Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Certain sites won't load

Started by newguy298 , Apr 24 2011 10:15 AM

  • This topic is locked This topic is locked

#1
newguy298
Posted 24 April 2011 - 10:15 AM

newguy298

    Member

  • Member
  • PipPip
  • 23 posts
I have tried to get help from various people in the past few days, because for the last two weeks or so this computer has no access to certain sites, just the same Try again button when trying to load in either I.E. or Mozilla Firefox. I have tried scanning with spybot S&D, all I found were a few tracking cookies. Avast Internet Security also found nothing, and neither did MBAM. I removed something infected via HijackThis, and three trojans with TrendMicro's HouseCall. However I am still infected, as I cannot load several sites. Also I had something called Timer.dll, from what I could see on google, it is not a wanted dll, and it was trying to pose as part of Spybot's files like Teatimer.exe. It was viewable from TuneUp's startup program finder, and I forgot to disable it, now I cannot find it. I disabled but not deleted. a file I expected was related called LXDBCATS. Here is my OTL log. Also forgive me if my posting format is off. I have never posted on this forum before. Also the thing I tried to remove via HijackThis was svcadmin.exe.

OTL logfile created on: 4/24/2011 11:06:46 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jordan Mynes\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 27.38 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive E: | 931.28 Gb Total Space | 922.71 Gb Free Space | 99.08% Space Free | Partition Type: FAT32

Computer Name: JORDAN | User Name: Jordan Mynes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/24 11:05:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Mynes\Desktop\OTL.exe
PRC - [2011/04/02 08:01:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/13 03:47:32 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/12/20 19:10:14 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2010/12/20 19:09:52 | 000,505,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2010/11/06 22:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/27 15:01:24 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/08/27 14:59:38 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/11/03 22:27:04 | 000,072,192 | ---- | M] (Robust IT) -- C:\Program Files\Robust IT\Taskix\Taskix32.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/16 23:26:48 | 003,854,336 | ---- | M] (IceChat Networks) -- C:\Program Files\IceChat7\IceChat7.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/14 13:52:16 | 000,065,536 | ---- | M] () -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe
PRC - [2007/02/02 02:17:17 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdbcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/24 11:05:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Mynes\Desktop\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/12/20 19:10:22 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2010/12/20 19:08:18 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2010/10/22 19:51:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/11/02 23:25:38 | 000,015,872 | ---- | M] (Robust IT) -- C:\Program Files\Robust IT\Taskix\Taskix32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/13 03:47:32 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/10/10 09:35:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/05 19:11:20 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/08/27 14:59:38 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/27 14:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/05/19 19:10:18 | 000,112,128 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\svcadmin.exe -- (Anyplace Control Security)
SRV - [2007/02/14 13:52:16 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/02 02:17:17 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdbcoms.exe -- (lxdb_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/01/26 18:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/01/13 03:42:26 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/01/13 03:41:29 | 000,357,968 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:41:04 | 000,189,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/31 14:41:01 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/11/15 08:17:36 | 000,232,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys -- (SCRCAMHRDRV)
DRV - [2010/11/06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/02/24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/08 18:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/05 23:17:14 | 000,040,576 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/08/19 07:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/11/14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2006/09/14 02:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/17 02:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 09:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/12/08 23:53:14 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071016

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...1DF&PC=DCF1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchsla...ef=home&id=198"
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/23 15:40:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/23 15:09:53 | 000,000,000 | ---D | M]

[2009/09/13 10:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Extensions
[2009/09/13 10:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Extensions\[email protected]
[2011/04/24 09:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions
[2010/05/16 09:59:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/06 13:16:47 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
[2011/03/28 12:34:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/15 23:06:50 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2011/04/15 23:06:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/19 17:43:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\[email protected]
[2011/03/13 11:03:43 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\[email protected]
[2011/02/26 14:46:31 | 000,000,000 | ---D | M] (VTzilla) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\[email protected]
[2009/08/21 16:46:53 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\all-the-internet.xml
[2009/08/21 16:45:25 | 000,002,234 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\askcom.xml
[2009/07/01 15:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\conduit.xml
[2008/09/21 10:23:20 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\winamp-search.xml
[2011/03/09 21:37:07 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\wot-safe-search.xml
[2011/04/24 09:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 20:04:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 09:54:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 21:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/14 19:18:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 19:12:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/03/13 16:13:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/10/06 09:51:30 | 000,003,277 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\xfinitylcsearch.xml

O1 HOSTS File: ([2011/02/13 11:57:20 | 000,430,506 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14822 more lines...
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Taskix] C:\Program Files\Robust IT\Taskix\Taskix32.exe (Robust IT)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = C:\WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabino...eb.2007.4.4.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://www.runescape...ewin/navbar.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jordan Mynes\Application Data\Actual Tools\Actual Multiple Monitors\Wallpapers\Composed.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan Mynes\Application Data\Actual Tools\Actual Multiple Monitors\Wallpapers\Composed.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a18e83d-b344-11dc-b38c-001d0907d865}\Shell - "" = AutoRun
O33 - MountPoints2\{6a18e83d-b344-11dc-b38c-001d0907d865}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a18e83d-b344-11dc-b38c-001d0907d865}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 11:05:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jordan Mynes\Desktop\OTL.exe
[2011/04/23 23:35:24 | 001,914,496 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jordan Mynes\Desktop\HouseCall.exe
[2011/04/23 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/23 21:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Mynes\Start Menu\Programs\HiJackThis
[2011/04/23 19:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Mynes\Local Settings\Application Data\VS Revo Group
[2011/04/23 19:40:07 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/04/23 19:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/04/23 19:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/23 17:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Mynes\Start Menu\Programs\Unlocker
[2011/04/23 17:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/04/23 15:13:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jordan Mynes\Recent
[2011/04/17 13:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Mynes\Desktop\possibly where timer lays
[2011/04/16 17:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/16 17:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/16 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2011/04/16 16:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2011/04/15 23:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Mynes\Start Menu\Programs\Portal
[2011/04/15 19:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeerBlock
[2011/04/15 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/04/03 00:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Mynes\Desktop\minecraft evidence
[2011/03/28 13:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/28 13:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/28 13:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2008/10/06 20:54:00 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbhcp.dll
[2008/10/06 20:53:59 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbinpa.dll
[2008/10/06 20:53:59 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbiesc.dll
[2008/10/06 20:53:58 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbusb1.dll
[2008/10/06 20:53:57 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbserv.dll
[2008/10/06 20:53:57 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbprox.dll
[2008/10/06 20:53:56 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbpmui.dll
[2008/10/06 20:53:56 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbpplc.dll
[2008/10/06 20:53:55 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdblmpm.dll
[2008/10/06 20:53:54 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbih.exe
[2008/10/06 20:53:53 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbhbn3.dll
[2008/10/06 20:53:51 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbcoms.exe
[2008/10/06 20:53:51 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbcomm.dll
[2008/10/06 20:53:50 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbcomc.dll
[2008/10/06 20:53:49 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdbcfg.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/24 11:05:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Mynes\Desktop\OTL.exe
[2011/04/24 10:55:07 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3C6BD38-2663-4838-BF9E-BF3AEC11A5DA}.job
[2011/04/24 10:53:45 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\HiJackThis.lnk
[2011/04/24 10:37:07 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2011/04/24 10:36:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/24 10:36:37 | 2145,357,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/23 23:35:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Local Settings\Application Data\housecall.guid.cache
[2011/04/23 23:35:24 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jordan Mynes\Desktop\HouseCall.exe
[2011/04/23 19:40:11 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/04/23 19:40:11 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Revo Uninstaller Pro.lnk
[2011/04/23 19:13:19 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/04/23 19:09:16 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\Cache.db
[2011/04/23 17:45:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Unlocker.lnk
[2011/04/23 17:41:41 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2011/04/23 17:38:47 | 002,411,992 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\grounder-and-scratch-what2-o.gif
[2011/04/23 14:17:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/17 11:08:38 | 001,600,418 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Demonstration_cluster_bomb.jpg
[2011/04/16 23:09:13 | 000,084,333 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\guitar-hero-for-mac.jpg
[2011/04/16 17:35:40 | 000,082,902 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\My Documents\cc_20110416_173529.reg
[2011/04/16 17:22:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/16 16:33:18 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/16 09:19:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/16 04:14:51 | 002,173,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 03:46:16 | 000,482,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 03:46:16 | 000,080,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 19:58:20 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\PeerBlock.lnk
[2011/04/08 22:23:07 | 000,019,676 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Woolify2.61.jar
[2011/04/03 11:44:38 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Ventrilo.lnk
[2011/04/02 10:24:52 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Music.lnk
[2011/03/28 17:12:48 | 000,013,277 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Everyone Is Mad.jpg
[2011/03/28 13:18:42 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/23 23:35:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Local Settings\Application Data\housecall.guid.cache
[2011/04/23 21:16:34 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\HiJackThis.lnk
[2011/04/23 19:40:11 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/04/23 19:40:11 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Revo Uninstaller Pro.lnk
[2011/04/23 19:03:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\Cache.db
[2011/04/23 17:45:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Unlocker.lnk
[2011/04/23 17:41:41 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2011/04/23 17:38:47 | 002,411,992 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\grounder-and-scratch-what2-o.gif
[2011/04/17 11:08:38 | 001,600,418 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Demonstration_cluster_bomb.jpg
[2011/04/16 23:09:13 | 000,084,333 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\guitar-hero-for-mac.jpg
[2011/04/16 17:35:31 | 000,082,902 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\My Documents\cc_20110416_173529.reg
[2011/04/16 17:22:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/16 16:33:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/15 19:58:20 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\PeerBlock.lnk
[2011/04/08 22:23:06 | 000,019,676 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Woolify2.61.jar
[2011/04/03 11:44:38 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Ventrilo.lnk
[2011/04/02 10:23:49 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Music.lnk
[2011/03/28 17:12:48 | 000,013,277 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Desktop\Everyone Is Mad.jpg
[2011/03/28 13:18:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/25 22:52:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/25 21:29:01 | 000,002,436 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Application Data\F922.215
[2011/02/21 17:29:40 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/02/19 18:19:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/19 18:18:56 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/02/19 18:18:55 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/15 21:15:48 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/10/10 09:44:25 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/10/02 13:50:18 | 000,317,034 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/10/02 08:48:02 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Application Data\com.plutinosoft.idemo.plist
[2010/09/12 18:41:21 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Application Data\winscp.rnd
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 19:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/06 14:22:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 13:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/09/13 12:56:58 | 000,060,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/01 10:49:48 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2009/08/30 11:14:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/19 19:10:18 | 000,112,128 | ---- | C] () -- C:\WINDOWS\svcadmin.exe
[2009/05/08 16:59:16 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/06 20:55:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdbvs.dll
[2008/10/06 20:54:56 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdbcoin.dll
[2008/10/06 20:54:00 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxdbinst.dll
[2008/09/19 22:01:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/18 09:20:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/03/30 09:26:06 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/30 08:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/02 13:04:28 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/03/02 13:04:28 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Animals
[2008/03/02 13:04:28 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/01/13 12:13:51 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/25 17:43:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/24 17:00:05 | 000,210,944 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/20 02:45:18 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Jordan Mynes\Local Settings\Application Data\fusioncache.dat
[2007/10/16 12:59:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/16 12:37:42 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/10/16 12:37:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/10/16 12:37:26 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 002,173,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,482,948 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,080,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/07/18 09:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/09/12 12:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/10/07 14:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/03/02 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/03/02 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Framework
[2010/10/02 08:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My
[2008/02/10 10:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/03/02 13:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/09/18 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/03/28 12:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/02 09:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit
[2011/04/23 19:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/05 19:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/03/02 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/02 21:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/02 19:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/15 09:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 10:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 09:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 07:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/05 19:10:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/04/02 21:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\.minecraft
[2011/02/25 20:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Actual Tools
[2010/05/16 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\AnvSoft
[2011/03/20 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\CallingID
[2010/09/25 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Dropbox
[2011/04/23 14:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\IceChat
[2010/09/05 18:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\LimeWire
[2008/10/06 19:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\MSNInstaller
[2007/12/15 21:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Nexon
[2008/07/02 20:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Nikon
[2011/04/23 17:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\PriceGong
[2008/07/18 09:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\QQ Games Plugin
[2010/10/15 21:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Registry Mechanic
[2011/02/18 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\SystemRequirementsLab
[2010/01/16 16:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\TeamViewer
[2010/04/03 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Toolbar4
[2010/09/11 09:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\TuneAid
[2010/09/05 19:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\TuneUp Software
[2011/04/23 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\uTorrent
[2007/11/03 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Viewpoint
[2009/10/24 10:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Windows Search
[2011/03/20 09:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\xfinitytb
[2011/04/23 19:13:19 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/04/24 10:55:07 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C6BD38-2663-4838-BF9E-BF3AEC11A5DA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C

< End of report >

Edited by newguy298, 24 April 2011 - 10:17 AM.

  • 0

Advertisements

#2
Casey_boy
Posted 25 April 2011 - 12:10 PM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts
Hi and welcome to Geeks to Go :D

My name is Casey and I'll be helping you with your malware problems.

I have tried to get help from various people in the past few days


Before we begin, could you tell me who you have been getting help from? Are you posting at another malware removal site? Or do you means friends etc?

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey
  • 0

#3
Casey_boy
Posted 25 April 2011 - 01:14 PM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts
Hi,

The file C:\WINDOWS\svcadmin.exe seems to be related to Anyplace Control which is a remote desktop utility. Do you want this program installed? If not, look in Add/Remove and uninstall it from there.


Uninstall Viewpoint

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.co...cle.php/3561546

From Add/Remove programs please uninstall the following (if they are present): Viewpoint, Viewpoint Manager, Viewpoint Media Player. Help on uninstalling programs can be found here

Conduit Toolbars

Some Conduit toolbars are reputed to have a certain adware/trackware functionality. I have therefore included all versions of conduit toolbars installed on your PC in the fix below, so they will be removed. I recommend you do not reinstall them.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :processes
C:\Program Files\Viewpoint\Common\ViewpointService.exe

:OTL
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
FF - prefs.js..browser.startup.homepage: http://www.searchslate.com/wp.ashx?ref=home&id=198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2009/12/06 13:16:47 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
[2011/04/15 23:06:50 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2011/04/15 23:06:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/19 17:43:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\extensions\[email protected]
[2009/08/21 16:46:53 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\all-the-internet.xml
[2009/08/21 16:45:25 | 000,002,234 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\askcom.xml
[2009/07/01 15:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Jordan Mynes\Application Data\Mozilla\Firefox\Profiles\vtjaun8w.default\searchplugins\conduit.xml
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/10/06 09:51:30 | 000,003,277 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\xfinitylcsearch.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = C:\WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
[2008/09/19 22:01:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/18 09:20:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/03/30 09:26:06 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/30 08:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/02 13:04:28 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/10/02 21:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/23 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\uTorrent
[2007/11/03 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Viewpoint
[2010/04/03 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\Toolbar4
[2011/03/20 09:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Mynes\Application Data\xfinitytb
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C

:commands
[CREATERESTOREPOINT]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

TDSS Killer

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



When OTL ran, it would have produced another log called Extras.txt please attach that here. I would also like to know about the HOSTS file. Have you added entries to it, or do you use a program which may have edited it?

Casey
  • 0

#4
newguy298
Posted 30 April 2011 - 01:36 PM

newguy298

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I will attach the OTL scan log, and the TDSSkiller scan.

Also I got help previously (but not since posting here) from random people on an IRC chat, who have helped fix my computer before.

The only thing I have added to my hosts file by hand is 74.208.10.249 gs.apple.com which I was told was needed I think for either jailbreaking my ipod, or maybe for using WINSCP to transfer files between my i-touch and my computer. Any other (there are a lot too) things that were added were added by spybot.

UPDATE: 7:17 PM CST 4/30/11 -
I was away from the computer and Registry Mechanic did it's automatic scan. It probably moved around a few things in the registry. Should I scan and post a log again?

Attached Files


Edited by newguy298, 30 April 2011 - 06:18 PM.

  • 0

#5
Casey_boy
Posted 01 May 2011 - 07:43 AM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts
Hi,

How is your browser running now, are any sites not loading?

Casey
  • 0

#6
newguy298
Posted 01 May 2011 - 09:47 AM

newguy298

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Same sites are not loading. Could it be a firewall issue?

Also every time I turn the computer on it seems like a program uninstalls itself, I haven't been able to put my finger on which programs are uninstalling themselves, but I log on, and notice that a different desktop icon is gone each time. This time my program which gives me a taskbar on both monitors disappeared. (Ultramon)

UPDATE: 11:28 A.M. CST 5/1/11 -

I found Ultramon still in my add/remove programs list and chose repair installation.

Edited by newguy298, 01 May 2011 - 10:29 AM.

  • 0

#7
Casey_boy
Posted 01 May 2011 - 12:44 PM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts
Would you mind telling me what sites aren't loading? If you're not comfortable posting them here then you can PM them to me.

It may be that your HOSTS file is blocking them.

Are the "uninstalling programs" sorted after the repair?

Casey
  • 0

#8
newguy298
Posted 01 May 2011 - 12:59 PM

newguy298

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am not sure of what other programs uninstalled, but I have checked the hosts file a few times and none of the sites were blocked. Steam's site, Newgrounds and Netflix are not loading to name a few, but do load at my other house. Would you like me to upload my hosts file? Also when I tried pinging netflix and steam they were redirecting to another ip (If you need I can post the redirected IP) and I believe that may have been causing the issue. My friend suggested I change the preferred DNS server to 8.8.8.8 and the Alternate DNS server to 8.8.4.4. Now when I ping the ips I get nothing rather than that redirected ip.
  • 0

#9
Casey_boy
Posted 01 May 2011 - 02:26 PM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts
If you have the IPs, then yes please.

Let's try flushing your DNS

Start > run > type cmd > hit enter > type ipconfig /flushdns > hit enter

See if you still have this trouble.

Casey
  • 0

#10
newguy298
Posted 01 May 2011 - 02:44 PM

newguy298

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Nothing happened after flushing the DNS (which I had already tried with Ccleaner before) If you tell me how to set those DNS addresses back to default I can give you the ip I get redirected to.

I will be back at this house again Friday/Saturday so please do not close the thread. Thank you.

Edited by newguy298, 01 May 2011 - 06:57 PM.

  • 0

Advertisements

#11
Casey_boy
Posted 02 May 2011 - 03:47 AM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts
Hi,

If you tell me how to set those DNS addresses back to default


I'm not quite sure what you mean here. We flushed the DNS which means that when you browse to a site your computer no longer looks in a cache file on your PC for the site's IP address, instead it must manually search for the IP. I didn't change your DNS, just cleared it out incase of any problems with your PC's cache.

How do you connect to the internet? Do you connect through a router?

I think it may also be wise to reset your HOSTS file. That way we can be sure there is nothing wrong with it. Then afterwards, you can re-add Spybot's preventative additions.

To reset your HOSTS file:

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :commands
[RESETHOSTS]
[CREATERESTOREPOINT]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey
  • 0

#12
newguy298
Posted 07 May 2011 - 08:44 PM

newguy298

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
A report did not open. But it did apparently fix it.

Also my program Ultramon no longer works on startup, and is not in the programs menu. I have to go to control panel and repair the install every time to fix it. I may or may not still have the installer. Is there any other way to fix it?

Edited by newguy298, 07 May 2011 - 08:47 PM.

  • 0

#13
Casey_boy
Posted 08 May 2011 - 03:15 AM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts

A report did not open. But it did apparently fix it.


So you can access all your sites now? It seems that your HOSTS file was to blame then.

Also my program Ultramon no longer works on startup, and is not in the programs menu. I have to go to control panel and repair the install every time to fix it. I may or may not still have the installer. Is there any other way to fix it?


That's my fault :)

Navigate to C:\_OTL\MovedFiles\mmddyyyy_hhMMss\C_WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
(where mmddyyyy_hhMMss represents the date and time of the scan)

Cut the file and then paste it into the directory (you may require admin privileges):

C:\WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\

That should restore the file. If you want to run the program from startup again, right click on the file and choose create shortcut (you may be prompted that it "can't create a shortcut here, do you want to place it on the desktop instead". Do so. Then rename the shortcut to UltraMon.lnk and move it to the folder:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\


Let me know if that works.

Casey
  • 0

#14
newguy298
Posted 08 May 2011 - 09:10 AM

newguy298

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I cannot access the same sites still, and I still can't find that log from last night. Also I am not sure if it will work yet, I will have to see next time I reboot. Also spybot s&d no longer turns on at startup either. Are we leaving it like that until everything is in working order? I will continue this with you on Friday again, as I must return to my other house. Thanks for your time :)

Also a file named Thumbs.db appeared on my desktop. I'm not sure what program this is a thumbs file for, I know a lot of programs use them. Any insight on what it is for?

Edited by newguy298, 08 May 2011 - 09:49 AM.

  • 0

#15
Casey_boy
Posted 13 May 2011 - 01:52 AM

Casey_boy

    Trusted Helper

  • Malware Removal
  • 23 posts
Hi,

Sorry about the delay in my reply. I didn't receive a notification that you'd replied.

I cannot access the same sites still, and I still can't find that log from last night.


Bummer. How do you connect to the internet? Do you connect through a router?

Also I am not sure if it will work yet, I will have to see next time I reboot.


Ultramon? OK, let me know how it goes.

Also spybot s&d no longer turns on at startup either. Are we leaving it like that until everything is in working order?


Yep, because Spybot can interfere with our fixes - so it's best to stay off until we're sorted.

I will continue this with you on Friday again, as I must return to my other house. Thanks for your time :unsure:


OK thanks :)

Also a file named Thumbs.db appeared on my desktop. I'm not sure what program this is a thumbs file for, I know a lot of programs use them. Any insight on what it is for?


Yep, that's normally a hidden file which is used to display thumbnails of any image files you have saved. You can delete it, but it will reappear if you have images saved on your desktop. It's completely legitimate.

Casey
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP