[bobskeleton]

My computer has been infected. I clicked on an innocent-looking link in Google.

I use MS Security Essentials and Comodo firewall. I am unable to use my AV scanner, the virus has disabled it. I am also unable to open my other Anti-Malware software.

Pop-ups claiming to be XP Security are telling me to register. I can tell these are bogus. Something is starting up other than my AV and fireall, something called ctfmon.

I've been unable to download OTL as my homepage is hacked too. I'm being told there are new networks for me to join, does this mean someone is trying to control my PC remotely?

I'm using my girlfriend's laptop. Please help me get rid of this.

TIA

[Advertisements]

Hello bobskeleton and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please try to download OTL with Internet Explorer (No Add-ons)

Go to Start then All Programs, choose Accessories and then System Tools
Click on Internet Explorer (No Add-ons)


Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

If you can download tools then do you have another, clean, PC and USB memory stick we can use until we clean this infection.

Step 4

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[maliprog]

Hello bobskeleton and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please try to download OTL with Internet Explorer (No Add-ons)

Go to Start then All Programs, choose Accessories and then System Tools
Click on Internet Explorer (No Add-ons)


Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

If you can download tools then do you have another, clean, PC and USB memory stick we can use until we clean this infection.

Step 4

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[bobskeleton]

I don't have the option of running IE with no add-ons, it isn't available in System Tools?

I have an mp3 player and I have transferred OTL on to my desktop from my girlfriend's laptop using that. However my OTL prog does not have a Custom Scan option. What should I do next?

[maliprog]

Custom scan box is located at the bottom of the program where you can past code I give you. You must download tool on clean PC and transfer them to infected one.

Do this on the clean computer:

• 1 - Flash Drive Disinfector
  Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Attached Thumbnails

• 

[bobskeleton]

Thanks, couldn't see that.

Scan is complete but no text files came up at the end.

I'm downloading the flash drive disinfector now.

[maliprog]

OK. Run FlashDesinfector on clean PC and it will protect your USB drive from getting infected. After that please try to find OTL.txt located in the same place from where you run OTL. Copy it to USB drive and post it from another clean PC.

[bobskeleton]

Found it on the desktop:

OTL logfile created on: 09/05/2011 11:07:06 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Me\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 637.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.52 Gb Total Space | 100.63 Gb Free Space | 54.24% Space Free | Partition Type: NTFS

Computer Name: MATTHEW | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 08:44:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
PRC - [2009/02/26 18:43:58 | 001,851,128 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
PRC - [2009/02/26 18:43:49 | 000,700,152 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/03 22:39:30 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 08:44:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/02/26 18:44:21 | 000,155,384 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/26 18:43:49 | 000,700,152 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent)
SRV - [2007/11/03 22:39:30 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)


========== Driver Services (SafeList) ==========

DRV - [2011/01/26 23:19:46 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/22 17:31:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/05/25 19:41:53 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/19 18:30:04 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 18:30:04 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/05 10:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2009/05/05 10:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2009/02/26 18:44:20 | 000,080,400 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/02/26 18:44:19 | 000,110,992 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2009/02/20 18:48:33 | 000,024,336 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/12/21 22:49:15 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/24 12:29:00 | 000,647,333 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/02/09 15:27:04 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys -- (SI3114r)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/09 16:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2003/02/12 13:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/01/08 21:42:44 | 000,022,144 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/08 21:40:24 | 000,167,168 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/08 21:39:34 | 000,617,600 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/08 21:38:26 | 001,068,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2010.10.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:51:01 | 000,000,000 | ---D | M]

[2008/08/31 13:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2011/05/06 13:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions
[2010/04/27 20:38:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 16:27:38 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2011/01/28 16:02:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2011/01/28 16:02:53 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2007/12/27 16:17:22 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\searchplugins\search.xml
[2011/05/06 13:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/01 00:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2009/10/18 11:48:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/07 10:50:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/12/13 10:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/09/05 14:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
[2011/05/07 10:50:41 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 10:50:41 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/07 10:50:41 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/07 10:50:41 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/07 10:50:41 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/12/10 05:17:32 | 000,648,085 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 17101 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/21 15:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b9aef921-d739-11d9-9ac6-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe" -a "%1" %* (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (51523531489411072)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 08:59:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2011/05/09 07:51:41 | 000,344,064 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe
[2011/04/27 11:16:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Me\Recent
[2011/04/19 22:14:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me\My Documents\Dropbox
[2011/04/19 22:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Start Menu\Programs\Dropbox
[2011/04/19 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2011/04/12 07:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\cm9798v2
[2009/06/04 19:48:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Me\Application Data\pcouffin.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 11:04:30 | 000,011,866 | -HS- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
[2011/05/09 11:04:30 | 000,011,866 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
[2011/05/09 10:56:38 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/09 10:56:38 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/09 10:51:40 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 10:51:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 10:51:16 | 1005,375,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 08:44:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2011/05/09 08:27:47 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 07:56:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/02 13:53:17 | 000,021,125 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\radar.odt
[2011/04/27 11:17:07 | 000,026,010 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\cc_20110427_111701.reg
[2011/04/26 11:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 10:08:11 | 000,137,157 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\dualit-espressivo-cream-coffee-machine.jpg
[2011/04/13 11:27:11 | 001,487,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/12 12:04:01 | 000,002,642 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\meh_2615.jpg
[2011/04/11 10:20:41 | 000,002,574 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Document.rtf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 07:51:42 | 000,011,866 | -HS- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
[2011/05/09 07:51:42 | 000,011,866 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
[2011/05/07 10:51:11 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/02 01:59:31 | 000,021,125 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\radar.odt
[2011/04/27 11:17:06 | 000,026,010 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\cc_20110427_111701.reg
[2011/04/25 10:08:09 | 000,137,157 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\dualit-espressivo-cream-coffee-machine.jpg
[2011/04/12 12:01:45 | 000,002,642 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\meh_2615.jpg
[2011/03/30 19:43:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/01 17:44:05 | 000,010,099 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/10/01 17:44:00 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/08/21 10:20:11 | 002,857,336 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/09/10 19:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\mcfw.sys
[2009/06/04 19:48:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\vso_ts_preview.xml
[2009/06/04 19:48:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\inst.exe
[2009/06/04 19:48:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.cat
[2009/06/04 19:48:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.inf
[2008/12/21 22:51:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/21 22:27:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/29 11:24:50 | 000,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2007/12/27 17:34:12 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2007/12/27 17:34:12 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2007/12/27 13:57:56 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2007/12/08 15:39:46 | 000,002,910 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/12/08 15:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/15 23:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/13 16:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2006/05/14 16:46:24 | 000,009,108 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\wklnhst.dat
[2006/02/02 17:39:09 | 000,000,307 | ---- | C] () -- C:\WINDOWS\swosfff.ini
[2005/07/12 13:44:17 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/07/08 23:16:58 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/05 17:07:50 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/06/02 16:18:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/02 15:57:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/02 15:51:29 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/06/02 15:51:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/09/17 18:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/21 23:41:10 | 000,004,476 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/21 23:40:35 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004324_.tmp.dll
[2004/08/21 23:40:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 23:40:29 | 000,442,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/21 23:40:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/21 23:40:29 | 000,071,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/21 23:40:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/21 23:40:29 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/21 23:40:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/21 23:40:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/21 23:40:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/21 23:40:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/21 23:40:19 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004356_.tmp.dll
[2004/08/21 23:40:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/21 23:40:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/21 16:51:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/21 16:50:58 | 001,487,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/21 16:29:26 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/21 16:02:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/21 16:00:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/21 15:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/01/30 22:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/26 23:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/12 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/02/23 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/01/23 00:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/02/02 17:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/09/02 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/06/04 21:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/09/01 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/23 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\AnvSoft
[2011/05/09 08:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent
[2008/03/13 07:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent DNA
[2011/01/26 23:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DAEMON Tools Lite
[2010/08/21 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\dBpoweramp
[2009/02/05 07:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DNA
[2011/04/19 22:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2010/09/06 21:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\FreeAudioPack
[2010/02/23 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\MP3Rocket
[2010/02/23 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\NCH Swift Sound
[2010/05/16 17:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\OpenOffice.org
[2008/09/17 20:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PPMate
[2011/03/07 09:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Sports Interactive
[2010/09/25 10:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Spotify
[2009/08/11 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Steinberg
[2006/05/14 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Template
[2007/12/29 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\VersionTracker Pro
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Virgin Broadband
[2010/05/16 17:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/07 10:50:44 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/07 10:50:44 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/07 10:50:44 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/05/09 07:51:41 | 000,344,064 | -HS- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/07 10:50:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/09 07:51:41 | 000,344,064 | -HS- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 01:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 01:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 01:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe" -a "C:\Program Files\Intern [2011/05/09 07:51:41 | 000,344,064 | -HS- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 5904 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6974837

< End of report >

[maliprog]

OK. Let's remove main infection with OTL and then run Malwarebytes to clean things up.

Step 1

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe" -a "%1" %* (Microsoft Corporation)
  O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe" -a "%1" %* (Microsoft Corporation)
  [2011/05/09 07:51:41 | 000,344,064 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe
  [2011/05/09 11:04:30 | 000,011,866 | -HS- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
  [2011/05/09 11:04:30 | 000,011,866 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
  
  :Files
  C:\Documents and Settings\Me\Local Settings\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
  C:\Documents and Settings\All Users\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply.

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

• OTL fix log
• Malwarebytes log
• New OTL scan log

It would be helpful if you could post each log in separate post

[bobskeleton]

All processes killed, that's what I like to hear:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Documents and Settings\Me\Local Settings\Application Data\bfs.exe not found.
C:\Documents and Settings\Me\Local Settings\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1 moved successfully.
C:\Documents and Settings\All Users\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1 moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Me\Local Settings\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\34p644iyj800a4qis01nf5cy6snhaye6321qnmi0cqs1 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Me\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Me\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gemma
->Temp folder emptied: 10659426 bytes
->Temporary Internet Files folder emptied: 3881456 bytes
->Java cache emptied: 30335483 bytes
->FireFox cache emptied: 80244492 bytes
->Flash cache emptied: 334492 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 1077952 bytes

User: Me
->Temp folder emptied: 12879655 bytes
->Temporary Internet Files folder emptied: 62147 bytes
->Java cache emptied: 929304 bytes
->FireFox cache emptied: 53277983 bytes
->Flash cache emptied: 187412 bytes

User: NetworkService
->Temp folder emptied: 984438 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1599540 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90330428 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 274.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Gemma
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: Me
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05092011_113958

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







I already have AMWB on my PC, and am scanning the system now...

[bobskeleton]

MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4390

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

09/05/2011 11:55:27
mbam-log-2011-05-09 (11-55-27).txt

Scan type: Quick scan
Objects scanned: 146340
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[bobskeleton]

OTL log:

OTL logfile created on: 09/05/2011 12:03:26 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Me\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 662.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.52 Gb Total Space | 100.86 Gb Free Space | 54.37% Space Free | Partition Type: NTFS

Computer Name: MATTHEW | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 08:44:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/02/26 18:43:58 | 001,851,128 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
PRC - [2009/02/26 18:43:49 | 000,700,152 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/03 22:39:30 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 08:44:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/02/26 18:44:21 | 000,155,384 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/26 18:43:49 | 000,700,152 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent)
SRV - [2007/11/03 22:39:30 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)


========== Driver Services (SafeList) ==========

DRV - [2011/01/26 23:19:46 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/22 17:31:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/05/25 19:41:53 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/19 18:30:04 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 18:30:04 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/05 10:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2009/05/05 10:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2009/02/26 18:44:20 | 000,080,400 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/02/26 18:44:19 | 000,110,992 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2009/02/20 18:48:33 | 000,024,336 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/12/21 22:49:15 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/24 12:29:00 | 000,647,333 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/02/09 15:27:04 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys -- (SI3114r)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/09 16:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2003/02/12 13:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/01/08 21:42:44 | 000,022,144 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/08 21:40:24 | 000,167,168 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/08 21:39:34 | 000,617,600 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/08 21:38:26 | 001,068,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2010.10.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:51:01 | 000,000,000 | ---D | M]

[2008/08/31 13:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2011/05/06 13:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions
[2010/04/27 20:38:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 16:27:38 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2011/01/28 16:02:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2011/01/28 16:02:53 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2007/12/27 16:17:22 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\searchplugins\search.xml
[2011/05/06 13:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/01 00:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2009/10/18 11:48:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/07 10:50:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/12/13 10:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/09/05 14:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
[2011/05/07 10:50:41 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 10:50:41 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/07 10:50:41 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/07 10:50:41 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/07 10:50:41 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/12/10 05:17:32 | 000,648,085 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 17101 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/21 15:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b9aef921-d739-11d9-9ac6-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 11:39:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/09 08:59:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2011/04/27 11:16:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Me\Recent
[2011/04/19 22:14:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me\My Documents\Dropbox
[2011/04/19 22:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Start Menu\Programs\Dropbox
[2011/04/19 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2011/04/12 07:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\cm9798v2
[2009/06/04 19:48:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Me\Application Data\pcouffin.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 12:02:17 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/09 12:02:17 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/09 11:57:15 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 11:57:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 11:56:59 | 1005,375,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 11:27:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 08:44:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2011/05/09 07:56:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/02 13:53:17 | 000,021,125 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\radar.odt
[2011/04/27 11:17:07 | 000,026,010 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\cc_20110427_111701.reg
[2011/04/26 11:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 10:08:11 | 000,137,157 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\dualit-espressivo-cream-coffee-machine.jpg
[2011/04/13 11:27:11 | 001,487,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/12 12:04:01 | 000,002,642 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\meh_2615.jpg
[2011/04/11 10:20:41 | 000,002,574 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Document.rtf

========== Files Created - No Company Name ==========

[2011/05/07 10:51:11 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/02 01:59:31 | 000,021,125 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\radar.odt
[2011/04/27 11:17:06 | 000,026,010 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\cc_20110427_111701.reg
[2011/04/25 10:08:09 | 000,137,157 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\dualit-espressivo-cream-coffee-machine.jpg
[2011/04/12 12:01:45 | 000,002,642 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\meh_2615.jpg
[2011/03/30 19:43:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/01 17:44:05 | 000,010,099 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/10/01 17:44:00 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/08/21 10:20:11 | 002,857,336 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/09/10 19:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\mcfw.sys
[2009/06/04 19:48:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\vso_ts_preview.xml
[2009/06/04 19:48:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\inst.exe
[2009/06/04 19:48:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.cat
[2009/06/04 19:48:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.inf
[2008/12/21 22:51:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/21 22:27:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/29 11:24:50 | 000,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2007/12/27 17:34:12 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2007/12/27 17:34:12 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2007/12/27 13:57:56 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2007/12/08 15:39:46 | 000,002,910 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/12/08 15:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/15 23:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/13 16:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2006/05/14 16:46:24 | 000,009,108 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\wklnhst.dat
[2006/02/02 17:39:09 | 000,000,307 | ---- | C] () -- C:\WINDOWS\swosfff.ini
[2005/07/12 13:44:17 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/07/08 23:16:58 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/05 17:07:50 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/06/02 16:18:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/02 15:57:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/02 15:51:29 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/06/02 15:51:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/09/17 18:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/21 23:41:10 | 000,004,476 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/21 23:40:35 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004324_.tmp.dll
[2004/08/21 23:40:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 23:40:29 | 000,442,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/21 23:40:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/21 23:40:29 | 000,071,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/21 23:40:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/21 23:40:29 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/21 23:40:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/21 23:40:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/21 23:40:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/21 23:40:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/21 23:40:19 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004356_.tmp.dll
[2004/08/21 23:40:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/21 23:40:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/21 16:51:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/21 16:50:58 | 001,487,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/21 16:29:26 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/21 16:02:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/21 16:00:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/21 15:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/01/30 22:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/26 23:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/12 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/02/23 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/01/23 00:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/02/02 17:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/09/02 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/06/04 21:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/09/01 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/23 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\AnvSoft
[2011/05/09 08:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent
[2008/03/13 07:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent DNA
[2011/01/26 23:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DAEMON Tools Lite
[2010/08/21 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\dBpoweramp
[2009/02/05 07:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DNA
[2011/04/19 22:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2010/09/06 21:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\FreeAudioPack
[2010/02/23 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\MP3Rocket
[2010/02/23 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\NCH Swift Sound
[2010/05/16 17:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\OpenOffice.org
[2008/09/17 20:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PPMate
[2011/03/07 09:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Sports Interactive
[2010/09/25 10:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Spotify
[2009/08/11 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Steinberg
[2006/05/14 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Template
[2007/12/29 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\VersionTracker Pro
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Virgin Broadband
[2010/05/16 17:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 5904 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6974837

< End of report >

[maliprog]

Nice! Still some work to do...

Step 1

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
  ""="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
  
  [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command]
  ""="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -safe-mode"
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
  ""="C:\\Program Files\\Internet Explorer\\iexplore.exe"
  
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply.

Step 2

Your version of Malwarebytes is old. Please download new one from the link I provided to you and install it. Run Quick scan and post log here for me.

Step 3

Please don't forget to include these items in your reply:

• OTL fix log
• Malwarebytes log

It would be helpful if you could post each log in separate post

[bobskeleton]

========== OTL ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\""|"C:\\Program Files\\Mozilla Firefox\\firefox.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\""|"\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -safe-mode" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\""|"C:\\Program Files\\Internet Explorer\\iexplore.exe" /E : value set successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_123441

[bobskeleton]

MBAM again:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6536

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

09/05/2011 12:44:36
mbam-log-2011-05-09 (12-44-36).txt

Scan type: Quick scan
Objects scanned: 164729
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[maliprog]

How is your system now? Any problems?