:52:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/10/20 23:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/18 17:46:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/10/17 22:30:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2009/10/24 19:28:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/10/17 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/15 08:40:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/10/22 14:32:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Business Cards
[2009/10/18 00:26:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/10/03 10:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/10/14 11:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/10/01 16:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/25 16:14:52 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/23 16:01:58 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/22 21:49:19 | 00,200,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysWow64\drivers\34972332.sys
[2009/10/22 21:49:19 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Virus Removal Tool
[2009/10/22 14:35:46 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Visual Business Cards
[2009/10/21 11:19:47 | 00,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/10/19 21:25:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/19 21:25:40 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/19 19:25:19 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:25:11 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/10/19 19:22:24 | 00,078,088 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/18 12:06:58 | 00,000,000 | --SD | C] -- C:\TheHammer3533T
[2009/10/18 12:06:26 | 00,000,000 | --SD | C] -- C:\TheHammer
[2009/10/18 12:06:26 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 22:21:11 | 00,000,000 | ---D | C] -- C:\sbtemp
[2009/10/17 10:17:17 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\OJOsoft Corporation
[2009/10/17 08:55:21 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Any DVD Converter Professional
[2009/10/13 23:32:20 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/13 23:03:07 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/10/13 22:58:55 | 05,690,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 22:58:53 | 07,006,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 22:58:52 | 01,426,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 22:58:52 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/13 22:58:51 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 22:58:51 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 22:58:51 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 22:58:50 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 22:58:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 22:58:47 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2009/10/13 22:58:47 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/10/13 22:58:45 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/13 22:58:45 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/13 22:58:34 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 22:58:33 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 22:58:33 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 22:58:32 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 22:58:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 22:57:46 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 22:57:45 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 22:57:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 16:59:22 | 02,146,304 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/13 09:52:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2009/10/13 09:07:30 | 00,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2009/10/12 20:08:55 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Desktop\Halo.2.XP-TheBabeLover
[2009/10/03 12:38:47 | 00,000,000 | ---D | C] -- C:\Users\Desktop\Documents\SightSpeed Recordings
[2009/10/01 16:40:24 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/08/09 23:14:51 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Desktop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[1 C:\Users\Desktop\AppData\Local\*.tmp files]
[2009/10/25 20:43:54 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 20:43:54 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 20:35:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/25 18:52:00 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/25 18:52:00 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/25 18:52:00 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/25 18:44:13 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/25 18:43:55 | 00,001,377 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2009/10/25 18:43:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/25 18:43:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/25 18:42:58 | 04,521,924 | -H-- | M] () -- C:\Users\Desktop\AppData\Local\IconCache.db
[2009/10/25 16:15:57 | 00,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2009/10/25 11:36:47 | 01,088,006 | ---- | M] () -- C:\Users\Desktop\Desktop\MGT Motorsports_com BlendMount Your Valentine One Radar Detector.mht
[2009/10/25 01:13:59 | 02,842,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/23 16:02:01 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2009/10/22 23:15:45 | 00,038,400 | ---- | M] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | M] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | M] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | M] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:25 | 00,034,304 | ---- | M] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 23:11:28 | 00,000,680 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/22 21:51:09 | 00,001,803 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/20 00:00:07 | 00,001,698 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 22:52:14 | 00,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:58 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat

miller330i · 26-Oct-2009, 01:17 AM **#55**

2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysWow64\drivers\pwipf6.sys
[2009/10/19 19:22:24 | 00,078,088 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2009/10/19 19:05:56 | 00,000,732 | ---- | M] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/10/19 00:24:55 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/10/13 16:59:22 | 02,146,304 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2009/10/12 21:16:04 | 00,000,133 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/10/12 17:13:49 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/12 11:36:22 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/04 22:31:38 | 00,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/25 11:36:42 | 01,088,006 | ---- | C] () -- C:\Users\Desktop\Desktop\MGT Motorsports_com BlendMount Your Valentine One Radar Detector.mht
[2009/10/25 01:10:17 | 04,521,924 | -H-- | C] () -- C:\Users\Desktop\AppData\Local\IconCache.db
[2009/10/22 23:15:45 | 00,038,400 | ---- | C] () -- C:\Users\Desktop\Desktop\Polarity.doc
[2009/10/22 23:15:41 | 00,030,720 | ---- | C] () -- C:\Users\Desktop\Desktop\Geometry.doc
[2009/10/22 23:15:36 | 00,027,136 | ---- | C] () -- C:\Users\Desktop\Desktop\Calorimetry.doc
[2009/10/22 23:15:30 | 00,035,840 | ---- | C] () -- C:\Users\Desktop\Desktop\Thermo.doc
[2009/10/22 23:15:24 | 00,034,304 | ---- | C] () -- C:\Users\Desktop\Desktop\Lewis.doc
[2009/10/22 21:51:09 | 00,001,803 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-US5VG.lnk
[2009/10/21 17:14:19 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/10/20 23:20:09 | 00,001,840 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI3C6B.txt
[2009/10/20 23:20:04 | 00,012,862 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI3C6B.txt
[2009/10/19 20:58:52 | 00,001,698 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L592D3875AA694C63B4900DCF28BFD983.job
[2009/10/19 20:58:51 | 00,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L7E41AE94A7394FECBDA9B88F3EFB8F6A.job
[2009/10/19 19:25:15 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2009/10/19 19:22:57 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/18 23:23:57 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/10/18 21:43:33 | 00,000,680 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps.dat
[2009/10/12 11:36:22 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/01 23:15:42 | 00,231,562 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924MSI6C8A.txt
[2009/10/01 23:15:41 | 00,014,524 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL90SP1_KB973924UI6C8A.txt
[2009/10/01 23:15:11 | 00,557,508 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6C25.txt
[2009/10/01 23:15:10 | 00,014,540 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6C25.txt
[2009/10/01 23:14:50 | 00,541,238 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923MSI6BD6.txt
[2009/10/01 23:14:46 | 00,014,492 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_ATL80SP1_KB973923UI6BD6.txt
[2009/09/23 12:09:15 | 00,704,282 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2009/09/23 12:09:15 | 00,018,052 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2009/09/18 12:18:50 | 00,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/12 14:35:43 | 00,001,377 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2009/08/12 14:35:41 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/08/11 18:59:20 | 00,000,133 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\default.pls
[2009/08/10 09:22:01 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/09 23:15:35 | 00,000,034 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.log
[2009/08/09 23:14:51 | 00,099,384 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\inst.exe
[2009/08/09 23:14:51 | 00,007,859 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.cat
[2009/08/09 23:14:51 | 00,001,167 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\pcouffin.inf
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/06 13:06:48 | 00,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/08/06 13:02:40 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2009/08/06 13:02:22 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2009/08/03 18:57:18 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/03 16:03:41 | 00,598,240 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistMSI2007.txt
[2009/08/03 16:03:39 | 00,020,488 | ---- | C] () -- C:\Users\Desktop\AppData\Local\dd_vcredistUI2007.txt
[2009/08/03 15:22:47 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 15:22:28 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/03 14:50:59 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/08/03 14:39:34 | 00,000,327 | ---- | C] () -- C:\Windows\RefreshLock.ini
[2009/08/03 10:30:45 | 00,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
[2009/08/02 22:36:17 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/08/02 22:35:19 | 00,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/08/02 22:33:44 | 00,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/02 22:28:02 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/02 22:28:02 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/02 22:28:00 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/08/02 22:28:00 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/08/02 22:19:34 | 00,000,989 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/08/02 22:19:34 | 00,000,928 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/08/02 22:19:12 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/08/02 22:19:11 | 00,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/08/02 21:03:00 | 00,041,125 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/08/02 21:02:40 | 00,034,721 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/02 21:02:40 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/08/02 21:00:48 | 00,051,960 | ---- | C] () -- C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 21:00:30 | 00,000,732 | ---- | C] () -- C:\Users\Desktop\AppData\Local\d3d9caps64.dat
[2009/06/02 18:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 16:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

emeraldnzl · 26-Oct-2009, 01:27 AM **#56**

That looks good to me.

How is your computer now?

If your machine has no problems we will remove the tools we have been using in the next post.

miller330i · 26-Oct-2009, 02:55 AM **#57**

Thanks!

emeraldnzl · 26-Oct-2009, 03:09 AM **#58**

Hello miller330i,

Quote:

cookie issues.

Generally speaking cookies are nothing to worry about. As I said ealier in this thread, you will find that many web sites won't work unless you allow cookies.

If they do worry you and you use Firefox, this is what to do:

Go to Tools > Options > Privacy and in the Cookies panel beside Keep until: change to I close Firefox

Now

We have a couple of last steps to perform and then you're all set.

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. The Win32Diag folder can be deleted.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore in Vista to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
- Click on the Start button to open your Start Menu.
  Click on the Control Panel menu option.
  Click on the System and Maintenance menu option.
  Click on the System menu option.
  Click on System Protection in the left-hand task list.
  Click on the System Protection tab.
  Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
  
  When you uncheck a disk you will be presented with this screen
  Click on the Turn System Protection Off button.
  
  Press the Apply button and then the OK button.
2. Restart your computer.

3. Turn ON System Restore.
- Click on the Start button to open your Start Menu.
  Click on the Control Panel menu option.
  Click on the System and Maintenance menu option.
  Click on the System menu option.
  Click on System Protection in the left-hand task list.
  Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
  Click Apply, and then click OK.

System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here Java Runtime Environment (JDK) Update
Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

Reboot your computer.
You also need to uininstall older versions of Java.
Click Start > Control Panel > Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

NoScripts is a good Add-on for Firefox that prevents execution of malicious scripts.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
Microsoft Windows Update

monthly.

And to keep your system clean run these free malware scanners
AdAware SE Personal
Spybot Search & Destroy
SuperAntiSpyWare

weekly, and be aware of what emails you open and websites you visit.

An antivirus program is essential.

Here are a couple of to choose from (these are also free for personal use):

Avast
AVIRA Note: AVIRA free comes with adware that promotes their paid for version each time it updates.

I like Avira but some people find the pop up advertisements each time it updates a bit trying.

A firewall is essential to help prevent hackers from infiltrating your computer.

Here are two good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!

miller330i · 27-Oct-2009, 12:14 AM **#59**

Thank you! I started to do what you recommended, but cannot run OTL.

emeraldnzl · 27-Oct-2009, 12:34 AM **#60**

Might be your anti-malware getting in the way.

Make sure they are disabled and try again, if that doesn't work try this one:

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!