Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox quitting/running extremely slowly


  • This topic is locked This topic is locked

#16
AThe

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I think I can now confirm that yes CPU usage is still periodically hits 100% and stays constant there until the computer is shut off.
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Then, I *think* after I opened a detachable USB drive, things started to slow down again. CPU usage doesn't seem to constantly hit 100% like before, but still fluctuates above 50%.

You may have an infected USB

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#18
AThe

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Done and done! The ComboFix log:

ComboFix 10-07-15.05 - Amelio The 07/16/2010 16:54:17.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1381 [GMT -4:00]
Running from: c:\documents and settings\Amelio The\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-13 20:34 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-22 20:51 . 2010-06-22 20:53 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 04:01 . 2008-11-11 17:49 -------- d-----w- c:\documents and settings\Amelio The\Application Data\Skype
2010-07-15 00:22 . 2008-11-11 17:50 -------- d-----w- c:\documents and settings\Amelio The\Application Data\skypePM
2010-07-11 17:10 . 2008-11-10 22:42 35352 ----a-w- c:\documents and settings\Amelio The\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-08 23:32 . 2009-09-08 15:35 -------- d-----w- c:\program files\DOSBox-0.73
2010-07-06 20:29 . 2010-05-21 22:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-26 21:22 . 2010-02-26 17:15 -------- d-----w- c:\documents and settings\Amelio The\Application Data\vlc
2010-06-15 11:32 . 2008-11-11 00:22 -------- d-----w- c:\program files\McAfee
2010-06-14 14:31 . 2008-11-10 22:33 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-04 03:05 . 2010-02-28 21:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 00:41 . 2010-06-02 00:34 -------- d-----w- c:\program files\SpywareBlaster
2010-06-02 00:36 . 2010-06-02 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-02 00:33 . 2008-11-10 22:46 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 00:31 . 2010-06-02 00:31 -------- d-----w- c:\program files\Sun
2010-06-02 00:31 . 2010-06-02 00:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 00:29 . 2008-11-10 22:46 -------- d-----w- c:\program files\Java
2010-05-29 22:17 . 2010-05-29 22:17 348160 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\msvcr71.dll
2010-05-29 22:17 . 2010-05-29 22:17 61440 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67fd3a94-n\decora-sse.dll
2010-05-29 22:17 . 2010-05-29 22:17 503808 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\msvcp71.dll
2010-05-29 22:17 . 2010-05-29 22:17 499712 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\jmc.dll
2010-05-29 22:17 . 2010-05-29 22:17 12800 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67fd3a94-n\decora-d3d.dll
2010-05-22 00:34 . 2010-05-22 00:34 388096 ----a-r- c:\documents and settings\Amelio The\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-22 00:34 . 2010-05-22 00:34 -------- d-----w- c:\program files\Trend Micro
2010-05-22 00:09 . 2008-11-11 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 00:06 . 2008-11-11 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-21 22:36 . 2010-05-21 22:36 63488 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-21 22:36 . 2010-05-21 22:36 52224 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 22:36 . 2010-05-21 22:36 117760 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-21 22:36 . 2010-05-21 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-21 22:36 . 2010-05-21 22:36 -------- d-----w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com
2010-05-21 22:35 . 2008-12-26 04:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-21 20:16 . 2008-11-11 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 11:31 . 2010-04-04 19:08 1 ----a-w- c:\documents and settings\Amelio The\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 00:36 . 2010-02-24 02:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-11-11 04:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-11 04:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [email protected]_17.06.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-16 21:35 . 2010-07-16 21:35 16384 c:\windows\Temp\Perflib_Perfdata_594.dat
+ 2010-07-15 00:25 . 2010-07-16 18:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-10 22:38 . 2010-07-11 15:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-10 22:38 . 2010-07-16 18:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-28 19:39 . 2010-07-11 15:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-11 20:26 . 2010-07-16 18:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-11 15:55 . 2010-07-13 20:40 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-11 00:23 . 2009-09-16 14:22 214664 c:\windows\system32\drivers\mfehidk.sys
+ 2008-11-11 00:23 . 2009-09-16 14:22 214664 c:\windows\system32\drivers\mfehidk.sys
+ 2009-06-02 22:33 . 2010-07-16 18:26 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-02 22:33 . 2010-07-11 15:37 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2008-11-11 15:55 . 2010-07-13 20:40 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-11 15:55 . 2010-07-13 20:40 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-11 15:55 . 2010-06-08 22:04 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-05-25 15:45 . 2010-05-25 15:45 8445440 c:\windows\Installer\9c3e6.msp
+ 2010-07-01 02:52 . 2010-07-01 02:52 5522944 c:\windows\Installer\9c3d2.msp
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\4cac51.msp
+ 2008-11-11 03:51 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-14 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2006-08-03 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-01-17 40960]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-01-17 45056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Amelio The\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-9 576000]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Documents and Settings\\Amelio The\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Amelio The\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Games\\FreeSpace2\\FS2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2/13/2009 6:50 PM 34671]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2/5/2010 6:28 PM 742144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004Core.job
- c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 16:19]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004UA.job
- c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 16:19]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-11-11 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-11-11 16:22]

2010-07-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\
FF - plugin: c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnipp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(8944)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-07-16 17:53:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-16 21:53
ComboFix2.txt 2010-07-11 17:09

Pre-Run: 28,989,321,216 bytes free
Post-Run: 28,981,411,840 bytes free

- - End Of File - - 15010A111FAC90347FDD16ADFA4CF9C9
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

H:\Autorun.inf

From the USB

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Once done could you run a fresh OTL log please
  • 0

#20
AThe

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I ran the flash disinfector with all of my flash drives plugged in. Here's the log for the OTL scan (which seem to be running much, MUCH faster than when we first started - that's got to be a good sign??)


OTL logfile created on: 7/17/2010 9:00:53 AM - Run 5
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Amelio The\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 56.10 Gb Total Space | 27.00 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 87.89 Gb Total Space | 37.38 Gb Free Space | 42.53% Space Free | Partition Type: NTFS
Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.46 Gb Total Space | 7.43 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
Drive H: | 298.01 Gb Total Space | 3.98 Gb Free Space | 1.34% Space Free | Partition Type: FAT32
Drive I: | 3.72 Gb Total Space | 3.69 Gb Free Space | 99.17% Space Free | Partition Type: FAT32

Computer Name: THEMACHINE
Current User Name: Amelio The
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/16 16:09:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/17 15:39:42 | 000,045,056 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntlgn.exe
PRC - [2008/01/17 15:39:30 | 000,040,960 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntctl.exe
PRC - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/11/07 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AMELIO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/28 15:35:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 01:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 01:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 06:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/01/17 15:45:08 | 000,034,671 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/15 21:52:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/15 21:52:05 | 000,000,000 | ---D | M]

[2008/11/11 00:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Extensions
[2010/07/15 21:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions
[2010/05/12 07:25:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/13 16:33:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/18 15:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/07/11 11:33:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/16 21:46:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 20:31:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/01 20:31:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/26 21:22:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/01/17 15:57:30 | 000,165,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll

O1 HOSTS File: ([2010/07/16 17:49:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1482476501-884357618-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1226373470062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.163.32.51 207.179.71.27 216.163.32.52 207.179.70.27
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/10 18:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/17 08:54:27 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/17 08:54:28 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [1996/11/07 13:19:30 | 000,450,560 | R--- | M] () - F:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 14:11:58 | 000,011,902 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/02 22:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 10:40:06 | 000,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/07/17 08:54:30 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/17 08:54:30 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/17 08:54:30 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/17 08:54:27 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/07/16 17:55:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/12 18:51:45 | 074,017,264 | ---- | C] ( ) -- C:\Documents and Settings\Amelio The\Desktop\setup_9.0.0.722_13.07.2010_00-03.exe
[2010/07/11 12:11:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/11 12:11:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/11 12:11:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/11 12:11:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/11 12:10:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/10 16:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\Governmental Immunity and Airports
[2010/07/05 18:07:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/06/22 16:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/01 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/01 20:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/01 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/05/22 09:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/22 09:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/22 09:34:43 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/22 07:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\GooredFix Backups
[2010/05/21 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/21 19:57:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/21 18:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:15:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Amelio The\PrivacIE
[2010/05/21 07:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/20 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/10 21:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\DNRE Stuff
[2010/04/27 13:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\Deployment

========== Files - Modified Within 90 Days ==========

[2010/07/17 09:00:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/17 09:00:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/17 08:58:04 | 000,022,077 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/17 08:57:27 | 000,028,314 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/17 08:57:22 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/17 08:57:08 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/07/17 08:57:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/17 08:56:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 08:56:50 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 08:55:55 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Amelio The\NTUSER.DAT
[2010/07/17 08:55:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Amelio The\ntuser.ini
[2010/07/17 08:52:06 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Flash_Disinfector.exe
[2010/07/17 08:46:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/17 08:46:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/07/16 22:00:24 | 000,239,616 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 21:30:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004UA.job
[2010/07/16 18:00:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/16 18:00:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/16 17:55:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/16 17:55:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/16 17:49:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/16 17:49:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 14:21:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/16 14:21:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/16 08:41:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/16 08:41:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/15 23:22:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/15 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/15 21:28:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/15 21:28:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/15 15:57:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/15 15:57:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/14 19:54:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/14 19:54:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/14 16:18:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/14 16:18:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/13 16:27:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/13 16:27:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/12 18:42:24 | 074,017,264 | ---- | M] ( ) -- C:\Documents and Settings\Amelio The\Desktop\setup_9.0.0.722_13.07.2010_00-03.exe
[2010/07/12 18:38:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/12 17:15:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/12 17:15:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/11 13:30:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004Core.job
[2010/07/11 13:11:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/11 13:11:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/11 13:10:02 | 000,035,352 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/11 11:32:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/07/11 11:32:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/07/10 12:42:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/07/10 12:42:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/07/10 09:58:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/07/10 09:58:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/10 09:21:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/07/10 09:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/07/10 03:51:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/10 03:51:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/07/09 17:26:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/07/09 15:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/09 15:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/08 19:32:19 | 000,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2010/07/07 21:22:58 | 000,284,377 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:12 | 000,304,857 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/06 23:32:00 | 000,285,737 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:38 | 000,008,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:41:43 | 000,056,144 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/05 22:07:44 | 000,185,046 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 14:58:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/29 21:56:36 | 000,106,060 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/22 17:36:12 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 17:36:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 17:36:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/08 18:58:43 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 18:04:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 18:04:06 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 21:25:48 | 011,029,920 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:25:41 | 005,334,731 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:31 | 000,047,050 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/29 18:38:27 | 004,449,036 | -H-- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\IconCache.db
[2010/05/22 09:51:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/22 08:04:58 | 000,287,218 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:42:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/21 20:34:32 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Amelio The\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 20:02:38 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:13 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:23 | 008,206,880 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:19:20 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/15 20:36:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 22:45:48 | 013,971,197 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:15 | 000,028,132 | ---- | M] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/06 13:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 16:10:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/05/04 13:49:20 | 008,560,128 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:21:32 | 000,167,753 | ---- | M] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:49 | 000,029,619 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 08:13:09 | 002,128,923 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 21:35:18 | 000,039,245 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:42 | 001,171,033 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF

========== Files Created - No Company Name ==========

[2010/07/17 08:52:00 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Flash_Disinfector.exe
[2010/07/13 16:25:41 | 2145,869,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/11 12:11:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 12:11:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 12:11:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/07 21:22:58 | 000,284,377 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:11 | 000,304,857 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/06 23:32:00 | 000,285,737 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:37 | 000,008,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:42:45 | 000,056,144 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/05 22:07:44 | 000,185,046 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 18:21:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.exe
[2010/07/05 15:41:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/06/29 21:56:36 | 000,106,060 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/22 16:52:32 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/06 21:27:29 | 011,029,920 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:27:29 | 005,334,731 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:30 | 000,047,050 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/22 09:51:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/22 09:51:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/22 09:48:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/22 09:48:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/22 08:04:55 | 000,287,218 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:34:32 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 18:36:13 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:12 | 008,206,880 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:18:11 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/14 17:04:12 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2010/05/11 22:46:15 | 013,971,197 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:14 | 000,028,132 | ---- | C] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/04 13:59:03 | 008,560,128 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/28 12:21:32 | 000,167,753 | ---- | C] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:47 | 000,029,619 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 08:47:14 | 002,128,923 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/21 21:35:15 | 000,039,245 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:57 | 001,171,033 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF
[2009/08/03 16:56:05 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/02/13 18:50:48 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2009/01/25 17:28:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/17 08:46:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/13 15:29:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/13 15:29:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/13 15:29:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/13 15:29:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/13 15:29:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/13 15:29:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/11 13:35:17 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/11 11:55:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/10 23:56:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/10 23:56:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/10 23:56:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/10 23:56:47 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/10 19:00:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/11/10 19:00:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/11/28 20:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/01 11:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/09/18 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/01 20:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/18 21:57:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
[2010/01/08 18:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\CiscoCAA
[2010/02/26 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit
[2010/03/04 22:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit Software
[2008/11/17 08:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Leadertech
[2008/11/11 12:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OfficeUpdate12
[2010/04/04 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OpenOffice.org
[2009/02/04 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Softland
[2009/09/18 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Stardock
[2009/02/04 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/10/15 01:15:24 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 01:01:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========


< End of report >
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems remain ? If you still get a high cpu reading could you run task manager, select the processes tab and post a screen shot
  • 0

#22
AThe

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Essexboy,

Okay, everything seems to be fine now. I've tried running multiple applications at once for the past day, and there hasn't seemed to be any obvious problems. Do you think that's it? And, how does a USB drive get infected in the first place? Is there anything else I can do to keep it from happening in the future?

Thanks,
-Amelio
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A USB drive can be infected from another computer if you transfer programmes between friends

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

Advertisements


#26
AThe

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Essexboy,

I uninstalled and reinstalled Firefox. I've also run OTL once more, here's the log:

OTL logfile created on: 7/19/2010 6:05:31 PM - Run 6
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Amelio The\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 56.10 Gb Total Space | 26.89 Gb Free Space | 47.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 87.89 Gb Total Space | 49.78 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMACHINE
Current User Name: Amelio The
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/16 16:09:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/17 15:39:42 | 000,045,056 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntlgn.exe
PRC - [2008/01/17 15:39:30 | 000,040,960 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntctl.exe
PRC - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/11/07 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AMELIO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/28 15:35:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 01:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 01:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 06:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/01/17 15:45:08 | 000,034,671 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/19 17:55:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/19 17:55:28 | 000,000,000 | ---D | M]

[2010/07/19 17:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Extensions
[2010/07/19 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\xx55iht2.default\extensions
[2010/07/19 18:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\xx55iht2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/19 18:01:40 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\xx55iht2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/19 18:01:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\xx55iht2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/19 18:01:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\xx55iht2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/19 17:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 20:31:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/01 20:31:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/26 21:22:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/01/17 15:57:30 | 000,165,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll

O1 HOSTS File: ([2010/07/16 17:49:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1482476501-884357618-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1226373470062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.163.32.51 207.179.71.27 216.163.32.52 207.179.70.27
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/10 18:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/17 08:54:27 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/17 08:54:28 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [1996/11/07 13:19:30 | 000,450,560 | R--- | M] () - F:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 14:11:58 | 000,011,902 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/02 22:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 10:40:06 | 000,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/19 17:17:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/18 15:40:00 | 000,000,000 | ---D | C] -- E:\My Documents\Vinay & Lembi's Wedding
[2010/07/17 08:54:27 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/07/16 17:55:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/12 18:51:45 | 074,017,264 | ---- | C] ( ) -- C:\Documents and Settings\Amelio The\Desktop\setup_9.0.0.722_13.07.2010_00-03.exe
[2010/07/11 12:11:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/11 12:11:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/11 12:11:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/11 12:11:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/11 12:10:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/10 16:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\Governmental Immunity and Airports
[2010/07/05 18:07:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/06/22 16:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/01 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/01 20:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/01 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/05/22 09:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/22 09:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/22 09:34:43 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/22 07:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\GooredFix Backups
[2010/05/21 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/21 19:57:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/21 18:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:15:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Amelio The\PrivacIE
[2010/05/21 07:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/20 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/10 21:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\DNRE Stuff
[2010/04/27 13:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\Deployment

========== Files - Modified Within 90 Days ==========

[2010/07/19 17:55:30 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Amelio The\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/19 17:55:30 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/19 17:54:42 | 000,028,314 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/19 17:47:38 | 000,022,077 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/19 17:47:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/19 17:47:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/19 17:46:42 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/19 17:46:26 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/07/19 17:46:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 17:46:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 17:46:12 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 17:45:26 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Amelio The\NTUSER.DAT
[2010/07/19 17:45:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Amelio The\ntuser.ini
[2010/07/19 17:38:26 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/19 17:38:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/19 17:38:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 17:13:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/07/19 17:13:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/07/19 16:30:08 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004UA.job
[2010/07/19 16:17:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/07/19 16:17:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/07/18 18:25:52 | 000,244,736 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 13:30:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004Core.job
[2010/07/18 13:22:20 | 000,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2010/07/18 11:25:16 | 000,860,865 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Harris_AER_EnvEcon.pdf
[2010/07/18 09:03:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/07/18 09:03:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/18 00:34:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/07/18 00:34:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/07/17 14:03:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/17 14:03:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/07/17 10:33:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/17 10:33:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/17 09:00:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/17 09:00:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/17 08:52:06 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Flash_Disinfector.exe
[2010/07/17 08:46:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/17 08:46:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/07/16 18:00:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/16 18:00:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/16 17:55:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/16 17:55:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/16 17:49:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 14:21:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/16 14:21:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/16 08:41:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/16 08:41:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/15 23:22:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/15 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/15 21:28:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/15 21:28:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/15 15:57:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/15 15:57:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/14 19:54:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/14 19:54:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/14 16:18:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/14 16:18:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/13 16:27:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/13 16:27:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/12 18:42:24 | 074,017,264 | ---- | M] ( ) -- C:\Documents and Settings\Amelio The\Desktop\setup_9.0.0.722_13.07.2010_00-03.exe
[2010/07/12 18:38:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/12 17:15:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/12 17:15:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/11 13:10:02 | 000,035,352 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/07/09 17:26:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/07/07 21:22:58 | 000,284,377 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:12 | 000,304,857 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/06 23:32:00 | 000,285,737 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:38 | 000,008,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:41:43 | 000,056,144 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/05 22:07:44 | 000,185,046 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 14:58:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/29 21:56:36 | 000,106,060 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/22 17:36:12 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 17:36:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 17:36:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/08 18:58:43 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 18:04:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 21:25:48 | 011,029,920 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:25:41 | 005,334,731 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:31 | 000,047,050 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/29 18:38:27 | 004,449,036 | -H-- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\IconCache.db
[2010/05/22 08:04:58 | 000,287,218 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:42:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/21 20:34:32 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Amelio The\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 20:02:38 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:13 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:23 | 008,206,880 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:19:20 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/15 20:36:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 22:45:48 | 013,971,197 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:15 | 000,028,132 | ---- | M] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/06 13:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 16:10:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/05/04 13:49:20 | 008,560,128 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:21:32 | 000,167,753 | ---- | M] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:49 | 000,029,619 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 08:13:09 | 002,128,923 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 21:35:18 | 000,039,245 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:42 | 001,171,033 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF

========== Files Created - No Company Name ==========

[2010/07/19 17:55:30 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Amelio The\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/19 17:55:30 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/19 17:38:31 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/19 17:38:31 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/07/18 11:27:32 | 000,860,865 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Harris_AER_EnvEcon.pdf
[2010/07/17 08:52:00 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Flash_Disinfector.exe
[2010/07/13 16:25:41 | 2145,869,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/11 12:11:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 12:11:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 12:11:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/07 21:22:58 | 000,284,377 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:11 | 000,304,857 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/06 23:32:00 | 000,285,737 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:37 | 000,008,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:42:45 | 000,056,144 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/05 22:07:44 | 000,185,046 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 18:21:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.exe
[2010/07/05 15:41:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/06/29 21:56:36 | 000,106,060 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/22 16:52:32 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/06 21:27:29 | 011,029,920 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:27:29 | 005,334,731 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:30 | 000,047,050 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/22 09:51:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/22 09:51:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/22 09:48:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/22 09:48:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/22 08:04:55 | 000,287,218 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:34:32 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 18:36:13 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:12 | 008,206,880 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:18:11 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/14 17:04:12 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2010/05/11 22:46:15 | 013,971,197 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:14 | 000,028,132 | ---- | C] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/04 13:59:03 | 008,560,128 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/28 12:21:32 | 000,167,753 | ---- | C] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:47 | 000,029,619 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 08:47:14 | 002,128,923 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/21 21:35:15 | 000,039,245 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:57 | 001,171,033 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF
[2009/08/03 16:56:05 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/02/13 18:50:48 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2009/01/25 17:28:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/17 08:46:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/13 15:29:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/13 15:29:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/13 15:29:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/13 15:29:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/13 15:29:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/13 15:29:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/11 13:35:17 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/11 11:55:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/10 23:56:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/10 23:56:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/10 23:56:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/10 23:56:47 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/10 19:00:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/11/10 19:00:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/11/28 20:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/01 11:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/09/18 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/01 20:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/18 21:57:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
[2010/01/08 18:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\CiscoCAA
[2010/02/26 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit
[2010/03/04 22:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit Software
[2008/11/17 08:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Leadertech
[2008/11/11 12:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OfficeUpdate12
[2010/04/04 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OpenOffice.org
[2009/02/04 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Softland
[2009/09/18 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Stardock
[2009/02/04 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/10/15 01:15:24 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 01:01:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========


< End of report >
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So as soon as you started FF it went ballistic ? Does that still occur after the fresh install of FF ?

Delete your current copy of Combofix

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#28
AThe

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It wasn't *as soon as* loading Firefox, but it was definitely within a surfing but a few webpages (nothing that should have been malicious, just FARK.COM).

However, it *does* seem that the 100% CPU usage stops after I unplug my wireless modem and disable my wireless antenna. I don't know if that's coincidence.

Here's the ComboFix log:

ComboFix 10-07-19.05 - Amelio The 07/20/2010 14:51:10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1295 [GMT -4:00]
Running from: c:\documents and settings\Amelio The\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-19 23:40 . 2010-07-19 23:40 2605008 ----a-w- c:\documents and settings\Amelio The\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-07-13 20:34 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-22 20:51 . 2010-06-22 20:53 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 15:28 . 2008-11-11 17:49 -------- d-----w- c:\documents and settings\Amelio The\Application Data\Skype
2010-07-18 13:04 . 2008-11-11 17:50 -------- d-----w- c:\documents and settings\Amelio The\Application Data\skypePM
2010-07-11 17:10 . 2008-11-10 22:42 35352 ----a-w- c:\documents and settings\Amelio The\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-08 23:32 . 2009-09-08 15:35 -------- d-----w- c:\program files\DOSBox-0.73
2010-07-06 20:29 . 2010-05-21 22:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-26 21:22 . 2010-02-26 17:15 -------- d-----w- c:\documents and settings\Amelio The\Application Data\vlc
2010-06-15 11:32 . 2008-11-11 00:22 -------- d-----w- c:\program files\McAfee
2010-06-14 14:31 . 2008-11-10 22:33 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-04 03:05 . 2010-02-28 21:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 00:41 . 2010-06-02 00:34 -------- d-----w- c:\program files\SpywareBlaster
2010-06-02 00:36 . 2010-06-02 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-02 00:33 . 2008-11-10 22:46 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 00:31 . 2010-06-02 00:31 -------- d-----w- c:\program files\Sun
2010-06-02 00:31 . 2010-06-02 00:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 00:29 . 2008-11-10 22:46 -------- d-----w- c:\program files\Java
2010-05-29 22:17 . 2010-05-29 22:17 348160 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\msvcr71.dll
2010-05-29 22:17 . 2010-05-29 22:17 61440 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67fd3a94-n\decora-sse.dll
2010-05-29 22:17 . 2010-05-29 22:17 503808 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\msvcp71.dll
2010-05-29 22:17 . 2010-05-29 22:17 499712 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\jmc.dll
2010-05-29 22:17 . 2010-05-29 22:17 12800 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67fd3a94-n\decora-d3d.dll
2010-05-22 00:34 . 2010-05-22 00:34 388096 ----a-r- c:\documents and settings\Amelio The\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-22 00:34 . 2010-05-22 00:34 -------- d-----w- c:\program files\Trend Micro
2010-05-22 00:09 . 2008-11-11 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 00:06 . 2008-11-11 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-21 22:36 . 2010-05-21 22:36 63488 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-21 22:36 . 2010-05-21 22:36 52224 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 22:36 . 2010-05-21 22:36 117760 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-21 22:36 . 2010-05-21 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-21 22:36 . 2010-05-21 22:36 -------- d-----w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com
2010-05-21 22:35 . 2008-12-26 04:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-21 20:16 . 2008-11-11 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 11:31 . 2010-04-04 19:08 1 ----a-w- c:\documents and settings\Amelio The\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 00:36 . 2010-02-24 02:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-11-11 04:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-11 04:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-14 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2006-08-03 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-01-17 40960]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-01-17 45056]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

c:\documents and settings\Amelio The\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-9 576000]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Documents and Settings\\Amelio The\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Amelio The\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Games\\FreeSpace2\\FS2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2/13/2009 6:50 PM 34671]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2/5/2010 6:28 PM 742144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004Core.job
- c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 16:19]

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004UA.job
- c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 16:19]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-11-11 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-11-11 16:22]

2010-07-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 14:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(8020)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-07-20 15:07:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 19:07
ComboFix2.txt 2010-07-16 21:53
ComboFix3.txt 2010-07-11 17:09

Pre-Run: 28,875,292,672 bytes free
Post-Run: 28,878,954,496 bytes free

- - End Of File - - DE37A99DC3E34C2D2572AEAA942981CA
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well nothing appears to have been dropped - can you try FF again and see if the problem recurs
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP