Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't get rid of TR/vundo 4.8. Please help.

Started by ShaneStorm , Nov 16 2010 07:19 PM

  • This topic is locked This topic is locked

#31
ShaneStorm
Posted 07 December 2010 - 10:14 PM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Well, I don't see any functional problems. Avira is still detecting the same virus. It puts it in quarantine, has me restart the computer, starts the scan over, and continues in a loop. Here's the relevant part of the report I just ran:


Starting the file scan:

Begin scan in 'C:\Users\Felicia'
Begin scan in 'C:\Windows'
C:\Windows\System32\vfwwdm32R.dll
[DETECTION] Is the TR/Vundo.4.8 Trojan

This thing is relentless.
  • 0

Advertisements

#32
SweetTech
Posted 08 December 2010 - 02:46 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
This thing is being very stubborn.

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "C:\Windows\System32\vfwwdm32R.dll"


NEXT:



Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
C:\Windows\System32\vfwwdm32R.dll
:Commands
[emptytemp]
[emptyflash]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#33
ShaneStorm
Posted 08 December 2010 - 07:12 PM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I did both things. This log doesn't seem good:

All processes killed
========== FILES ==========
LoadLibrary failed for C:\Windows\System32\vfwwdm32R.dll
File move failed. C:\Windows\System32\vfwwdm32R.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Felicia
->Temp folder emptied: 33741 bytes
->Temporary Internet Files folder emptied: 1040472 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75532923 bytes
->Flash cache emptied: 5166 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shane
->Temp folder emptied: 34322 bytes
->Temporary Internet Files folder emptied: 125639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54860478 bytes
->Flash cache emptied: 796 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6036 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 126.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12082010_190728

Files moved on Reboot...
File move failed. C:\Windows\System32\vfwwdm32R.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#34
SweetTech
Posted 09 December 2010 - 04:03 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Browse button and search for the following file: C:\Windows\System32\vfwwdm32R.dll
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply
  • 0

#35
ShaneStorm
Posted 09 December 2010 - 04:40 PM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I think this is what you requested:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
vfwwdm32.dll
Submission date:
2010-12-09 22:33:12 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.09.00 2010.12.08 -
AntiVir 7.10.14.244 2010.12.09 -
Antiy-AVL 2.0.3.7 2010.12.09 -
Avast 4.8.1351.0 2010.12.09 -
Avast5 5.0.677.0 2010.12.09 -
AVG 9.0.0.851 2010.12.09 -
BitDefender 7.2 2010.12.09 -
CAT-QuickHeal 11.00 2010.12.09 -
ClamAV 0.96.4.0 2010.12.09 -
Command 5.2.11.5 2010.12.09 -
Comodo 7004 2010.12.09 -
DrWeb 5.0.2.03300 2010.12.09 -
Emsisoft 5.1.0.1 2010.12.09 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8029 2010.12.09 -
F-Prot 4.6.2.117 2010.12.09 -
F-Secure 9.0.16160.0 2010.12.09 -
Fortinet 4.2.254.0 2010.12.09 -
GData 21 2010.12.09 -
Ikarus T3.1.1.90.0 2010.12.09 -
Jiangmin 13.0.900 2010.12.09 -
K7AntiVirus 9.71.3200 2010.12.09 -
Kaspersky 7.0.0.125 2010.12.09 -
McAfee 5.400.0.1158 2010.12.09 -
McAfee-GW-Edition 2010.1C 2010.12.09 -
Microsoft 1.6402 2010.12.09 -
NOD32 5689 2010.12.09 -
Norman 6.06.12 2010.12.09 -
nProtect 2010-12-09.01 2010.12.09 -
Panda 10.0.2.7 2010.12.09 -
PCTools 7.0.3.5 2010.12.09 -
Prevx 3.0 2010.12.09 -
Rising 22.77.03.05 2010.12.09 -
Sophos 4.60.0 2010.12.09 -
SUPERAntiSpyware 4.40.0.1006 2010.12.09 -
Symantec 20101.3.0.103 2010.12.09 -
TheHacker 6.7.0.1.097 2010.12.09 -
TrendMicro 9.120.0.1004 2010.12.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.09 -
VIPRE 7580 2010.12.09 -
ViRobot 2010.12.9.4193 2010.12.09 -
VirusBuster 13.6.84.1 2010.12.09 -
Additional information
Show all
MD5 : 65c092ef598dcca1d665d52f06829512
SHA1 : 45f7ba1338608c2c78032c5f1acf791205aa6e6c
SHA256: ef84efd4c6ea9a083687ff90f7f91ec54862e146cf76690cedc9e2f0eace324e
ssdeep: 1536:jVma104Xm+czKPreOVxfUjVLzV+OivzKVW:p319m+czKPreum5Z+DvzKV
File size : 56832 bytes
First seen: 2009-09-22 17:28:40
Last seen : 2010-12-09 22:33:12
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: VfW MM Driver for WDM Video Capture Devices
original name: VfWWDM32.DLL
internal name: VfWWDM32.dll
file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x7F8B
timedatestamp....: 0x4791A777 (Sat Jan 19 07:32:07 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA2ED, 0xA400, 6.47, 8367eb830a08c555dc98059820357317
.data, 0xC000, 0x960, 0x600, 2.43, c14f06aa09fe07f18bd7ee8a1b0fc6a0
.rsrc, 0xD000, 0x2698, 0x2800, 3.56, 6b8e60d4a7918765749fc16fee8d102e
.reloc, 0x10000, 0x73E, 0x800, 5.22, f5e92714ef9a570820b1de795f41d84b

[[ 9 import(s) ]]
msvcrt.dll: _amsg_exit, _initterm, free, _adjust_fdiv, _except_handler4_common, malloc, _XcptFilter, _purecall, strtol, memcpy, __3@YAXPAX@Z, memset, __2@YAPAXI@Z, _vsnprintf
ksuser.dll: KsCreatePin
USER32.dll: SetForegroundWindow, LoadCursorA, RegisterClassA, CreateWindowExA, GetWindowRect, GetClientRect, DefWindowProcA, PostQuitMessage, GetMessageA, DispatchMessageA, GetClassInfoA, FindWindowA, GetWindowLongA, WinHelpA, SetWindowLongA, GetParent, IsWindowEnabled, EnableWindow, SetWindowTextA, ShowWindow, LoadStringA, MessageBoxA, SendMessageA, GetDlgItem, UnregisterClassA
KERNEL32.dll: InterlockedDecrement, InterlockedIncrement, WideCharToMultiByte, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, Sleep, InterlockedExchange, CreateThread, SetThreadPriority, ResumeThread, ExitThread, WaitForMultipleObjectsEx, SetEvent, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, OutputDebugStringA, DisableThreadLibraryCalls, LoadLibraryA, GetProcAddress, GetModuleHandleA, FreeLibrary, VirtualAlloc, CreateEventA, GetLastError, VirtualFree, DeviceIoControl, WaitForSingleObject, CancelIo, CloseHandle, GetOverlappedResult
WINMM.dll: DefDriverProc, timeGetTime, DriverCallback
ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegCloseKey, RegQueryValueExA
ole32.dll: CoUninitialize, CoInitialize, CoCreateInstance, CoTaskMemFree
OLEAUT32.dll: -, -
COMCTL32.dll: -, PropertySheetA, CreatePropertySheetPageA

[[ 3 export(s) ]]
DllMain, DriverProc, VfwWdm
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 41984
CompanyName: Microsoft Corporation
EntryPoint: 0x7f8b
FileDescription: VfW MM Driver for WDM Video Capture Devices
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 56 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.0.6001.18000 (longhorn_rtm.080118-1840)
FileVersionNumber: 6.0.6001.18000
ImageVersion: 6.0
InitializedDataSize: 14848
InternalName: VfWWDM32.dll
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.0
ObjectFileType: Dynamic link library
OriginalFilename: VfWWDM32.DLL
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.0.6001.18000
ProductVersionNumber: 6.0.6001.18000
Subsystem: Windows GUI
SubsystemVersion: 6.0
TimeStamp: 2008:01:19 08:32:07+01:00
UninitializedDataSize: 0
  • 0

#36
SweetTech
Posted 09 December 2010 - 05:45 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Doing some further research, it appears that the file is legit, and I believe the detection by Avira is a False Positive. You may want to update Avira, and do a new scan with it to see if it's still being detected, and if so, go ahead and report it as a false positive here: http://analysis.avira.com/samples/

Are you experiencing any other issues?
  • 0

#37
ShaneStorm
Posted 09 December 2010 - 10:59 PM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Actually, I made a mistake the first time. I just checked the file vfwwdm32.dll, not vfwwdm32R.dll.

I went back to try the right one, but when I selected it I got this message:

"vfwwdm32R.dll
You don't have permission to open this file.

Contact the file owner or an administrator to obtain permission."

Then Avira popped up and asked to remove the file to quarantine. It seems like this file just keeps coming back after Avira gets rid of it. Let me know the next step; and again, sorry for the mixup.
  • 0

#38
SweetTech
Posted 10 December 2010 - 11:43 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Let me have you run a couple of tools for me:

Download LockSearch to your desktop

  • Double-click LockSearch.exe
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply.


NEXT:




OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and [b]Paste that report in your next reply.

  • 0

#39
ShaneStorm
Posted 10 December 2010 - 10:04 PM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here are the logs.

LockSearch:

LockSearch by jpshortstuff (05.11.09.1)
Log created at 21:29 on 10/12/2010 (Felicia)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------

-=E.O.F=-




OTL:

OTL logfile created on: 12/10/2010 9:52:54 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Felicia\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 18.40 Gb Free Space | 29.56% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.95 Gb Free Space | 60.93% Space Free | Partition Type: NTFS

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/09 18:38:39 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/06 16:50:35 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/06 16:50:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/22 10:16:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe
PRC - [2010/11/02 16:09:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 16:09:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/01 07:32:00 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Quicktime\iTunesHelper.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/25 14:17:16 | 000,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/01/24 23:42:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/01/24 23:42:14 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/01/24 23:42:14 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/01/24 23:42:14 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 17:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 10:16:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/09 18:38:39 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/04 19:26:47 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/11/02 16:09:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2010/12/09 18:38:45 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 16:38:07 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/29 14:10:12 | 000,020,560 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys -- (nnfwdk)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/15 06:09:18 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/15 06:09:18 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/03/15 06:09:18 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/24 23:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/12/14 21:54:26 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/14 21:53:56 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/12 00:02:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/11/12 05:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/09/28 23:31:54 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 20:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 20:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 20:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=4080315
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://login.live.co...4855&mkt=en-us"
FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter7\FFAddon\ [2010/09/10 15:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/06 16:50:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/06 16:50:42 | 000,000,000 | ---D | M]

[2008/11/18 10:07:28 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Extensions
[2010/12/09 22:57:49 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions
[2009/09/01 17:18:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/27 21:59:44 | 000,000,000 | ---D | M] (Babylon-English Toolbar) -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2009/06/11 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]
[2009/09/22 20:17:12 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]
[2010/11/29 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]
[2009/07/15 14:30:13 | 000,001,498 | ---- | M] () -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\searchplugins\givoogle.xml
[2010/11/06 19:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 19:47:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/06 19:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/08/27 21:59:41 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/02/03 23:55:00 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/12/06 21:28:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Quicktime\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Felicia\Desktop\Wedding\5E1U0116.JPG
O24 - Desktop BackupWallPaper: C:\Users\Felicia\Desktop\Wedding\5E1U0116.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 19:07:28 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/03 22:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/03 16:42:45 | 000,000,000 | ---D | C] -- C:\Users\Felicia\AppData\Roaming\Foxit Software
[2010/11/29 18:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/11/29 18:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/11/22 21:50:21 | 000,000,000 | ---D | C] -- C:\Users\Felicia\Desktop\JavaRa
[2010/11/22 10:16:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe
[2010/11/20 17:14:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/20 17:14:39 | 000,000,000 | ---D | C] -- C:\Users\Felicia\AppData\Local\temp
[2010/11/20 17:13:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/20 16:55:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/20 16:54:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/18 21:55:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/18 21:55:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/18 21:55:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/18 21:55:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/18 21:54:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/17 19:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2010/11/17 19:20:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 11:15:10 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

========== Files - Modified Within 30 Days ==========

[2010/12/10 21:55:23 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job
[2010/12/10 21:53:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
[2010/12/10 21:19:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 21:19:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 21:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/10 21:19:03 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/09 18:38:45 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/07 21:11:00 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/07 21:11:00 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/07 18:42:36 | 000,015,194 | ---- | M] () -- C:\Users\Felicia\AppData\Roaming\wklnhst.dat
[2010/12/06 21:28:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/11/30 22:20:22 | 000,009,224 | ---- | M] () -- C:\Users\Felicia\Desktop\dental.xlsx
[2010/11/29 18:41:34 | 000,001,049 | ---- | M] () -- C:\Users\Felicia\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/11/29 18:41:34 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/11/23 16:38:07 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/22 21:49:56 | 000,205,540 | ---- | M] () -- C:\Users\Felicia\Desktop\JavaRa.zip
[2010/11/22 10:16:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2010/11/29 18:41:34 | 000,001,049 | ---- | C] () -- C:\Users\Felicia\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/11/29 18:41:34 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/11/22 21:49:56 | 000,205,540 | ---- | C] () -- C:\Users\Felicia\Desktop\JavaRa.zip
[2010/11/18 21:55:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/18 21:55:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/18 21:55:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/18 21:55:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/18 21:55:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/30 16:57:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/04 13:34:03 | 000,000,094 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/11/08 17:33:00 | 000,002,196 | ---- | C] () -- C:\ProgramData\QuickSet.xml
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/15 22:11:55 | 000,001,356 | ---- | C] () -- C:\Users\Felicia\AppData\Local\d3d9caps.dat
[2008/11/17 21:06:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/17 21:06:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/03/30 20:11:06 | 000,015,194 | ---- | C] () -- C:\Users\Felicia\AppData\Roaming\wklnhst.dat
[2008/03/30 19:06:16 | 000,025,600 | ---- | C] () -- C:\Users\Felicia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/15 06:09:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/15 06:09:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/15 06:09:57 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/15 06:09:56 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/15 06:09:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/14 22:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/07 22:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/08/28 11:10:12 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Babylon
[2010/12/03 16:42:45 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Foxit Software
[2008/10/23 14:35:19 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Leadertech
[2008/03/30 20:11:08 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Template
[2010/12/10 15:53:15 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/10 21:53:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
[2010/12/10 21:55:23 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/11/20 17:14:37 | 000,018,489 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/03/15 06:10:12 | 000,003,367 | RH-- | M] () -- C:\dell.sdr
[2010/12/10 21:19:03 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/29 20:50:52 | 000,000,785 | -H-- | M] () -- C:\IPH.PH
[2010/11/22 21:50:51 | 000,002,132 | ---- | M] () -- C:\JavaRa.log
[2008/03/14 22:32:46 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/03/14 22:32:46 | 000,022,729 | ---- | M] () -- C:\newkey
[2009/07/13 09:54:21 | 000,000,596 | ---- | M] () -- C:\nsinst.log
[2010/12/10 21:19:02 | 2450,845,696 | -HS- | M] () -- C:\pagefile.sys
[2010/11/14 16:21:30 | 000,000,530 | ---- | M] () -- C:\rkill.log
[2008/03/14 22:52:12 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\Fonts\*.com >
[2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/11/04 19:40:54 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/03/30 19:25:22 | 000,001,634 | -H-- | M] () -- C:\Users\Felicia\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/01/30 08:25:17 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/21 18:20:57 | 000,000,286 | -HS- | M] () -- C:\Users\Felicia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/22 10:16:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/11/04 19:57:22 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/11/04 19:56:51 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/11/04 19:56:51 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/11/04 19:56:51 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/11/04 19:56:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/11/04 19:56:52 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/06 19:40:00 | 000,000,402 | -HS- | M] () -- C:\Users\Felicia\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/11/08 17:33:00 | 000,002,196 | ---- | M] () -- C:\ProgramData\QuickSet.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-24 20:05:44

< End of report >
  • 0

#40
SweetTech
Posted 11 December 2010 - 07:29 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Kenco
Please Download Kenco.exe ... by jpshortstuff. Save it to your desktop.
Please close all other programs before executing!
  • Double click Kenco.exe, to begin execution. Scan should only take a few minutes.
    When finished, the log file " Kenco.log" will open in Notepad.
  • Please post the contents of the Kenco.log text file in your next reply.
The Kenco.log file will be saved in the same location where you saved the program.
  • 0

Advertisements

#41
ShaneStorm
Posted 11 December 2010 - 08:07 AM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
As requested:

Kenco by jpshortstuff (31.12.09.1)
Log created at 08:05 on 11/12/2010 (Felicia)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\Windows\Tasks ==========
User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job -> [22:06 05/11/2010] 418 bytes
User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job -> [18:08 09/10/2008] 422 bytes

-=E.O.F=-
  • 0

#42
SweetTech
Posted 11 December 2010 - 08:14 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
C:\Windows\System32\vfwwdm32R.dll

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#43
ShaneStorm
Posted 11 December 2010 - 09:38 PM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran the ComboFix script you gave me.

After I ran it, I double-clicked on Mozilla Firefox and got this message:

"C:\Program Files\Mozilla Firefox\firefox.exe:

Illegal operation attempted on a registry key that has been marked for deletion."

I got it to open by right-clicking and using "Run as administrator."

Actually, it looks like I get that same error message when I click on anything.

Here's the log:

ComboFix 10-12-11.03 - Felicia 12/11/2010 21:08:54.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.989 [GMT -6:00]
Running from: c:\users\Felicia\Desktop\ComboFix.exe
Command switches used :: c:\users\Felicia\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: SUPERAntiSpyware *Disabled/Updated* {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\System32\vfwwdm32R.dll"
.

((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 03:15 . 2010-12-12 03:17 -------- d-----w- c:\users\Felicia\AppData\Local\temp
2010-12-12 03:15 . 2010-12-12 03:15 -------- d-----w- c:\users\Shane\AppData\Local\temp
2010-12-12 03:15 . 2010-12-12 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 14:13 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEA3F7BA-CDD9-468F-81CC-72A2C70C413E}\mpengine.dll
2010-12-09 01:07 . 2010-12-09 01:07 -------- d-----w- C:\_OTM
2010-12-04 04:55 . 2010-12-04 04:55 -------- d-----w- c:\program files\ESET
2010-12-03 22:42 . 2010-12-03 22:42 -------- d-----w- c:\users\Felicia\AppData\Roaming\Foxit Software
2010-11-30 00:41 . 2010-11-30 00:41 -------- d-----w- c:\program files\Ask.com
2010-11-30 00:41 . 2010-11-30 00:41 -------- d-----w- c:\program files\Foxit Software
2010-11-23 22:43 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-18 01:29 . 2010-11-18 01:29 -------- d-----w- c:\users\Shane\AppData\Roaming\Philipp Winterberg
2010-11-18 01:29 . 2010-11-18 01:29 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-11-18 01:20 . 2010-11-18 01:20 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 00:38 . 2010-11-01 14:21 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-23 22:38 . 2010-11-01 14:21 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-07 01:47 . 2010-11-07 01:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 16:41 . 2009-12-02 22:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 05:47 . 2010-09-23 05:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 05:32 . 2010-09-23 05:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-15 08:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-05 01:26 . 2010-11-05 01:27 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 04:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-11-05 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-02-25 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\quicktime\iTunesHelper.exe" [2010-09-01 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-14 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-05 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys [2009-12-29 20560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-12-15 111104]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1283015231&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\NetRatingsNetSight\NetSight\meter7\FFAddon\components\nsgkff36_meter7.dll
FF - component: c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
FF - component: c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\quicktime\Mozilla Plugins\npitunes.dll
FF - plugin: c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Nielsen: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7} - c:\program files\NetRatingsNetSight\NetSight\meter7\FFAddon
FF - Extension: Move Media Player: [email protected] - c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Extension: Foxit Toolbar: [email protected] - c:\users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{CE18769B-C7FA-42D2-860D-17C4662C70AD} - (no file)
AddRemove-Adobe Acrobat Connect Add-in - c:\users\Felicia\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 21:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-11 21:26:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 03:25
ComboFix2.txt 2010-11-20 23:14
ComboFix3.txt 2010-11-19 04:07

Pre-Run: 19,711,229,952 bytes free
Post-Run: 19,684,347,904 bytes free

- - End Of File - - 7F4D69395222642B537D6BE9A06456FF
  • 0

#44
SweetTech
Posted 12 December 2010 - 07:22 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Reboot your computer and that error message should go away.

How are things running?
  • 0

#45
ShaneStorm
Posted 14 December 2010 - 07:41 PM

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Well, I rebooted and got rid of the error message.

I ran the Avira scan, and it looks like I am virus free.

I haven't noticed any other operating problems. Is there anything else I need to do?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP