Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible hidden infection

Started by anthom , Mar 25 2011 11:02 PM

  • This topic is locked This topic is locked

#1
anthom
Posted 25 March 2011 - 11:02 PM

anthom

    Member

  • Member
  • PipPip
  • 77 posts
I've been working with a couple of techs in the XP forum to diagnose slow startup and lag on my computer. With their help it's running a lot faster and smoother now, but apparently there are some lingering issues that could be malware-related, mostly on account of torrent use. The thread is here: http://www.geekstogo...ess-everywhere/

Per rshaffer61's recommendation, I am posting an OTL log here.



OTL logfile created on: 26/03/2011 12:54:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrew\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.70 Gb Total Space | 94.12 Gb Free Space | 20.34% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 0.29 Gb Free Space | 7.69% Space Free | Partition Type: FAT32

Computer Name: TOMSERVO | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 00:33:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\My Documents\Downloads\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2010/10/18 14:49:24 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/02/03 13:34:16 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/04 02:06:14 | 000,106,496 | ---- | M] () -- C:\Program Files\M-Audio Uno\UnoInst.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 00:33:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (GCALDaemon)
SRV - File not found [Disabled | Stopped] -- -- (DOMWVKYPS)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/03 13:34:16 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe -- (MIDISPORTAudioDevMon)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/12/04 02:06:14 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio Uno\UnoInst.exe -- (UnoInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/25 06:22:13 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9061A46-64C6-49EF-A5A6-ACA68A12BC61}\MpKsl51e467fd.sys -- (MpKsl51e467fd)
DRV - [2010/02/24 19:52:05 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/24 19:52:04 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 19:52:04 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/24 14:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/03 13:33:44 | 000,166,920 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioMIDISPORT.sys -- (MAUSBMIDISPORT)
DRV - [2009/12/17 16:02:34 | 000,123,280 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/12/17 16:02:34 | 000,110,096 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/12/17 16:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/12/17 16:02:34 | 000,041,616 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/12/17 16:02:34 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009/12/11 19:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/23 15:07:40 | 000,006,528 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2009/07/07 18:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/06/10 14:57:45 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/30 19:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 18:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 18:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/02/27 18:12:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/09/20 20:13:40 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 15:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/08 16:51:54 | 000,010,880 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DFUUsb.sys -- (DfuUsb)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/03 14:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1999/08/12 07:59:08 | 000,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071201

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 12:38:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 00:40:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 00:40:37 | 000,000,000 | ---D | M]

[2010/07/05 19:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
[2009/02/28 23:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/03/20 20:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008/11/23 08:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\{ee53ece0-255c-4cc6-8a7e-81a8b6e5ba2c}
[2010/07/05 19:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\MediaCoder
[2008/09/10 22:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\[email protected]
[2009/05/28 20:19:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\[email protected]
[2011/03/26 00:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions
[2011/03/26 00:54:40 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/03/26 00:41:55 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/04/26 21:04:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/26 00:54:41 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/03/26 00:54:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/24 06:54:50 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/27 12:58:56 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/03/26 00:54:41 | 000,000,000 | ---D | M] (Book Burro) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{c7d1f80d-de65-49ee-852b-2b00b3b19a5d}
[2011/02/19 13:32:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/25 07:11:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/25 07:11:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/26 00:54:40 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/02/19 13:33:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/26 00:54:43 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2011/03/26 00:54:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2011/03/22 20:30:30 | 000,000,000 | ---D | M] (feedly) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\feedly@devhd
[2011/02/19 13:31:35 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2011/03/22 20:32:36 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2011/03/22 20:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\feedly@devhd\content\app\extension
[2010/12/14 22:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\pqdom6yr.Carla-test\extensions
[2010/10/23 00:47:48 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\pqdom6yr.Carla-test\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/12/14 22:44:29 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\pqdom6yr.Carla-test\extensions\[email protected]
[2011/03/26 00:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/20 20:27:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/13 21:20:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/04/06 18:53:24 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/26 20:15:47 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 12:35:04 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2006/02/23 09:16:20 | 000,034,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62i9x.dll
[2006/02/23 09:16:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62int.dll
[2008/06/19 18:53:24 | 000,000,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml

O1 HOSTS File: ([2010/12/15 21:37:29 | 000,374,549 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12906 more lines...
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a7ae534b-7181-11df-b96e-001aa09c49e7}\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 23:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/03/25 23:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/25 06:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\Desktop
[2011/03/24 06:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\{E6BD42D3-E8A6-4469-B72F-B5256066F41F}
[2011/03/22 21:03:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\TFC.exe
[2011/03/22 06:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavalys
[2011/03/22 06:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2011/03/20 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\Converted Videos
[2011/03/20 13:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Geckofx
[2011/03/20 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\AviSynth 2.5
[2011/03/20 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5
[2011/03/20 13:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/03/13 15:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\songs w stan
[2011/03/11 20:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Amazon
[2011/03/11 20:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Amazon
[2011/03/11 20:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\My Kindle Content
[2011/03/04 23:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\resophnotes
[2010/12/14 22:44:10 | 009,163,464 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2008/11/02 16:24:11 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/07/27 14:21:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Andrew\Application Data\pcouffin.sys
[15 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/26 00:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/26 00:02:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-25493563-1537101674-3878521831-1005UA.job
[2011/03/25 23:50:59 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/03/25 23:50:59 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/03/25 20:02:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-25493563-1537101674-3878521831-1005Core.job
[2011/03/25 07:57:39 | 000,005,808 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/03/25 07:57:39 | 000,001,956 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/03/25 06:14:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/25 06:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/25 06:07:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 06:07:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 06:07:18 | 3209,871,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 04:31:12 | 000,202,419 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\PICT1758.JPG
[2011/03/24 21:31:03 | 000,052,257 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\memtest86+-2.11.iso.zip
[2011/03/24 20:59:16 | 052,761,816 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\alivemix1.wav
[2011/03/24 06:56:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2011/03/24 06:56:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/24 06:55:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/03/23 21:57:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/03/22 21:03:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\TFC.exe
[2011/03/22 19:48:39 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2011/03/22 06:33:32 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\EVEREST Home Edition.lnk
[2011/03/20 13:31:23 | 000,242,176 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 22:27:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/14 20:16:01 | 020,364,702 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\vlc-1.1.7-win32.exe
[2011/03/13 11:41:35 | 000,555,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 11:41:35 | 000,107,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/11 20:14:33 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Kindle For PC.lnk
[2011/03/11 09:47:36 | 000,206,737 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\PICT1757.JPG
[2011/03/09 07:18:39 | 000,002,655 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Omron Health Management Software.lnk
[2011/02/24 07:22:51 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Shortcut to procexp.exe.lnk
[15 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 23:50:59 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/03/25 23:50:59 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/03/24 21:31:35 | 001,839,104 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\memtest86+-2.11.iso
[2011/03/24 21:30:55 | 000,052,257 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\memtest86+-2.11.iso.zip
[2011/03/24 20:58:19 | 052,761,816 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\alivemix1.wav
[2011/03/24 06:56:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2011/03/24 06:55:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/03/22 19:48:38 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2011/03/22 06:33:32 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\EVEREST Home Edition.lnk
[2011/03/14 20:14:49 | 020,364,702 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\vlc-1.1.7-win32.exe
[2011/03/11 20:14:33 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Kindle For PC.lnk
[2011/02/24 07:22:51 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Shortcut to procexp.exe.lnk
[2010/12/11 19:42:48 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2010/11/14 19:21:34 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/11/14 19:21:34 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2010/06/24 03:15:36 | 000,759,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/27 06:23:18 | 000,001,291 | ---- | C] () -- C:\WINDOWS\MultiTimer.ini
[2010/04/22 19:30:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 00:04:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/01 23:20:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/01/28 20:21:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/01/28 20:21:10 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/01/28 20:20:23 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/01/28 20:20:23 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/01/28 20:20:21 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/01/23 00:12:14 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/11/28 01:09:15 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/06/17 21:08:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/14 13:53:40 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2009/06/14 13:53:40 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
[2008/10/28 09:43:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/11 21:34:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2008/08/25 19:33:43 | 000,045,843 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/27 14:21:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\pcouffin.cat
[2008/07/27 14:21:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\pcouffin.inf
[2008/07/18 23:14:44 | 000,000,462 | ---- | C] () -- C:\WINDOWS\XEDIT.INI
[2008/07/18 23:14:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\IWDATA.INI
[2008/05/16 16:36:03 | 000,001,203 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/22 18:04:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/03/28 16:38:22 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/03/28 15:47:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/03/22 13:48:56 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/03/13 19:58:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/13 18:49:48 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/12 20:28:38 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\burnaware.ini
[2008/02/06 00:15:25 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2008/02/03 14:29:46 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2008/01/24 21:57:04 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/23 04:08:22 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/01/17 19:27:06 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_dcupdater_InstallInfo.dat
[2008/01/17 19:27:06 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DonationCoder_dcupdater_InstallInfo.dat
[2008/01/16 13:33:41 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_findrunrobot_InstallInfo.dat
[2008/01/16 13:33:41 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2008/01/01 19:08:24 | 000,088,180 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/12/19 19:38:11 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/12/09 16:08:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/12/08 11:55:01 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2007/12/05 21:44:54 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2007/12/05 21:28:54 | 000,000,889 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/12/05 21:28:54 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/12/05 21:28:53 | 000,006,838 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2007/12/05 21:13:03 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/05 20:12:02 | 000,242,176 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/05 19:27:27 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/12/05 19:20:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/01 17:32:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/01 17:27:43 | 000,000,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/01 17:06:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/12/01 17:06:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/01 17:05:09 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/10/02 06:50:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2007/10/02 06:50:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,408,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,555,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,107,202 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2008/03/04 23:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/02/12 22:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/08/25 21:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2008/12/21 23:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/01/06 18:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/03/28 10:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2010/09/21 17:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2009/11/28 01:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2009/03/09 19:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2008/03/28 15:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/06/15 21:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2010/12/12 11:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/01/23 01:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iTunesFolderWatch
[2008/06/04 05:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/12/30 21:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2008/05/04 13:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/01 13:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/11/08 09:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2008/01/24 22:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/07/03 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/03/28 22:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2009/06/07 11:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2007/12/01 17:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/26 20:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/10 23:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Filter
[2010/12/10 23:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Titanium
[2010/12/16 07:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/11/01 13:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoSpin
[2011/01/29 21:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/01/05 23:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2009/12/18 23:53:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
[2010/12/07 21:24:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/06/22 20:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/23 17:08:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}
[2009/09/10 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/08 01:09:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{79765BB1-32BA-49A3-9C48-09E4BC90C4FB}
[2009/05/09 10:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/08 02:03:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8F5D0347-D877-498F-B7AC-97E6A4293F23}
[2010/08/08 00:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2010/08/08 21:59:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D846F3EF-F0F4-405D-B821-4916CCDF06D2}
[2010/12/22 21:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
[2011/01/02 10:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\.minecraft
[2011/02/13 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\.purple
[2010/06/20 18:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\.sane
[2008/03/04 23:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Acoustica
[2010/07/24 11:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AeroSnapApp
[2008/02/13 22:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Amazon
[2009/02/24 14:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AMPSoft
[2009/08/10 21:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Aptana
[2008/09/20 00:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Artweaver
[2011/01/24 07:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\atunes
[2008/11/16 16:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AudioMoves
[2010/09/18 19:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Auslogics
[2010/08/07 14:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Azureus
[2008/01/11 00:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Binary Fortress Software
[2010/10/19 20:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\BOXEE
[2009/07/15 23:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Braid
[2008/02/13 23:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Brainwave
[2010/09/18 10:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Broad Intelligence
[2010/11/14 14:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Canon
[2011/02/01 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2009/03/28 10:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\CrashPlan
[2008/09/20 20:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\DAEMON Tools
[2009/02/19 23:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2008/11/23 17:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Desktop Sidebar
[2010/09/21 17:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\DonationCoder
[2011/02/23 22:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Dropbox
[2010/04/06 18:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\E-centives
[2009/02/26 21:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Executor
[2008/11/15 23:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ExportTool
[2008/10/17 21:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Flickr
[2010/08/26 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\fltk.org
[2010/01/30 00:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Foxit
[2010/11/05 22:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Foxit Software
[2008/03/16 06:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Fraunhofer
[2010/09/03 22:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\GrabPro
[2008/01/29 19:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\GreenPrint
[2011/01/17 23:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\gtk-2.0
[2010/06/27 18:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\HandBrake
[2009/03/09 19:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\HighAndes
[2008/03/28 15:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\HotSync
[2010/06/19 12:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ImgBurn
[2009/01/26 20:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\IMSI
[2008/03/24 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\InfraRecorder
[2008/11/08 12:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\IrfanView
[2009/10/13 20:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\iSproggler
[2010/10/04 06:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
[2009/12/30 21:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\johnsadventures.com
[2007/12/24 13:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\KeePass
[2008/05/10 17:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
[2009/06/20 17:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\KompoZer
[2010/09/18 13:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Lala Music Mover
[2010/09/21 22:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Launchy
[2008/03/28 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Leadertech
[2008/11/08 15:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Livestation
[2009/01/23 23:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Locate32
[2008/08/08 05:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\MiniLyrics
[2008/05/22 20:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mobipocket
[2008/11/28 23:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\MusicIP
[2009/04/03 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1
[2008/02/20 23:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\NetMedia Providers
[2010/12/08 18:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Notepad++
[2008/01/26 00:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\OfficeUpdate12
[2010/08/29 19:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\OpenDNS Updater
[2010/09/20 20:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\OpenOffice.org
[2008/12/06 10:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Opera
[2010/09/18 11:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Orbit
[2007/12/05 20:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Participatory Culture Foundation
[2009/04/16 20:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\PCF-VLC
[2009/01/18 00:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\PDF reDirect
[2010/09/03 22:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ProgSense
[2008/02/20 23:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Publish Providers
[2010/09/16 22:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\REAPER
[2010/06/15 21:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\runic games
[2011/01/17 11:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Scup.3AF73A5FDE434F6A6E19034B4D8311A6F5D9BBFC.1
[2009/04/03 11:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SecondLife
[2009/04/26 14:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Snowmint Creative Solutions LLC
[2010/07/03 14:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Soluto
[2008/03/28 22:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Songbird1
[2008/09/10 22:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Songbird2
[2008/02/20 23:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Sony
[2009/12/06 18:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SoundSpectrum
[2008/11/23 08:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Spicebird
[2011/02/12 17:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Spotify
[2008/07/27 01:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Stellarium
[2008/11/02 17:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SynthFont
[2008/01/10 19:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SystemRequirementsLab
[2011/02/03 19:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TeamViewer
[2007/12/08 11:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Template
[2011/03/25 06:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TeraCopy
[2010/01/17 00:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TheLastRipper
[2009/02/28 14:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Thunderbird
[2010/09/22 06:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2008/02/20 22:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TimeSnapper
[2010/12/10 23:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Titanium
[2010/12/07 21:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TuneUp Software
[2009/04/27 21:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/10/20 06:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Unity
[2011/03/26 00:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\uTorrent
[2009/12/30 21:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Vso
[2009/03/08 20:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Windows Live Writer
[2008/04/06 11:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Windows Search
[2011/01/29 21:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\WindSolutions
[2008/11/26 06:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\WinPatrol
[2011/03/23 06:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ZumoCast
[2011/03/25 06:14:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C95C06
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 28 March 2011 - 08:59 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.


Hi, I'm Dakeyras and I am going to try to assist you with your problem. :D

Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

I have read the topic you mentioned, so lets proceed as follows shall we...

Scan With RKUnHooker:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Scan with OTL:

Please delete your current copy of OTL and all logs created and then empty the Recycle Bin.

Then download a new copy of OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • RKUnHooker Log.
  • Both OTL Logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
anthom
Posted 28 March 2011 - 09:05 AM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I will have to try this tonight when I get home. I'll update as soon as I have the scan results.
  • 0

#4
Dakeyras
Posted 28 March 2011 - 09:09 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
OK, fine. :D
  • 0

#5
anthom
Posted 28 March 2011 - 07:57 PM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Alright. First off, the PC has been acting pretty well, actually. It's been much more stable since going over it in the XP forum than it has in a while. I do notice some odd behavior with addons in Firefox, where I can disable them, but not uninstall them.

I am running OTL right now, and will reply with the OTL and Extras logs when it's done.

Here are the results of the Rootkit Unhooker scan:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB93EC000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0xB9E44000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D80000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8CA2000 C:\WINDOWS\System32\Drivers\wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA8DE6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9205000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8F2F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8642000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF48D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9397000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xA7C5B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB927D000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9D53000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA79B4000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8E56000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA8C7A000 C:\WINDOWS\system32\DRIVERS\MAudioMIDISPORT.sys 163840 bytes (M-Audio, M-Audio USB Audio Driver (WDM))
0xA8F07000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA8FF6000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8EE1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA7A2F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9373000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9350000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8EBF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA8E81000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E24000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA8EA2000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 118784 bytes (Sun Microsystems, Inc., VirtualBox Support Driver)
0xB9D39000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9263000 C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 106496 bytes (Sun Microsystems, Inc., VirtualBox Bridged Networking Driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8C62000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E0D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB92D5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB92AD000 C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 94208 bytes (Sun Microsystems, Inc., VirtualBox Host-Only Network Adapter Driver)
0xA847D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB93D8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8F88000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xA8FE3000 C:\WINDOWS\system32\DRIVERS\mozy.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB92C4000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA278000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA90BD000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA248000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA86FA000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA90CD000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA90AD000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA258000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA308000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA218000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA298000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7AD3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Sun Microsystems, Inc., VirtualBox USB Monitor Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA420000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\WinUSB.sys 32768 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA4B0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA438000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA390000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA811E000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D5A50D-0086-4483-B56C-AAF81CC603D9}\MpKsl173cadaf.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA428000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA498000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA410000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xBA418000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA370000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA378000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA340000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA448000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB91F1000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xA8616000 C:\WINDOWS\System32\Drivers\mrtRate.SYS 16384 bytes (Marimba, Inc., Rate Sensing Driver)
0xB9973000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8B42000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB91E5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9201000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA580000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB91FD000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9CF9000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5B6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5BC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5B4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5B8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5BA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA718000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7CE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA73F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Andrew\Application Data\Dropbox\shellext\l\4d911dc1
!-->[Hidden] C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\sessionstore.bak
!-->[Hidden] C:\Documents and Settings\Andrew\Application Data\REAPER\FXChains\goodvox.RfxChain
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\01DC885Dd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\02E9EFCFd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\057C2D89d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\080815ACd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\1B0BA804d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\1E6BCB50d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\2FF073D1d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\35FB3A33d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\54D894BEd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\582FF599d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\61A118FAd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\6B4A85ADd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\70965991d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\85F3B282d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\8A65509Ad01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\8A7F719Ad01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\9254A07Ed01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\930DEB1Ad01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\93ED2B51d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\96070E07d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\97766D94d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\A1292D2Bd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\A4F55702d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\A6B65ABAd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\AACD554Cd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\AFE0D98Dd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\B90CA752d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\BA6CCD82d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\BD1B477Bd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\C6716599d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\C849223Ed01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\CC7CBD00d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\D050F0B5d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\D2149691d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\D5903EA7d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\E152BD2Ad01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\EA8CC67Ad01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\EAFCF478d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\EE3C36A7d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\EE8E23DEd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\F37C1B2Bd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\F4A95BD2d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\F87DB68Cd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\FB5A1E54d01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\Cache\FE66F29Cd01
!-->[Hidden] C:\Documents and Settings\Andrew\Local Settings\temp\RWI32.tmp
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\02-110328_1951.wav
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\02-110328_1951.wav.reapeaks
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\02-110328_2004.wav
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\02-110328_2004.wav.reapeaks
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\03-110328_1951.wav
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\03-110328_1951.wav.reapeaks
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\03-110328_2004.wav
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\03-110328_2004.wav.reapeaks
!-->[Hidden] C:\Documents and Settings\Andrew\My Documents\REAPER Media\grandcentral\grandcentral.RPP
!-->[Hidden] C:\Documents and Settings\Andrew\Recent\grandcentral (2).lnk
!-->[Hidden] C:\Documents and Settings\Andrew\Recent\grandcentral.lnk
!-->[Hidden] C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf
!-->[Hidden] C:\WINDOWS\Prefetch\WAVOSAUR.1.0.5.0.EXE-018A7540.pf
!-->[Hidden] C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb::$DATA
!-->[Hidden] C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb::$DATA
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[2012]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2012]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2012]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2012]explorer.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]
[2012]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]
[2012]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]
[2012]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]
[2012]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2012]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2012]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2012]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
  • 0

#6
anthom
Posted 28 March 2011 - 07:59 PM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Here's the OTL log.

Attached Files

  • Attached File  OTL.Txt   81.19KB   148 downloads

  • 0

#7
anthom
Posted 28 March 2011 - 08:00 PM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
..and extras.

Attached Files


  • 0

#8
Dakeyras
Posted 29 March 2011 - 09:01 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Alright. First off, the PC has been acting pretty well, actually. It's been much more stable since going over it in the XP forum than it has in a while. I do notice some odd behavior with addons in Firefox, where I can disable them, but not uninstall them.

OK and thanks for the update. If the need we can reset FireFox and or consider a new installation as a last recourse. Do not take any action with regard to this for now and if necessary we can address later on.

Peer to Peer Advice:

I see you have µTorrent installed. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop. It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall the aforementioned...However if you opt not to please refrain from using it during the course of the Malware Removal process, thank you.

Next:

Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Java™ 6 Update 22

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R togethor) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\otl-backup
and click on OK.

Note: If you have uninstalled ERUNT, please inform myself before proceeding any further.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
SRV - (GCALDaemon) --  File not found
SRV - (DOMWVKYPS) --  File not found
[2011/03/26 00:54:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-25493563-1537101674-3878521831-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O15 - HKU\.DEFAULT\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hulu.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: youtube.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hulu.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: youtube.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/03/27 20:12:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
[2011/03/27 20:09:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{57B10C8A-9A38-45B2-B696-92DA7712A65C}
[2011/03/24 06:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\{E6BD42D3-E8A6-4469-B72F-B5256066F41F}
[15 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[2011/03/27 20:08:42 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C95C06
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#9
anthom
Posted 29 March 2011 - 05:07 PM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Doesn't seem to be much of a difference, although the internet was slow when I first rebooted after the OTL scan/fix.
Anyway, I've attached the OTL scan to this post. Will post MBAM scan log (came back clean) in the next one.

Attached Files


  • 0

#10
anthom
Posted 29 March 2011 - 05:07 PM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Here's the MBAM log.

Attached Files


  • 0

Advertisements

#11
anthom
Posted 29 March 2011 - 05:11 PM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Oh, and it looks like the Firefox issue has cleared up now, as well. I have been able to uninstall several add-ons since running the scans and fixes in your last post.
  • 0

#12
Dakeyras
Posted 29 March 2011 - 06:49 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Oh, and it looks like the Firefox issue has cleared up now, as well. I have been able to uninstall several add-ons since running the scans and fixes in your last post.

Good. ...No actual need to attach any logs unless I request. :D

Create a Restore Point:

You may have disabled the System Restore feature or not...Please carry out the following:

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn On System Restore.
  • Click Apply, and then click OK.
Next carry out this:

  • Click on Start >> All Programs >> Accessories >> System Tools >> System Restore.
  • Check Create a restore point and click on Next.
  • Under Restore Point Description, type in GTG Backup and click on Create.
  • When informed Restore point created, click on Close.
  • You now have a restore point as a backup.
Next:

Re-run TFC(Temp File Cleaner) again please.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 6 Update 24 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u24 with JavaFX License Agreement box and click on Continue.
  • Click on jre-6u24-windows-i586.exe link to download it and save this to a convenient location.
  • Double-click on jre-6u24-windows-i586.exe to install Java.
Note: During installation de-select the option to install McAfee Security Scan Plus if offered.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Eset Log

  • 0

#13
anthom
Posted 30 March 2011 - 05:20 AM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
There doesn't seem to be a huge difference in performance before and after this set of scans/etc, but again, performance wasn't really an issue before either.

ESET didn't seem to find anything. I'm attaching the log just in case.

Attached Files

  • Attached File  log.txt   1.92KB   166 downloads

  • 0

#14
Dakeyras
Posted 30 March 2011 - 06:10 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

There doesn't seem to be a huge difference in performance before and after this set of scans/etc, but again, performance wasn't really an issue before either.

ESET didn't seem to find anything. I'm attaching the log just in case.
Attached File(s)

OK as it stands I am not seeing anything of a Malware related nature and in the event further issues with regard to performance arise...My best suggestion would be to carry on seeking advice/assistance with this matter here in your prior topic.

Now it may just be Microsoft Security Essentials is just not suited for your machine. I had problems using it with my XP machine and it was probably down to the vagaries of that machine what I have installed etc and uninstalled it. So it may be worthwhile considering one of the below to use instead:-

If issues in the future with FireFox, this is how you reset it and check for updates, as if I recall correctly the browser has been recently updated...

Reset FireFox:

  • Click on Start >> Run...
  • Enter the following command:
    firefox.exe -safe-mode
  • In the open window, select Reset all preferences to default Firefox.
  • Click on Make the changes and restart.
  • After FireFox restarts click on Check for Updates...
Also this application SpeedyFox improves browser load up time/performance to a extent.

Next

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Reset SR Points/Clean up with OTL:

  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once a week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • I advise you visit: http://update.micros...t.aspx?ln=en-us
  • Install the Active X
  • Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
  • Start >> All Programs >> Microsoft Updates
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#15
anthom
Posted 30 March 2011 - 09:32 AM

anthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Actually, what had been slowing down the PC was likely not MSE, but the Comodo security program I had installed alongside it. Thanks for your assistance in this!

I'm saving all the information from your last post so I can reference it later...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP