Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Extremely Slow Computer


  • This topic is locked This topic is locked

#16
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Trying to run OTL, but the scanning begings, it is gettng hung up on a driver its scanning. This is what I see in the bottom left corner.
Driver:WUSB54GCV3...
  • 0

Advertisements


#17
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Ok skip OTL. :)

Is the computer working properly now?
  • 0

#18
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
yes, when my connection to the internet is working properly...It seems to move much quicker.
Now Ive got my laptop to work on. Can we start from the begining and work on that system now? Same issues....
BTW...thanks for you help!!
  • 0

#19
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
:)

Ok, lets start clean up then move on to the next machine.

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image


Remove Other Tools
  • Download OTC to your desktop and run it
  • Click CleanUp! to begin the cleanup process and remove our tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

You may manually delete any remaining clutter from your desktop.

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

++++++++++++++++++++++++++++++++++++

Maintaning your computer

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete CLEAN
THEN
  • Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT

Defrag the harddrive

++++++++++++++++++++++++++++++++++


Instruction for the laptop computer.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Next

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#20
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The de-Frag program ran and this is the report below.
Just finsihed un-installing AVG on the lap top and will follow your directions with OTL....
Stand by.

/29 at 13:54:05
Analysis Report For C:

Total Files 114488
Total Directories 11112
Total Excluded 0
Total Deleted 0
Total Deleted Bytes 0 MB

Total Fragmented Files 3736
Total Fragmented Directories 162
Total Fragmented Bytes 8492 MB

MFT Fragments 6
Pagefile Fragments 1
Registry Fragments 2

Fragmentation Percentage By Size 18%
Fragmentation Percentage By Count 3%

Analysis Report For C: After Defragmentation

Total Fragmented Files 2
Total Fragmented Directories 0
Total Fragmented Bytes 7479 MB

Fragmentation Percentage By Size 16%
Fragmentation Percentage By Count 0%


The following files/directories were defragmented - Top 10

Path Lcn Size in MB Fragments
C:\Program Files\Canon\IJ Manual\MP240 SERIES\English\CMG\3PG 1597 0.02 1
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Crash Reports\pending 1601 0.02 1
C:\Documents and Settings\Owner\My Documents\Personal\Judith Dr 1609 0.02 1
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\Templates 1618 0.01 1
C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\2006-07-24-1447-50 1621 0.01 1
C:\Documents and Settings\Owner\My Documents\My Music\Jackie Greene\Sweet Somewhere Bound 1627 0.01 1
C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\8.0\Photo Creations\shapes\shapes.thumbnails 1629 0.01 1
C:\Documents and Settings\Owner\My Documents\Personal\Judith Dr\New Home shots 1631 0.01 1
C:\WINDOWS\Help\Tours\htmlTour 1633 0.04 1
C:\Documents and Settings\Owner\My Documents\My Pictures\Scott Mess CD ofPics 1644 0.01 1


The following files/directories are still fragmented - Top 10

Path Lcn Size in MB Fragments
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A57CGP12\Puran-Defrag-Download[1].htm 4619 0.00 2
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst 18682351 7479.49 2
  • 0

#21
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
cannot get this link to open to save onto my desktop...

•Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • 0

#22
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Open OTL and choose Run Scan (without the custom scan.txt), post the logs in your next reply.
  • 0

#23
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 5/2/2011 9:07:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\david\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.72 Gb Total Space | 52.87 Gb Free Space | 37.05% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 13:49:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
PRC - [2011/04/26 13:31:45 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/01/25 16:10:21 | 000,417,792 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\MobilitySyncManager.exe
PRC - [2011/01/25 16:09:23 | 000,011,776 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\MobilitySyncService.exe
PRC - [2010/04/09 17:52:39 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2010/01/20 21:12:24 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2009/10/07 00:19:00 | 000,593,920 | ---- | M] ( ) -- C:\Windows\System32\lmabcoms.exe
PRC - [2009/10/07 00:19:00 | 000,582,312 | ---- | M] ( ) -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/05/09 10:54:06 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2006/11/29 20:01:28 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/11/24 14:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/11/24 14:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/09/26 18:48:36 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/09/26 18:46:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/08/23 16:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 13:49:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - [2011/01/25 16:09:23 | 000,011,776 | ---- | M] (Sage Software, Inc.) [On_Demand | Running] -- C:\Program Files\ACT\ACT for Windows\MobilitySyncService.exe -- (MobilitySyncService)
SRV - [2010/04/09 17:52:39 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/01/20 21:23:24 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2009/10/07 00:19:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\LMabcoms.exe -- (lmab_device)
SRV - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/08 17:06:40 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/08 17:06:40 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/24 14:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/24 13:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/09/26 18:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/09/26 18:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/09/21 13:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2006/09/17 00:08:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/08/29 00:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/08/23 16:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)


========== Driver Services (SafeList) ==========

DRV - [2010/11/11 11:01:12 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/04/30 23:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/04/28 09:37:55 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/17 02:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/11/07 06:15:00 | 000,041,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2008/10/03 14:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2008/01/19 03:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/14 05:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071220.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/11/14 05:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071220.003\NAVENG.SYS -- (NAVENG)
DRV - [2007/11/06 12:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071218.003\IDSvix86.sys -- (IDSvix86)
DRV - [2007/05/04 17:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/06 12:36:48 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/10 09:01:31 | 000,030,976 | R--- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/12/20 21:53:32 | 000,017,359 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2006/12/19 13:38:00 | 004,447,808 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/07 16:43:05 | 000,012,416 | R--- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2006/11/30 09:06:09 | 000,227,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/11/30 09:00:38 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2006/11/30 09:00:38 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2006/11/20 20:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/17 15:30:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/10 17:43:38 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/09 09:01:09 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/06 04:09:26 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006/10/25 14:42:50 | 000,033,792 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyPI.sys -- (SPI)
DRV - [2006/10/18 15:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 14:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/10 22:33:22 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/05 19:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/02/02 04:15:14 | 000,196,409 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0060Vid.sys -- (V0060VID)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2001/09/04 19:44:50 | 000,214,240 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\udfreadr.sys -- (UdfReadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\..\URLSearchHook: {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/home-page
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://money.cnn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/11 15:55:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 10:50:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 10:50:14 | 000,000,000 | ---D | M]

[2008/09/01 21:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\david\AppData\Roaming\Mozilla\Extensions
[2011/04/15 13:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions
[2010/07/29 22:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/21 13:21:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/29 22:07:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/04 00:34:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\[email protected]
[2011/04/15 13:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/10 16:04:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (livetvbar Toolbar) - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (livetvbar Toolbar) - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (livetvbar Toolbar) - {AD55C869-668E-457C-B270-0CFB2F61116F} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Sage Mobile For ACT!] C:\Program Files\ACT\Act for Windows\MobilitySyncManager.exe (Sage Software, Inc.)
O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nnerenmls.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: realtytools.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma2.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([aar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([gbr] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] https in Trusted sites)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} http://www.toolkitcm...tkweb/tkweb.cab (Tkweb Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.ecampaign...geUploader5.cab (Image Uploader Control)
O16 - DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} https://www.trueform.../TFLauncher.dll (TFLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://www.securefi...Wizard7.0.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} http://www.nnerenmls...osi_valid9m.ocx (osi_valid.uCltValid9m)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.black...ls/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.42.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0972f4f8-59b3-11de-8e29-0019c19ec1d7}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{0972f4f8-59b3-11de-8e29-0019c19ec1d7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\m.exe /s
O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 13:49:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
[2011/04/27 13:55:20 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\barb
[2011/04/27 10:31:35 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 10:31:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 10:31:00 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/20 12:46:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/04/15 09:21:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/15 09:21:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 09:21:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 09:21:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 09:21:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 09:21:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 09:21:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 09:21:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/15 09:21:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/15 09:21:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/15 09:21:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/15 09:21:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/15 09:21:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 09:21:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 09:21:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 09:21:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 09:21:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 09:20:55 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 09:20:54 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/13 11:33:41 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/13 11:33:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/13 11:33:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/13 11:33:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/04/13 11:33:39 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/13 11:33:39 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/13 11:33:39 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/13 11:33:39 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/13 11:33:39 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/13 11:33:38 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/13 11:33:38 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/04/13 11:33:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/13 11:33:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/13 11:33:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/13 11:33:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/13 11:33:36 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/13 11:33:36 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/13 11:33:34 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/13 11:33:34 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/13 11:33:34 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/13 11:33:33 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/04/13 11:33:33 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/13 11:33:33 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/04/12 14:29:38 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/12 14:29:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/12 14:29:29 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/12 14:29:29 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/12 14:29:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/12 14:29:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/12 14:22:33 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/11 15:58:07 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Google
[2011/04/03 11:27:01 | 000,000,000 | ---D | C] -- C:\Users\david\Documents\New Folder
[2010/10/30 13:31:37 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2010/10/30 13:31:28 | 001,040,384 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2010/10/30 13:31:28 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2010/10/30 13:31:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2010/10/30 13:31:28 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2010/10/30 13:31:28 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2010/10/30 13:31:27 | 000,905,216 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2010/10/30 13:31:27 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2010/10/30 13:31:27 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2010/10/30 13:31:27 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2010/10/30 13:31:27 | 000,450,560 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2010/10/30 13:31:27 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2010/10/30 13:31:27 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2010/10/30 13:31:27 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2009/08/07 23:20:00 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2009/08/07 23:20:00 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll

========== Files - Modified Within 30 Days ==========

[2011/05/02 09:04:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/02 08:58:44 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AECB2591-C57A-4B11-8976-2F1CCDE4592C}.job
[2011/05/02 08:56:38 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/02 08:54:58 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/02 08:54:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 08:54:48 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 08:54:48 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 08:54:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 08:54:35 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 17:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 17:15:24 | 000,002,633 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Office Outlook 2007.lnk
[2011/04/29 13:49:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
[2011/04/28 13:39:06 | 000,002,609 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Office Word 2003.lnk
[2011/04/21 15:59:18 | 000,002,525 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Streets & Trips 2008.lnk
[2011/04/20 17:35:46 | 000,002,607 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Office Excel 2003.lnk
[2011/04/20 15:11:28 | 000,002,541 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Publisher.lnk
[2011/04/20 14:52:32 | 000,271,286 | ---- | M] () -- C:\Users\david\Documents\Learn how to make a screenshot - take-a-screenshot_org.mht
[2011/04/20 12:45:25 | 000,000,393 | ---- | M] () -- C:\Users\david\Desktop\img2.jpg.png
[2011/04/20 10:51:07 | 000,000,938 | ---- | M] () -- C:\Users\david\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/04/20 10:39:05 | 000,504,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/13 12:27:25 | 000,758,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 12:27:24 | 000,163,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 11:47:06 | 000,000,943 | ---- | M] () -- C:\Users\david\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/05 13:14:55 | 000,000,393 | ---- | M] () -- C:\Users\david\Desktop\img.png
[2011/04/05 12:24:06 | 000,497,274 | ---- | M] () -- C:\Users\david\Desktop\9b altered.jpeg.png

========== Files Created - No Company Name ==========

[2011/04/20 14:52:24 | 000,271,286 | ---- | C] () -- C:\Users\david\Documents\Learn how to make a screenshot - take-a-screenshot_org.mht
[2011/04/20 12:47:11 | 000,000,393 | ---- | C] () -- C:\Users\david\Desktop\img2.jpg.png
[2011/04/13 11:47:09 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AECB2591-C57A-4B11-8976-2F1CCDE4592C}.job
[2011/04/13 11:35:24 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/05 13:15:12 | 000,000,393 | ---- | C] () -- C:\Users\david\Desktop\img.png
[2011/04/05 12:24:06 | 000,497,274 | ---- | C] () -- C:\Users\david\Desktop\9b altered.jpeg.png
[2010/11/11 10:58:18 | 000,024,448 | ---- | C] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 16:16:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/12 16:16:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/12 16:15:04 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/01 12:10:20 | 000,000,600 | ---- | C] () -- C:\Users\david\AppData\Local\PUTTY.RND
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/27 18:24:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/02/12 14:08:11 | 000,674,138 | ---- | C] () -- C:\Windows\unins000.exe
[2009/02/12 14:08:11 | 000,009,667 | ---- | C] () -- C:\Windows\unins000.dat
[2008/09/18 03:02:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/06 18:27:51 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2008/01/30 16:35:14 | 000,038,420 | ---- | C] () -- C:\Users\david\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2008/01/24 15:52:06 | 000,008,160 | ---- | C] () -- C:\Users\david\AppData\Local\d3d9caps.dat
[2008/01/14 23:20:48 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/01/11 20:10:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\1B73D9C979.sys
[2007/12/27 15:22:01 | 000,022,528 | ---- | C] () -- C:\Users\david\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/25 12:21:32 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2007/11/25 12:17:42 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2007/11/07 18:25:23 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007/11/04 19:46:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/10/26 16:08:06 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2007/10/26 16:08:06 | 000,000,168 | RHS- | C] () -- C:\ProgramData\5A4F96BCDB.sys
[2007/10/23 20:34:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/22 22:40:24 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/10/19 17:09:51 | 000,000,000 | ---- | C] () -- C:\Users\david\AppData\Roaming\wklnhst.dat
[2007/08/22 21:09:35 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/08/22 20:29:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/08/22 20:29:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/08/22 20:29:51 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/01/10 22:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/01/10 21:11:13 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/01/10 21:01:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1129.dll
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,504,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,758,148 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,163,380 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/31 20:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 18:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/09/17 13:00:56 | 000,266,327 | ---- | C] () -- C:\Windows\System32\ADErrorHandling.dll

< End of report >
  • 0

#24
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
    SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
    SRV - File not found [Auto | Stopped] -- -- (avg8wd)
    IE - HKLM\..\URLSearchHook: {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
    FF - prefs.js..network.proxy.ftp: ":0"
    FF - prefs.js..network.proxy.gopher: ":0"
    FF - prefs.js..network.proxy.http: ":0"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: ":0"
    FF - prefs.js..network.proxy.ssl: ":0"
    O2 - BHO: (livetvbar Toolbar) - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (livetvbar Toolbar) - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{0972f4f8-59b3-11de-8e29-0019c19ec1d7}\Shell\AutoRun - "" = Autorun
    O33 - MountPoints2\{0972f4f8-59b3-11de-8e29-0019c19ec1d7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\m.exe /s
    O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
    O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
    O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
    O33 - MountPoints2\{b253ee27-da7f-11dc-8e22-0019c19ec1d7}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#25
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
RAn the run fix program and the computer stoped. had to Cold Boot the computer. Once it re booted, this log came up on a seperate screen.


Files\Folders moved on Reboot...
File\Folder C:\Users\david\AppData\Local\Temp\~DF2C29.tmp not found!
File\Folder C:\Users\david\AppData\Local\Temp\~DF2C2E.tmp not found!
File\Folder C:\Users\david\AppData\Local\Temp\~DF2C73.tmp not found!
File\Folder C:\Users\david\AppData\Local\Temp\~DF2C7A.tmp not found!
File\Folder C:\Users\david\AppData\Local\Temp\~DF2C9C.tmp not found!
File\Folder C:\Users\david\AppData\Local\Temp\~DF2CA1.tmp not found!
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO9PRX73\xd_proxy[1].htm moved successfully.
File\Folder C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38S855E8\like[2].htm not found!
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38S855E8\page__st__15__gopid__2004430[1].txt moved successfully.
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\WebEx\Log\52\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

Advertisements


#26
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Please proceed with the next step.
  • 0

#27
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here is the quick scan...


OTL logfile created on: 5/2/2011 10:25:17 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\david\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.72 Gb Total Space | 55.14 Gb Free Space | 38.64% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 13:49:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
PRC - [2011/04/26 13:31:45 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/01/25 16:10:21 | 000,417,792 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\MobilitySyncManager.exe
PRC - [2011/01/25 16:09:23 | 000,011,776 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\MobilitySyncService.exe
PRC - [2010/04/09 17:52:39 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2010/01/20 21:12:24 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2009/10/07 00:19:00 | 000,593,920 | ---- | M] ( ) -- C:\Windows\System32\lmabcoms.exe
PRC - [2009/10/07 00:19:00 | 000,582,312 | ---- | M] ( ) -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/05/09 10:54:06 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2006/11/29 20:01:28 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/11/24 14:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/11/24 14:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/09/26 18:48:36 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/09/26 18:46:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/08/23 16:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 13:49:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/25 16:09:23 | 000,011,776 | ---- | M] (Sage Software, Inc.) [On_Demand | Running] -- C:\Program Files\ACT\ACT for Windows\MobilitySyncService.exe -- (MobilitySyncService)
SRV - [2010/04/09 17:52:39 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/01/20 21:23:24 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2009/10/07 00:19:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\LMabcoms.exe -- (lmab_device)
SRV - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/08 17:06:40 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/08 17:06:40 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/24 14:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/24 13:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/09/26 18:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/09/26 18:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/09/21 13:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2006/09/17 00:08:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/08/29 00:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/08/23 16:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)


========== Driver Services (SafeList) ==========

DRV - [2010/11/11 11:01:12 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/04/30 23:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/04/28 09:37:55 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/17 02:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/11/07 06:15:00 | 000,041,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2008/10/03 14:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2008/01/19 03:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/14 05:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071220.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/11/14 05:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071220.003\NAVENG.SYS -- (NAVENG)
DRV - [2007/11/06 12:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071218.003\IDSvix86.sys -- (IDSvix86)
DRV - [2007/05/04 17:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/06 12:36:48 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/10 09:01:31 | 000,030,976 | R--- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/12/20 21:53:32 | 000,017,359 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2006/12/19 13:38:00 | 004,447,808 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/07 16:43:05 | 000,012,416 | R--- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2006/11/30 09:06:09 | 000,227,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/11/30 09:00:38 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2006/11/30 09:00:38 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2006/11/20 20:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/17 15:30:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/10 17:43:38 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/09 09:01:09 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/06 04:09:26 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006/10/25 14:42:50 | 000,033,792 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyPI.sys -- (SPI)
DRV - [2006/10/18 15:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 14:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/10 22:33:22 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/05 19:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/02/02 04:15:14 | 000,196,409 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0060Vid.sys -- (V0060VID)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2001/09/04 19:44:50 | 000,214,240 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\udfreadr.sys -- (UdfReadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/home-page
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://money.cnn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.ssl: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/11 15:55:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 10:50:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 10:50:14 | 000,000,000 | ---D | M]

[2008/09/01 21:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\david\AppData\Roaming\Mozilla\Extensions
[2011/04/15 13:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions
[2010/07/29 22:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/21 13:21:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/29 22:07:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/04 00:34:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\extensions\[email protected]
[2011/04/15 13:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/10 16:04:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/02 09:22:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {AD55C869-668E-457C-B270-0CFB2F61116F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Sage Mobile For ACT!] C:\Program Files\ACT\Act for Windows\MobilitySyncManager.exe (Sage Software, Inc.)
O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nnerenmls.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: realtytools.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma2.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([aar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([gbr] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] https in Trusted sites)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} http://www.toolkitcm...tkweb/tkweb.cab (Tkweb Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.ecampaign...geUploader5.cab (Image Uploader Control)
O16 - DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} https://www.trueform.../TFLauncher.dll (TFLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://www.securefi...Wizard7.0.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} http://www.nnerenmls...osi_valid9m.ocx (osi_valid.uCltValid9m)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.black...ls/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.42.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 09:22:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 13:49:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
[2011/04/27 13:55:20 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\barb
[2011/04/20 12:46:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/04/11 15:58:07 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Google
[2011/04/03 11:27:01 | 000,000,000 | ---D | C] -- C:\Users\david\Documents\New Folder
[2010/10/30 13:31:37 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2010/10/30 13:31:28 | 001,040,384 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2010/10/30 13:31:28 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2010/10/30 13:31:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2010/10/30 13:31:28 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2010/10/30 13:31:28 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2010/10/30 13:31:27 | 000,905,216 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2010/10/30 13:31:27 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2010/10/30 13:31:27 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2010/10/30 13:31:27 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2010/10/30 13:31:27 | 000,450,560 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2010/10/30 13:31:27 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2010/10/30 13:31:27 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2010/10/30 13:31:27 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2009/08/07 23:20:00 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2009/08/07 23:20:00 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll

========== Files - Modified Within 30 Days ==========

[2011/05/02 09:59:14 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/02 09:58:57 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/02 09:53:43 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/02 09:53:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 09:53:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 09:53:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 09:53:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 09:53:18 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 09:32:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 09:22:40 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/02 08:58:44 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AECB2591-C57A-4B11-8976-2F1CCDE4592C}.job
[2011/04/29 17:15:24 | 000,002,633 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Office Outlook 2007.lnk
[2011/04/29 13:49:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\david\Desktop\OTL.exe
[2011/04/28 13:39:06 | 000,002,609 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Office Word 2003.lnk
[2011/04/21 15:59:18 | 000,002,525 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Streets & Trips 2008.lnk
[2011/04/20 17:35:46 | 000,002,607 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Office Excel 2003.lnk
[2011/04/20 15:11:28 | 000,002,541 | ---- | M] () -- C:\Users\david\Desktop\Microsoft Publisher.lnk
[2011/04/20 14:52:32 | 000,271,286 | ---- | M] () -- C:\Users\david\Documents\Learn how to make a screenshot - take-a-screenshot_org.mht
[2011/04/20 12:45:25 | 000,000,393 | ---- | M] () -- C:\Users\david\Desktop\img2.jpg.png
[2011/04/20 10:51:07 | 000,000,938 | ---- | M] () -- C:\Users\david\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/04/20 10:39:05 | 000,504,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/13 12:27:25 | 000,758,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 12:27:24 | 000,163,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 11:47:06 | 000,000,943 | ---- | M] () -- C:\Users\david\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/05 13:14:55 | 000,000,393 | ---- | M] () -- C:\Users\david\Desktop\img.png
[2011/04/05 12:24:06 | 000,497,274 | ---- | M] () -- C:\Users\david\Desktop\9b altered.jpeg.png

========== Files Created - No Company Name ==========

[2011/04/20 14:52:24 | 000,271,286 | ---- | C] () -- C:\Users\david\Documents\Learn how to make a screenshot - take-a-screenshot_org.mht
[2011/04/20 12:47:11 | 000,000,393 | ---- | C] () -- C:\Users\david\Desktop\img2.jpg.png
[2011/04/13 11:47:09 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AECB2591-C57A-4B11-8976-2F1CCDE4592C}.job
[2011/04/13 11:35:24 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/05 13:15:12 | 000,000,393 | ---- | C] () -- C:\Users\david\Desktop\img.png
[2011/04/05 12:24:06 | 000,497,274 | ---- | C] () -- C:\Users\david\Desktop\9b altered.jpeg.png
[2010/11/11 10:58:18 | 000,024,448 | ---- | C] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 16:16:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/12 16:16:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/12 16:15:04 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/01 12:10:20 | 000,000,600 | ---- | C] () -- C:\Users\david\AppData\Local\PUTTY.RND
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/27 18:24:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/02/12 14:08:11 | 000,674,138 | ---- | C] () -- C:\Windows\unins000.exe
[2009/02/12 14:08:11 | 000,009,667 | ---- | C] () -- C:\Windows\unins000.dat
[2008/09/18 03:02:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/06 18:27:51 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2008/01/30 16:35:14 | 000,038,420 | ---- | C] () -- C:\Users\david\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2008/01/24 15:52:06 | 000,008,160 | ---- | C] () -- C:\Users\david\AppData\Local\d3d9caps.dat
[2008/01/14 23:20:48 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/01/11 20:10:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\1B73D9C979.sys
[2007/12/27 15:22:01 | 000,022,528 | ---- | C] () -- C:\Users\david\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/25 12:21:32 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2007/11/25 12:17:42 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2007/11/07 18:25:23 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007/11/04 19:46:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/10/26 16:08:06 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2007/10/26 16:08:06 | 000,000,168 | RHS- | C] () -- C:\ProgramData\5A4F96BCDB.sys
[2007/10/23 20:34:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/22 22:40:24 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/10/19 17:09:51 | 000,000,000 | ---- | C] () -- C:\Users\david\AppData\Roaming\wklnhst.dat
[2007/08/22 21:09:35 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/08/22 20:29:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/08/22 20:29:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/08/22 20:29:51 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/01/10 22:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/01/10 21:11:13 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/01/10 21:01:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1129.dll
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,504,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,758,148 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,163,380 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/31 20:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 18:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/09/17 13:00:56 | 000,266,327 | ---- | C] () -- C:\Windows\System32\ADErrorHandling.dll

========== LOP Check ==========

[2010/08/18 07:31:51 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\ACT
[2010/11/08 23:16:48 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\AVG10
[2009/11/09 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Blackberry Desktop
[2008/01/14 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\CompanionLink
[2008/02/27 14:26:20 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\DassaultSystemes
[2007/10/30 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\InterVideo
[2010/08/18 07:40:42 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\IsolatedStorage
[2009/07/01 19:12:50 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Leadertech
[2008/04/14 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\LinkedIn
[2008/02/06 18:27:52 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Research In Motion
[2009/05/02 00:21:54 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\ScreeNet iSaver
[2008/02/03 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Template
[2010/10/22 12:22:43 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\ToolkitCMA
[2011/05/02 08:54:47 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/02 08:58:44 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AECB2591-C57A-4B11-8976-2F1CCDE4592C}.job

========== Purity Check ==========



< End of report >
  • 0

#28
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 11-05-01.04 - david 05/02/2011 10:45:50.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1133 [GMT -4:00]
Running from: c:\users\david\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\david\47b8d901b3127cce98549ea0a85700000047109IcOGThozg.jpg
c:\users\david\g2mdlhlpx.exe
c:\users\david\GoToAssistDownloadHelper.exe
c:\users\david\looking for rental boston .adt
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 13:22 . 2011-05-02 13:22 -------- d-----w- C:\_OTL
2011-04-29 18:25 . 2011-04-18 13:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3873648-D18D-42B0-AA2D-87FA1457224C}\mpengine.dll
2011-04-27 14:31 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 14:31 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 14:31 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-20 16:46 . 2011-04-20 16:46 -------- d--h--w- c:\windows\PIF
2011-04-15 13:20 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 15:34 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-04-12 18:29 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 18:28 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 18:28 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-12 18:22 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:01 . 2007-10-26 20:08 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2011-03-10 14:06 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-27 14:31 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 14:31 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 14:31 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 14:31 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 01:36 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 01:36 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 01:36 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 22:11 . 2009-10-04 22:46 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-30 00:13 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-30 00:13 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2009-10-07 582312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-01-21 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-01-21 331776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Sage Mobile For ACT!"="c:\program files\ACT\ACT for Windows\MobilitySyncManager.exe" [2011-01-25 417792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-30 00:00 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-11-09 13:01 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 03:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-04 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CompanionLink]
2009-12-17 15:05 13725696 ----a-w- c:\program files\CompanionLink\CompanionLink.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRCU]
2006-12-07 20:31 61440 ----a-w- c:\program files\Sony\DRCU\DRCU.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-12-01 14:46 106496 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-01 14:47 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSaverCtrl]
2008-10-09 18:19 1171968 ----a-w- c:\program files\iSaver\iSaverCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2006-11-11 23:35 43128 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMab1err]
2009-10-07 04:19 582312 ----a-w- c:\program files\Lexmark\ErrorApp\lmab1err.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-12-19 17:38 7766016 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-12-19 17:38 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-01 14:47 81920 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2006-11-29 23:38 49168 ----a-w- c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-02-04 17:27 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartWiHelper]
2007-01-05 21:10 57344 ----a-w- c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2006-11-14 18:46 411768 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2006-11-28 22:30 2150400 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2006-12-07 00:08 577536 ----a-w- c:\program files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VF0060 STISvc]
2004-11-01 01:00 36864 ----a-w- c:\windows\System32\V0060Pin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-01-21 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9af3a805eac21;Google Update Service (gupdate1c9af3a805eac21);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 133104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 133104]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
R3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\DRIVERS\V0060Vid.sys [2005-02-02 196409]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-08 1089536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2006-12-07 12416]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071218.003\IDSvix86.sys [2007-11-06 180272]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-04-09 20376]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 MobilitySyncService;MobilitySyncService;c:\program files\ACT\ACT for Windows\MobilitySyncService.exe [2011-01-25 11776]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-11-30 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-11-30 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-01-10 30976]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2006-10-25 33792]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-30 227328]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 00:16]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 00:16]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 00:16]
.
2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{AECB2591-C57A-4B11-8976-2F1CCDE4592C}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://online.wsj.com/home-page
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
Trusted Zone: aol.com\free
Trusted Zone: nnerenmls.com\www
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: trueformsonline.com\aar
Trusted Zone: trueformsonline.com\gbr
Trusted Zone: trueformsonline.com\www
DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} - hxxps://www.trueformsonline.com/downloads/TFLauncher.dll
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} - hxxps://www.securefiletransferservices.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} - hxxp://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
FF - ProfilePath - c:\users\david\AppData\Roaming\Mozilla\Firefox\Profiles\uftq4lyk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://money.cnn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd8a2cc&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{AD55C869-668E-457C-B270-0CFB2F61116F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Cingular Communication Manager - c:\program files\Cingular\Communication Manager\CingularCCM.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-cayahooantispy - c:\users\david\Desktop\Comcast Spyware Scan\uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\david\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 11:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6344)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\LMabcoms.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-02 11:09:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 15:09
.
Pre-Run: 63,908,691,968 bytes free
Post-Run: 63,736,774,656 bytes free
.
- - End Of File - - D33C3E775CEC45B01DABD616ED91A5F5
  • 0

#29
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Ok lets follow it up with a sweep for malware/

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#30
samy5555

samy5555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6496

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/2/2011 11:41:22 PM
mbam-log-2011-05-02 (23-41-22).txt

Scan type: Quick scan
Objects scanned: 171894
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP