Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer goes to blue error screen


  • This topic is locked This topic is locked

#16
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

boot into safe mode

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/06/21 21:46:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{34A01DB8-FF34-483D-B513-B01967340C07}
    O1 - Hosts: 209.172.52.73 www.google.com
    O1 - Hosts: 209.172.52.74 search.yahoo.com
    O1 - Hosts: 209.172.52.74 www.bing.com
    O4 - HKCU..\Run: [mTd2ARt2ln.pspro] File not found
    O4 - HKCU..\Run: [W1WIWQ1NPG] C:\WINDOWS\Pwuwie.exe ()
    [2011/06/23 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mI28601EdAiE28601
    [2011/06/19 22:10:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2011/06/09 07:29:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2011/06/21 22:28:28 | 000,015,992 | -HS- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\aveubjy11n85y6tdc544m23a0pdo6
    [2011/06/21 22:28:28 | 000,015,992 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aveubjy11n85y6tdc544m23a0pdo6
    [2011/06/20 19:36:46 | 000,009,714 | -HS- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\0q5iqr748w574vw7220xkngbul7571d42p55l34k2m2
    [2011/06/20 19:36:46 | 000,009,714 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0q5iqr748w574vw7220xkngbul7571d42p55l34k2m2
    [2011/06/20 19:33:44 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini
    [2011/06/20 19:33:43 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\wo2vpz6uu.bat
    [2011/06/20 19:33:41 | 000,000,105 | -H-- | M] () -- C:\Documents and Settings\OWNER\Application Data\MouseDriver.bat
    [2011/06/20 19:33:22 | 000,370,176 | ---- | M] () -- C:\WINDOWS\System32\csdfm.exe
    [2011/06/20 19:32:48 | 000,050,000 | ---- | M] () -- C:\WINDOWS\System32\gy1yxz8xcy.dll
    [2011/06/20 19:32:30 | 000,179,712 | ---- | M] () -- C:\WINDOWS\System32\MsOptimizePatch.exe
    [2011/06/20 19:32:28 | 000,131,072 | RHS- | M] () -- C:\WINDOWS\System32\kbdbener.dll
    [2011/06/20 19:32:28 | 000,131,072 | RHS- | M] () -- C:\WINDOWS\System32\ciadv5.dll
    [2011/06/20 19:32:27 | 000,131,072 | RHS- | M] () -- C:\WINDOWS\System32\kbdsf6.dll
    [2011/06/20 19:31:59 | 000,233,472 | ---- | M] () -- C:\WINDOWS\Pwuwif.exe
    [2011/06/20 19:31:59 | 000,233,472 | ---- | M] () -- C:\WINDOWS\Pwuwie.exe
    [2011/06/20 19:31:59 | 000,233,472 | ---- | M] () -- C:\WINDOWS\Pwuwid.exe
    [2011/06/20 19:31:59 | 000,233,472 | ---- | M] () -- C:\WINDOWS\Pwuwic.exe
    [2011/06/20 19:31:59 | 000,233,472 | ---- | M] () -- C:\WINDOWS\Pwuwib.exe
    [2011/06/20 19:31:56 | 000,233,472 | ---- | M] () -- C:\WINDOWS\Pwuwia.exe
    [2011/06/04 18:53:20 | 000,015,592 | -HS- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\806jq53806334f47p2e2s0n
    [2011/06/04 18:53:20 | 000,015,592 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\806jq53806334f47p2e2s0n
    [2011/06/23 15:45:21 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2011/06/22 04:10:39 | 000,882,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mTd2ARt2ln.pspro
    [2011/06/21 21:29:41 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nvvsvc.exe
    [2011/06/21 21:25:40 | 000,233,472 | ---- | C] () -- C:\WINDOWS\Pwuwif.exe
    [2011/06/21 13:30:19 | 000,233,472 | ---- | C] () -- C:\WINDOWS\Pwuwie.exe
    [2011/06/21 00:54:48 | 000,233,472 | ---- | C] () -- C:\WINDOWS\Pwuwid.exe
    [2011/06/20 22:34:29 | 000,233,472 | ---- | C] () -- C:\WINDOWS\Pwuwic.exe
    [2011/06/20 21:24:46 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\3va3x6d11.bat
    [2011/06/20 21:24:01 | 000,233,472 | ---- | C] () -- C:\WINDOWS\Pwuwib.exe
    [2011/06/20 19:34:44 | 000,009,714 | -HS- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\0q5iqr748w574vw7220xkngbul7571d42p55l34k2m2
    [2011/06/20 19:34:44 | 000,009,714 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0q5iqr748w574vw7220xkngbul7571d42p55l34k2m2
    [2011/06/20 19:34:11 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uvigitexeted.dat
    [2011/06/20 19:34:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bnurahedilaw.bin
    [2011/06/20 19:33:44 | 000,000,058 | -HS- | C] () -- C:\WINDOWS\System32\User.ini
    [2011/06/20 19:33:43 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\wo2vpz6uu.bat
    [2011/06/20 19:33:41 | 000,000,105 | -H-- | C] () -- C:\Documents and Settings\OWNER\Application Data\MouseDriver.bat
    [2011/06/20 19:33:22 | 000,370,176 | ---- | C] () -- C:\WINDOWS\System32\csdfm.exe
    [2011/06/20 19:32:49 | 000,015,992 | -HS- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\aveubjy11n85y6tdc544m23a0pdo6
    [2011/06/20 19:32:49 | 000,015,992 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aveubjy11n85y6tdc544m23a0pdo6
    [2011/06/20 19:32:48 | 000,050,000 | ---- | C] () -- C:\WINDOWS\System32\gy1yxz8xcy.dll
    [2011/06/20 19:32:41 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\EBJISXDL.job
    [2011/06/20 19:32:41 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\cdyntol.job
    [2011/06/20 19:32:41 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\rdxrqfj.job
    [2011/06/20 19:32:28 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\kbdbener.dll
    [2011/06/20 19:32:28 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\ciadv5.dll
    [2011/06/20 19:32:27 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\kbdsf6.dll
    [2011/06/20 19:32:23 | 000,179,712 | ---- | C] () -- C:\WINDOWS\System32\MsOptimizePatch.exe
    [2011/06/20 19:32:15 | 000,233,472 | ---- | C] () -- C:\WINDOWS\Pwuwia.exe
    [2010/05/13 19:33:12 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
    [2011/06/25 21:12:59 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\cdyntol.job
    [2011/06/25 21:12:53 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\EBJISXDL.job
    [2011/06/25 21:12:44 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\Tasks\rdxrqfj.job
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT

Start your system in Normal mode.

Run Malwarebytes , Update it and run a quick scan. Post the log it produces.
  • 0

Advertisements


#17
CMF71

CMF71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 6/26/2011 9:35:29 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 87.62% Memory free
3.84 Gb Paging File | 3.77 Gb Available in Paging File | 98.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 25.13 Gb Free Space | 67.47% Space Free | Partition Type: NTFS
Drive D: | 0.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-87B27AE91 | User Name: OWNER | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 03:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (XoftSpyService)
SRV - File not found [Auto | Stopped] -- -- (WUSB54GSC)
SRV - File not found [Auto | Stopped] -- -- (MsOptimizePatch)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2011/06/26 21:11:54 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2007/10/09 14:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MovieBario Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {58beca16-cae6-4b7a-a0e8-153d0cbba63a}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://ws.infospace...._id=60531&qkw="
FF - prefs.js..network.proxy.autoconfig_url: "http://srd.ohsu.edu/"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{34A01DB8-FF34-483D-B513-B01967340C07}: C:\Documents and Settings\OWNER\Local Settings\Application Data\{34A01DB8-FF34-483D-B513-B01967340C07}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/10 01:34:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 20:35:53 | 000,000,000 | ---D | M]

[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions\[email protected]
[2011/06/26 21:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions
[2010/09/08 17:25:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (MovieBario Community Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}
[2010/09/08 17:25:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/03 23:08:09 | 000,000,000 | ---D | M] (CoolChaser Layouts Auto Insert) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/06/20 15:43:51 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/05/30 16:22:27 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\askcom.xml
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\BearShareWebSearch.xml
[2010/12/05 00:11:38 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\bing-zugo.xml
[2010/11/23 13:02:52 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\conduit.xml
[2010/11/03 23:08:13 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\search-the-web.xml
[2011/06/25 15:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 02:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/08/31 11:04:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2011/06/26 21:24:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverUpdate] C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
O4 - Startup: C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.105 213.109.73.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/31 10:37:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 21:24:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/26 21:12:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/23 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mI28601EdAiE28601
[2011/06/20 21:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2011/06/20 21:28:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/20 15:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\AskToolbar
[2011/06/19 22:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\PrivacIE
[2011/06/19 22:15:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\IETldCache
[2011/06/19 22:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/19 15:00:56 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/19 15:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 15:00:53 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/19 09:55:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 09:51:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 09:51:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 09:51:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 09:51:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 09:51:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 09:51:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/08 21:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/08 21:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2011/06/08 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\SlimWare Utilities Inc
[2011/06/08 21:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/06/08 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate
[2011/06/08 21:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2011/06/07 23:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/05 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/04 20:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\GooredFix Backups
[2011/06/04 20:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/04 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/04 20:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/04 20:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/06/04 20:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7
[2011/06/04 20:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/04 20:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\Valve
[2011/06/02 20:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix(2)
[2011/05/30 15:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Compact Wireless-G USB Network Adapter with SpeedBooster
[2011/05/30 15:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2011/05/30 15:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\InstallShield
[2011/05/30 15:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[68 C:\Documents and Settings\OWNER\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Application Data\*.tmp -> ]
[44 C:\Documents and Settings\LocalService\Application Data\*.tmp files -> C:\Documents and Settings\LocalService\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 21:34:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 21:34:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 21:24:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/26 21:19:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/26 21:11:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 21:11:58 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/26 21:11:54 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/25 21:01:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/25 20:34:19 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 21:29:17 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 19:33:26 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\OWNER\delme.bat
[2011/06/20 15:43:00 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/19 22:12:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/19 09:55:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/18 11:37:54 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
[2011/06/13 19:12:30 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/07 23:51:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/05 21:26:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 15:29:14 | 001,156,579 | R--- | M] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[2011/06/04 20:41:24 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/04 20:41:13 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\NTREGOPT.lnk
[2011/06/04 20:41:13 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\ERUNT.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[68 C:\Documents and Settings\OWNER\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 16:52:32 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/20 19:33:26 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\OWNER\delme.bat
[2011/06/20 19:33:12 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\chrtmp
[2011/06/20 15:43:44 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/20 15:43:00 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\OWNER\Start Menu\Programs\Internet Explorer.lnk
[2011/06/19 15:00:56 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/19 09:55:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 09:55:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 09:51:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 09:51:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 09:51:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 09:51:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 09:51:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/13 18:06:13 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/10 00:40:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:38:03 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/08 21:37:05 | 000,002,241 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
[2011/06/05 21:26:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 21:23:42 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 21:23:42 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 15:30:49 | 001,156,579 | R--- | C] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[2011/06/04 20:41:24 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/04 20:41:13 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\NTREGOPT.lnk
[2011/06/04 20:41:13 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\ERUNT.lnk
[2010/09/15 22:21:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/28 17:53:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\PCCleanerVersion.ini
[2010/05/15 22:00:36 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/14 01:33:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\fusioncache.dat
[2009/12/31 16:52:44 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\mcs.rma
[2009/12/31 16:52:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\68ACF9
[2009/12/31 16:36:00 | 000,001,220 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/30 18:40:03 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 18:22:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/10 18:22:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/10 18:22:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/09/25 11:32:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/10 19:23:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/10 19:23:00 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/10 19:23:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/10 19:22:30 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/09/09 19:33:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/08/31 11:58:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/31 10:40:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/31 10:34:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/31 03:29:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/31 03:27:55 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,270,336 | ---- | C] () -- C:\WINDOWS\agozatec.dll
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/03 00:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/02 20:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/08 21:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/23 23:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mI28601EdAiE28601
[2011/03/05 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/23 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/23 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/09 19:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/14 01:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2009/10/11 22:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/21 23:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Acreon
[2011/06/08 21:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2010/12/08 00:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FOG Downloader
[2011/06/20 19:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FrostWire
[2010/10/22 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ICAClient
[2010/04/19 16:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Leadertech
[2010/12/09 21:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LimeWire
[2010/05/15 00:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient
[2010/01/31 01:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/09/10 13:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\OpenOffice.org
[2011/06/20 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\playitall
[2011/06/25 21:01:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/26 21:11:58 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4

< End of report >
  • 0

#18
CMF71

CMF71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
**NOTE** Got error message when I tried to update Malwarebytes. This is the log produced from scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/26/2011 10:00:45 PM
mbam-log-2011-06-26 (22-00-45).txt

Scan type: Quick scan
Objects scanned: 161964
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
  • 0

#19
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

are you able to boot into Normal Mode? if so proceed with the following

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#20
CMF71

CMF71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 11-06-28.05 - OWNER 06/28/2011 23:13:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1554 [GMT -7:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Macromedia\swfupdate\swfupdate.dll
c:\documents and settings\OWNER\Application Data\Adobe\plugs
c:\documents and settings\OWNER\Application Data\Adobe\shed
c:\documents and settings\OWNER\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\OWNER\Application Data\chrtmp
c:\documents and settings\OWNER\Cookies\885140na.t
c:\documents and settings\OWNER\Cookies\888671na.t
c:\documents and settings\OWNER\Cookies\905671na.t
c:\documents and settings\OWNER\Cookies\906203na.t
c:\documents and settings\OWNER\delme.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MOUSEDRIVER
-------\Legacy_MSOPTIMIZEPATCH
-------\Service_MsOptimizePatch
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-27 04:24 . 2011-06-27 04:24 -------- dc----w- C:\_OTL
2011-06-23 22:10 . 2011-06-24 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\mI28601EdAiE28601
2011-06-22 04:57 . 2011-06-22 04:57 3072 ----a-w- c:\documents and settings\OWNER\Application Data\k1trn0ye.tmp
2011-06-22 04:56 . 2011-06-22 04:56 3072 ----a-w- c:\documents and settings\LocalService\Application Data\33uudjrb.tmp
2011-06-22 04:55 . 2011-06-22 04:55 3072 ----a-w- c:\documents and settings\OWNER\Application Data\4vet2czb.tmp
2011-06-22 04:55 . 2011-06-22 04:55 3072 ----a-w- c:\documents and settings\LocalService\Application Data\dvv6z1vcw.tmp
2011-06-22 04:54 . 2011-06-22 04:54 3072 ----a-w- c:\documents and settings\OWNER\Application Data\f7lf8ipd.tmp
2011-06-22 04:54 . 2011-06-22 04:54 3072 ----a-w- c:\documents and settings\LocalService\Application Data\k56txag9.tmp
2011-06-22 04:53 . 2011-06-22 04:53 3072 ----a-w- c:\documents and settings\OWNER\Application Data\eqsuo6qb.tmp
2011-06-22 04:52 . 2011-06-22 04:53 3072 ----a-w- c:\documents and settings\LocalService\Application Data\cu2yaze3b.tmp
2011-06-22 04:51 . 2011-06-22 04:51 3072 ----a-w- c:\documents and settings\OWNER\Application Data\eedh616r.tmp
2011-06-22 04:50 . 2011-06-22 04:50 3072 ----a-w- c:\documents and settings\OWNER\Application Data\6r2os6b4.tmp
2011-06-22 04:48 . 2011-06-22 04:48 3072 ----a-w- c:\documents and settings\OWNER\Application Data\nks45jkr.tmp
2011-06-22 04:47 . 2011-06-22 04:47 3072 ----a-w- c:\documents and settings\OWNER\Application Data\skieqo4t.tmp
2011-06-22 04:47 . 2011-06-22 04:47 3072 ----a-w- c:\documents and settings\LocalService\Application Data\82rfhvfir.tmp
2011-06-22 04:47 . 2011-06-22 04:47 3072 ----a-w- c:\documents and settings\OWNER\Application Data\rago8l7o.tmp
2011-06-22 04:45 . 2011-06-22 04:45 3072 ----a-w- c:\documents and settings\OWNER\Application Data\yldslfovj.tmp
2011-06-22 04:45 . 2011-06-22 04:45 3072 ----a-w- c:\documents and settings\LocalService\Application Data\2897b0w1.tmp
2011-06-22 04:45 . 2011-06-22 04:45 3072 ----a-w- c:\documents and settings\OWNER\Application Data\7i10c571i.tmp
2011-06-22 04:45 . 2011-06-22 04:45 3072 ----a-w- c:\documents and settings\LocalService\Application Data\muw6lmsz.tmp
2011-06-22 04:44 . 2011-06-22 04:44 3072 ----a-w- c:\documents and settings\OWNER\Application Data\8juz07nj4.tmp
2011-06-22 04:44 . 2011-06-22 04:44 3072 ----a-w- c:\documents and settings\OWNER\Application Data\1ekcyvvuy.tmp
2011-06-22 04:44 . 2011-06-22 04:44 3072 ----a-w- c:\documents and settings\LocalService\Application Data\gyi3sphv.tmp
2011-06-22 04:41 . 2011-06-22 04:41 3072 ----a-w- c:\documents and settings\OWNER\Application Data\vr4s8x48.tmp
2011-06-22 04:41 . 2011-06-22 04:41 3072 ----a-w- c:\documents and settings\LocalService\Application Data\boun95648.tmp
2011-06-22 04:40 . 2011-06-22 04:40 3072 ----a-w- c:\documents and settings\OWNER\Application Data\wfltdqct5.tmp
2011-06-22 04:40 . 2011-06-22 04:40 3072 ----a-w- c:\documents and settings\OWNER\Application Data\s7qu31py.tmp
2011-06-22 04:40 . 2011-06-22 04:40 3072 ----a-w- c:\documents and settings\LocalService\Application Data\gncb23lr0.tmp
2011-06-22 04:39 . 2011-06-22 04:39 3072 ----a-w- c:\documents and settings\OWNER\Application Data\edortn4fa.tmp
2011-06-22 04:39 . 2011-06-22 04:39 3072 ----a-w- c:\documents and settings\LocalService\Application Data\q88jce8p.tmp
2011-06-22 04:35 . 2011-06-22 04:35 3072 ----a-w- c:\documents and settings\OWNER\Application Data\7zlrsruaf.tmp
2011-06-22 04:34 . 2011-06-22 04:34 3072 ----a-w- c:\documents and settings\OWNER\Application Data\gums95prd.tmp
2011-06-22 04:34 . 2011-06-22 04:34 3072 ----a-w- c:\documents and settings\LocalService\Application Data\bn5nvr3s7.tmp
2011-06-22 04:33 . 2011-06-22 04:33 3072 ----a-w- c:\documents and settings\OWNER\Application Data\rp5k1wt1.tmp
2011-06-22 04:32 . 2011-06-22 04:32 3072 ----a-w- c:\documents and settings\OWNER\Application Data\5s4uxfx5.tmp
2011-06-22 04:31 . 2011-06-22 04:31 3072 ----a-w- c:\documents and settings\OWNER\Application Data\jmw3iri9r.tmp
2011-06-22 04:31 . 2011-06-22 04:31 3072 ----a-w- c:\documents and settings\LocalService\Application Data\jr3dsjq6.tmp
2011-06-22 04:29 . 2011-06-22 04:29 3072 ----a-w- c:\documents and settings\OWNER\Application Data\oj0b5uij.tmp
2011-06-22 04:28 . 2011-06-22 04:28 3072 ----a-w- c:\documents and settings\OWNER\Application Data\utwmhm7gf.tmp
2011-06-22 04:28 . 2011-06-22 04:28 3072 ----a-w- c:\documents and settings\LocalService\Application Data\yti57l58.tmp
2011-06-22 04:27 . 2011-06-22 04:27 3072 ----a-w- c:\documents and settings\OWNER\Application Data\9kxbokdz.tmp
2011-06-22 04:27 . 2011-06-22 04:27 3072 ----a-w- c:\documents and settings\LocalService\Application Data\z5547xsx.tmp
2011-06-22 04:26 . 2011-06-22 04:26 3072 ----a-w- c:\documents and settings\OWNER\Application Data\8gis78fm.tmp
2011-06-22 04:26 . 2011-06-22 04:26 3072 ----a-w- c:\documents and settings\LocalService\Application Data\8gis78fm.tmp
2011-06-21 08:41 . 2011-06-21 08:41 3072 ----a-w- c:\documents and settings\OWNER\Application Data\zzioxgug.tmp
2011-06-21 08:41 . 2011-06-21 08:41 3072 ----a-w- c:\documents and settings\OWNER\Application Data\o6pws5t9.tmp
2011-06-21 08:41 . 2011-06-21 08:41 3072 ----a-w- c:\documents and settings\OWNER\Application Data\35j36gd1.tmp
2011-06-21 08:41 . 2011-06-21 08:41 3072 ----a-w- c:\documents and settings\LocalService\Application Data\qpt9di3c.tmp
2011-06-21 08:41 . 2011-06-21 08:41 1024 ----a-w- c:\documents and settings\OWNER\Application Data\enmx02wdo.tmp
2011-06-21 08:35 . 2011-06-21 08:35 3072 ----a-w- c:\documents and settings\OWNER\Application Data\dibx3426m.tmp
2011-06-21 08:35 . 2011-06-21 08:35 3072 ----a-w- c:\documents and settings\OWNER\Application Data\lva18ol56.tmp
2011-06-21 08:35 . 2011-06-21 08:35 3072 ----a-w- c:\documents and settings\OWNER\Application Data\5igwbsmk.tmp
2011-06-21 08:35 . 2011-06-21 08:35 3072 ----a-w- c:\documents and settings\LocalService\Application Data\9mibx3436.tmp
2011-06-21 08:35 . 2011-06-21 08:35 3072 ----a-w- c:\documents and settings\OWNER\Application Data\hxwf2f58q.tmp
2011-06-21 08:31 . 2011-06-21 08:31 3072 ----a-w- c:\documents and settings\OWNER\Application Data\jjilb6bw.tmp
2011-06-21 08:31 . 2011-06-21 08:31 3072 ----a-w- c:\documents and settings\OWNER\Application Data\u58a4lwrg.tmp
2011-06-21 08:31 . 2011-06-21 08:31 3072 ----a-w- c:\documents and settings\OWNER\Application Data\tdgpxbkc.tmp
2011-06-21 08:31 . 2011-06-21 08:31 3072 ----a-w- c:\documents and settings\LocalService\Application Data\6ikmgyi3.tmp
2011-06-21 08:27 . 2011-06-21 08:27 3072 ----a-w- c:\documents and settings\OWNER\Application Data\elh2cp3hd.tmp
2011-06-21 08:27 . 2011-06-21 08:27 3072 ----a-w- c:\documents and settings\LocalService\Application Data\up20g5cgd.tmp
2011-06-21 08:26 . 2011-06-21 08:26 3072 ----a-w- c:\documents and settings\OWNER\Application Data\blsgg7xg.tmp
2011-06-21 08:26 . 2011-06-21 08:26 2048 ----a-w- c:\documents and settings\OWNER\Application Data\3jyfjhpr1.tmp
2011-06-21 08:26 . 2011-06-21 08:26 3072 ----a-w- c:\documents and settings\OWNER\Application Data\hzj4tqiw.tmp
2011-06-21 08:26 . 2011-06-21 08:26 3072 ----a-w- c:\documents and settings\OWNER\Application Data\9j6i9btlj.tmp
2011-06-21 08:26 . 2011-06-21 08:26 3072 ----a-w- c:\documents and settings\LocalService\Application Data\8tam4nuq3.tmp
2011-06-21 08:20 . 2011-06-21 08:20 3072 ----a-w- c:\documents and settings\OWNER\Application Data\949ud3eg.tmp
2011-06-21 08:19 . 2011-06-21 08:19 3072 ----a-w- c:\documents and settings\OWNER\Application Data\g27kpi411.tmp
2011-06-21 08:18 . 2011-06-21 08:18 3072 ----a-w- c:\documents and settings\OWNER\Application Data\xu2eftu1h.tmp
2011-06-21 08:18 . 2011-06-21 08:18 3072 ----a-w- c:\documents and settings\LocalService\Application Data\7fr1g8ev.tmp
2011-06-21 08:17 . 2011-06-21 08:17 3072 ----a-w- c:\documents and settings\OWNER\Application Data\nfd9mk0o.tmp
2011-06-21 08:16 . 2011-06-21 08:16 3072 ----a-w- c:\documents and settings\OWNER\Application Data\g10nftngq.tmp
2011-06-21 08:16 . 2011-06-21 08:16 3072 ----a-w- c:\documents and settings\OWNER\Application Data\5wwfltdqc.tmp
2011-06-21 08:16 . 2011-06-21 08:16 0 ----a-w- c:\documents and settings\OWNER\Application Data\s4mmxqsm.tmp
2011-06-21 08:16 . 2011-06-21 08:16 2048 ----a-w- c:\documents and settings\LocalService\Application Data\jtgsil3v.tmp
2011-06-21 08:16 . 2011-06-21 08:16 3072 ----a-w- c:\documents and settings\OWNER\Application Data\rk63325v.tmp
2011-06-21 08:11 . 2011-06-21 08:11 3072 ----a-w- c:\documents and settings\OWNER\Application Data\ncrgnspx.tmp
2011-06-21 08:11 . 2011-06-21 08:11 3072 ----a-w- c:\documents and settings\OWNER\Application Data\fo7l7n0i0.tmp
2011-06-21 08:11 . 2011-06-21 08:11 3072 ----a-w- c:\documents and settings\OWNER\Application Data\bhio51ln9.tmp
2011-06-21 08:11 . 2011-06-21 08:11 3072 ----a-w- c:\documents and settings\OWNER\Application Data\9n7akh6fw.tmp
2011-06-21 08:11 . 2011-06-21 08:11 3072 ----a-w- c:\documents and settings\LocalService\Application Data\ncjnlt45k.tmp
2011-06-21 08:06 . 2011-06-21 08:06 3072 ----a-w- c:\documents and settings\OWNER\Application Data\54fikev61.tmp
2011-06-21 08:06 . 2011-06-21 08:06 3072 ----a-w- c:\documents and settings\LocalService\Application Data\0b460h1nl.tmp
2011-06-21 08:06 . 2011-06-21 08:06 3072 ----a-w- c:\documents and settings\OWNER\Application Data\bhihk05a.tmp
2011-06-21 08:06 . 2011-06-21 08:06 3072 ----a-w- c:\documents and settings\LocalService\Application Data\pcgtzsea.tmp
2011-06-21 08:03 . 2011-06-21 08:03 3072 ----a-w- c:\documents and settings\OWNER\Application Data\u1heyzm04.tmp
2011-06-21 08:02 . 2011-06-21 08:02 3072 ----a-w- c:\documents and settings\OWNER\Application Data\2hytqyak.tmp
2011-06-21 08:01 . 2011-06-21 08:01 3072 ----a-w- c:\documents and settings\OWNER\Application Data\pcoehzhpl.tmp
2011-06-21 08:00 . 2011-06-21 08:00 3072 ----a-w- c:\documents and settings\OWNER\Application Data\x4jsjas8.tmp
2011-06-21 08:00 . 2011-06-21 08:00 3072 ----a-w- c:\documents and settings\LocalService\Application Data\ju906nj45.tmp
2011-06-21 07:59 . 2011-06-21 07:59 3072 ----a-w- c:\documents and settings\OWNER\Application Data\6gb0np3n.tmp
2011-06-21 07:59 . 2011-06-21 07:59 3072 ----a-w- c:\documents and settings\LocalService\Application Data\coehzhpl.tmp
2011-06-21 07:57 . 2011-06-21 07:57 3072 ----a-w- c:\documents and settings\OWNER\Application Data\0pkpajjux.tmp
2011-06-21 07:55 . 2011-06-21 07:55 3072 ----a-w- c:\documents and settings\OWNER\Application Data\jrt4ijqx.tmp
2011-06-21 05:35 . 2011-06-21 05:35 3072 ----a-w- c:\documents and settings\OWNER\Application Data\hpr2ghov.tmp
2011-06-21 05:35 . 2011-06-21 05:35 3072 ----a-w- c:\documents and settings\LocalService\Application Data\jru4jkqx.tmp
2011-06-21 05:07 . 2011-06-21 05:07 3072 ----a-w- c:\documents and settings\LocalService\Application Data\tef1fjph3.tmp
2011-06-21 05:07 . 2011-06-21 05:07 3072 ----a-w- c:\documents and settings\LocalService\Application Data\3dstz63ny.tmp
2011-06-21 05:05 . 2011-06-21 05:05 3072 ----a-w- c:\documents and settings\LocalService\Application Data\tfv8g862.tmp
2011-06-21 04:59 . 2011-06-21 04:59 3072 ----a-w- c:\documents and settings\LocalService\Application Data\9ggfiy38.tmp
2011-06-21 04:47 . 2011-06-21 04:47 3072 ----a-w- c:\documents and settings\LocalService\Application Data\81nttswl.tmp
2011-06-21 04:46 . 2011-06-21 04:46 3072 ----a-w- c:\documents and settings\LocalService\Application Data\cr8c9hju8.tmp
2011-06-21 04:46 . 2011-06-21 04:46 3072 ----a-w- c:\documents and settings\LocalService\Application Data\k6boum855.tmp
2011-06-21 04:34 . 2011-06-21 04:34 3072 ----a-w- c:\documents and settings\LocalService\Application Data\jzwgh48m.tmp
2011-06-21 04:32 . 2011-06-21 04:33 3072 ----a-w- c:\documents and settings\LocalService\Application Data\7pxt6uaz.tmp
2011-06-21 04:31 . 2011-06-21 04:31 3072 ----a-w- c:\documents and settings\LocalService\Application Data\vy85t3kk.tmp
2011-06-21 04:30 . 2011-06-21 04:30 3072 ----a-w- c:\documents and settings\LocalService\Application Data\dty3oxw7a.tmp
2011-06-21 04:29 . 2011-06-21 04:29 3072 ----a-w- c:\documents and settings\LocalService\Application Data\rip52mna.tmp
2011-06-21 04:28 . 2011-06-21 04:28 3072 ----a-w- c:\documents and settings\LocalService\Application Data\u6wzhz73f.tmp
2011-06-21 04:27 . 2011-06-21 04:27 3072 ----a-w- c:\documents and settings\LocalService\Application Data\f35j36fm.tmp
2011-06-21 04:26 . 2011-06-21 04:26 3072 ----a-w- c:\documents and settings\LocalService\Application Data\hnnmqfbg1.tmp
2011-06-21 02:37 . 2011-06-21 02:37 3072 ----a-w- c:\documents and settings\OWNER\Application Data\9yln1loy.tmp
2011-06-21 02:36 . 2011-06-21 02:36 3072 ----a-w- c:\documents and settings\OWNER\Application Data\05qzyace8.tmp
2011-06-21 02:34 . 2011-06-21 02:34 3072 ----a-w- c:\documents and settings\OWNER\Application Data\kyb70mssr.tmp
2011-06-21 02:33 . 2011-06-21 02:33 3072 ----a-w- c:\documents and settings\OWNER\Application Data\2adn239gc.tmp
2011-06-21 02:32 . 2011-06-21 02:32 813568 ----a-w- c:\windows\system32\whofqlcu.dll
2011-06-20 22:43 . 2011-06-26 04:19 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\AskToolbar
2011-06-20 05:17 . 2011-06-20 05:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-20 05:17 . 2011-06-20 05:17 -------- d-sh--w- c:\documents and settings\OWNER\PrivacIE
2011-06-20 05:15 . 2011-06-20 05:15 -------- d-sh--w- c:\documents and settings\OWNER\IETldCache
2011-06-20 05:12 . 2011-06-20 05:12 -------- d-----w- c:\windows\ie8updates
2011-06-20 05:09 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-20 05:09 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-20 05:09 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-09 04:47 . 2011-06-09 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-09 04:38 . 2011-06-09 04:43 -------- d-----w- c:\documents and settings\OWNER\Application Data\FixCleaner
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 18:43 . 2004-08-04 10:00 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2009-09-13 06:05 . 2011-06-03 03:14 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 06:06 . 2011-06-03 03:14 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 06:06 . 2011-06-03 03:14 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 06:06 . 2011-06-03 03:14 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 06:06 . 2011-06-03 03:14 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 06:07 . 2011-06-03 03:14 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 06:06 . 2011-06-03 03:14 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 06:06 . 2011-06-03 03:14 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 20:33 . 2009-08-14 20:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 06:06 . 2011-06-03 03:14 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 20:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-04 208896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\muscatell\\counter-strike\\hl.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [9/10/2009 7:22 PM 65596]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [9/10/2009 7:23 PM 198144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2011 9:23 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2011 9:23 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/8/2011 9:38 PM 12984]
S3 vmwvusb;VMware View Generic USB Driver; [x]
S3 XoftSpyService;XoftSpyService; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 04:23]
.
2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 04:23]
.
2011-06-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 20:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser/ws/redir?_iceUrl=true&user_id=21895119&tool_id=60531&qkw=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: CoolChaser Layouts Auto Insert: {a2880346-35bb-45bb-9190-eedb49c132c5} - %profile%\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
FF - Ext: MovieBario Community Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - %profile%\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 23:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2011-06-28 23:25:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-29 06:25
ComboFix2.txt 2011-06-19 17:01
.
Pre-Run: 26,851,794,944 bytes free
Post-Run: 26,774,315,008 bytes free
.
- - End Of File - - 622B30738E126B53463888351E68BCF7
  • 0

#21
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Uninstall Ask Tool bar

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    c:\documents and settings\All Users\Application Data\mI28601EdAiE28601
    c:\documents and settings\OWNER\Application Data\*.tmp
    c:\documents and settings\LocalService\Application Data\*.tmp
    c:\windows\system32\whofqlcu.dll
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#22
CMF71

CMF71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

Just a note that I'm still getting an update error on Malwarebytes. I removed it via add/remove programs and re-downloaded it, with the update box checked. It downloads fine but I still get an error when I click update yes. It says it hasn't been updated in 32 days. If I click no update, it scans fine. OTL and MBAM logs posted:

OTL logfile created on: 6/29/2011 8:09:16 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 81.67% Memory free
3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 25.06 Gb Free Space | 67.30% Space Free | Partition Type: NTFS
Drive D: | 0.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-87B27AE91 | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/08/03 23:18:30 | 006,248,960 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
PRC - [2007/08/10 17:12:20 | 000,065,596 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 03:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (XoftSpyService)
SRV - File not found [Auto | Running] -- -- (WUSB54GSC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2011/06/26 22:02:45 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2007/10/09 14:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MovieBario Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {58beca16-cae6-4b7a-a0e8-153d0cbba63a}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://ws.infospace...._id=60531&qkw="
FF - prefs.js..network.proxy.autoconfig_url: "http://srd.ohsu.edu/"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{34A01DB8-FF34-483D-B513-B01967340C07}: C:\Documents and Settings\OWNER\Local Settings\Application Data\{34A01DB8-FF34-483D-B513-B01967340C07}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/10 01:34:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 20:35:53 | 000,000,000 | ---D | M]

[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions\[email protected]
[2011/06/28 00:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions
[2010/09/08 17:25:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (MovieBario Community Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}
[2010/09/08 17:25:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/03 23:08:09 | 000,000,000 | ---D | M] (CoolChaser Layouts Auto Insert) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/06/20 15:43:51 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/05/30 16:22:27 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\askcom.xml
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\BearShareWebSearch.xml
[2010/12/05 00:11:38 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\bing-zugo.xml
[2010/11/23 13:02:52 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\conduit.xml
[2010/11/03 23:08:13 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\search-the-web.xml
[2011/06/28 23:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 02:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/08/31 11:04:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2011/06/28 23:19:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/31 10:37:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 23:44:05 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/28 23:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 23:44:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/28 23:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 23:43:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 23:10:45 | 004,129,340 | R--- | C] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2011/06/26 21:24:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/20 21:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2011/06/20 15:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\AskToolbar
[2011/06/19 22:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\PrivacIE
[2011/06/19 22:15:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\IETldCache
[2011/06/19 22:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/19 09:55:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 09:51:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 09:51:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 09:51:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 09:51:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 09:51:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 09:51:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/08 21:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/08 21:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2011/06/08 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\SlimWare Utilities Inc
[2011/06/08 21:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/06/07 23:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/05 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/04 20:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\GooredFix Backups
[2011/06/04 20:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/04 20:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/06/04 20:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7
[2011/06/04 20:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\Valve
[2011/06/02 20:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix(2)
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/29 20:08:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/29 20:07:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/29 20:07:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/29 20:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/29 19:34:19 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/28 23:44:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 23:23:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/28 23:19:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/28 23:11:16 | 000,020,337 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Ovn1ZsSc.htm.part.htm
[2011/06/28 23:10:56 | 004,129,340 | R--- | M] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2011/06/26 22:02:45 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/26 21:40:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/20 15:43:00 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/19 09:55:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/13 19:12:30 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/07 23:51:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/05 21:26:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 15:29:14 | 001,156,579 | R--- | M] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/28 23:44:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 23:11:16 | 000,020,337 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Ovn1ZsSc.htm.part.htm
[2011/06/20 15:43:44 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/20 15:43:00 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\OWNER\Start Menu\Programs\Internet Explorer.lnk
[2011/06/19 09:55:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 09:55:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 09:51:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 09:51:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 09:51:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 09:51:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 09:51:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/13 18:06:13 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/10 00:40:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:38:03 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/05 21:26:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 21:23:42 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 21:23:42 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 15:30:49 | 001,156,579 | R--- | C] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[2010/09/15 22:21:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/28 17:53:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\PCCleanerVersion.ini
[2010/05/15 22:00:36 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/14 01:33:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\fusioncache.dat
[2009/12/31 16:52:44 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\mcs.rma
[2009/12/31 16:52:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\68ACF9
[2009/12/31 16:36:00 | 000,001,220 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/30 18:40:03 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 18:22:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/10 18:22:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/10 18:22:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/09/25 11:32:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/10 19:23:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/10 19:23:00 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/10 19:23:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/10 19:22:30 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/09/09 19:33:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/08/31 11:58:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/31 10:40:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/31 10:34:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/31 03:29:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/31 03:27:55 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,270,336 | ---- | C] () -- C:\WINDOWS\agozatec.dll
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/03 00:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/02 20:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/08 21:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/05 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/23 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/23 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/09 19:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/14 01:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2009/10/11 22:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/21 23:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Acreon
[2011/06/08 21:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2010/12/08 00:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FOG Downloader
[2011/06/28 00:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FrostWire
[2010/10/22 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ICAClient
[2010/04/19 16:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Leadertech
[2010/12/09 21:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LimeWire
[2010/05/15 00:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient
[2010/01/31 01:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/09/10 13:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\OpenOffice.org
[2011/06/20 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\playitall
[2011/06/29 20:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4

< End of report >



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/29/2011 8:28:20 PM
mbam-log-2011-06-29 (20-28-20).txt

Scan type: Quick scan
Objects scanned: 161969
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#23
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

OK lets now look deeper

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#24
CMF71

CMF71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

The XP anti-virus popup has appeared again. This time in safe mode, too. Firefox won't open and neither will Malwarebytes. ??

Thanks.
  • 0

#25
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

Advertisements


#26
CMF71

CMF71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I was able to run the OTL scan. But couldn't open anything else including any browsers. Was finally able to run Malwarebytes in safe mode under a different user. now can access internet. OTL log posted below. Should I go back to the steps you posted before the XP virus appeared? thanks.




OTL logfile created on: 6/30/2011 9:35:29 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 87.12% Memory free
3.84 Gb Paging File | 3.76 Gb Available in Paging File | 97.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 25.04 Gb Free Space | 67.22% Space Free | Partition Type: NTFS
Drive D: | 0.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-87B27AE91 | User Name: OWNER | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/29 20:37:52 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe
PRC - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 03:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (XoftSpyService)
SRV - File not found [Auto | Stopped] -- -- (WUSB54GSC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2011/06/26 22:02:45 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2007/10/09 14:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MovieBario Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {58beca16-cae6-4b7a-a0e8-153d0cbba63a}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://ws.infospace...._id=60531&qkw="
FF - prefs.js..network.proxy.autoconfig_url: "http://srd.ohsu.edu/"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{34A01DB8-FF34-483D-B513-B01967340C07}: C:\Documents and Settings\OWNER\Local Settings\Application Data\{34A01DB8-FF34-483D-B513-B01967340C07}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/10 01:34:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 20:35:53 | 000,000,000 | ---D | M]

[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions\[email protected]
[2011/06/30 16:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions
[2010/09/08 17:25:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (MovieBario Community Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}
[2010/09/08 17:25:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/03 23:08:09 | 000,000,000 | ---D | M] (CoolChaser Layouts Auto Insert) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/06/20 15:43:51 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/05/30 16:22:27 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\askcom.xml
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\BearShareWebSearch.xml
[2010/12/05 00:11:38 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\bing-zugo.xml
[2010/11/23 13:02:52 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\conduit.xml
[2010/11/03 23:08:13 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\search-the-web.xml
[2011/06/28 23:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 02:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/08/31 11:04:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2011/06/28 23:19:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKCU..\Run: [4271410647] C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.105 213.109.73.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/31 10:37:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 20:24:14 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/29 20:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/29 20:24:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/29 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 23:43:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 23:10:45 | 004,129,340 | R--- | C] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2011/06/26 21:24:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/20 21:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2011/06/20 15:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\AskToolbar
[2011/06/19 22:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\PrivacIE
[2011/06/19 22:15:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\IETldCache
[2011/06/19 22:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/19 09:55:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 09:51:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 09:51:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 09:51:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 09:51:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 09:51:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 09:51:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/08 21:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/08 21:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2011/06/08 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\SlimWare Utilities Inc
[2011/06/08 21:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/06/07 23:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/05 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/04 20:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\GooredFix Backups
[2011/06/04 20:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/04 20:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/06/04 20:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7
[2011/06/04 20:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\Valve
[2011/06/02 20:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix(2)
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 21:37:27 | 000,012,774 | -HS- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\5531y3vdwd7p14076e73122
[2011/06/30 21:37:27 | 000,012,774 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5531y3vdwd7p14076e73122
[2011/06/30 21:35:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/30 21:34:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/30 21:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/30 20:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 16:28:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 08:37:48 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 20:37:52 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe
[2011/06/28 23:23:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/28 23:19:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/28 23:11:16 | 000,020,337 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Ovn1ZsSc.htm.part.htm
[2011/06/28 23:10:56 | 004,129,340 | R--- | M] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2011/06/26 22:02:45 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/26 21:40:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/20 15:43:00 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/19 09:55:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/13 19:12:30 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/07 23:51:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/05 21:26:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 15:29:14 | 001,156,579 | R--- | M] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/29 20:37:53 | 000,012,774 | -HS- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\5531y3vdwd7p14076e73122
[2011/06/29 20:37:53 | 000,012,774 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5531y3vdwd7p14076e73122
[2011/06/29 20:37:52 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe
[2011/06/29 20:24:14 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 23:11:16 | 000,020,337 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Ovn1ZsSc.htm.part.htm
[2011/06/20 15:43:44 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/20 15:43:00 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\OWNER\Start Menu\Programs\Internet Explorer.lnk
[2011/06/19 09:55:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 09:55:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 09:51:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 09:51:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 09:51:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 09:51:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 09:51:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/13 18:06:13 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/10 00:40:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:38:03 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/05 21:26:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 21:23:42 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 21:23:42 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 15:30:49 | 001,156,579 | R--- | C] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[2010/09/15 22:21:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/28 17:53:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\PCCleanerVersion.ini
[2010/05/15 22:00:36 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/14 01:33:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\fusioncache.dat
[2009/12/31 16:52:44 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\mcs.rma
[2009/12/31 16:52:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\68ACF9
[2009/12/31 16:36:00 | 000,001,220 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/30 18:40:03 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 18:22:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/10 18:22:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/10 18:22:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/09/25 11:32:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/10 19:23:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/10 19:23:00 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/10 19:23:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/10 19:22:30 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/09/09 19:33:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/08/31 11:58:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/31 10:40:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/31 10:34:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/31 03:29:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/31 03:27:55 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,270,336 | ---- | C] () -- C:\WINDOWS\agozatec.dll
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/03 00:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/02 20:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/08 21:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/05 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/23 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/23 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/09 19:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/14 01:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2009/10/11 22:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/21 23:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Acreon
[2011/06/08 21:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2010/12/08 00:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FOG Downloader
[2011/06/28 00:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FrostWire
[2010/10/22 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ICAClient
[2010/04/19 16:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Leadertech
[2010/12/09 21:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LimeWire
[2010/05/15 00:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient
[2010/01/31 01:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/09/10 13:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\OpenOffice.org
[2011/06/20 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\playitall
[2011/06/30 21:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4

< End of report >
  • 0

#27
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Uninstall Ask.com and BearShareWebSearch

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [4271410647] C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe ()
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe" -a "%1" %* ()
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe" -a "%1" %* ()
    [2011/06/30 21:37:27 | 000,012,774 | -HS- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\5531y3vdwd7p14076e73122
    [2011/06/30 21:37:27 | 000,012,774 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5531y3vdwd7p14076e73122
    [2011/06/29 20:37:52 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\txy.exe
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#28
CMF71

CMF71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 7/4/2011 1:35:48 PM - Run 6
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 82.32% Memory free
3.84 Gb Paging File | 3.66 Gb Available in Paging File | 95.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 25.06 Gb Free Space | 67.29% Space Free | Partition Type: NTFS
Drive D: | 0.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-87B27AE91 | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/08/03 23:18:30 | 006,248,960 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
PRC - [2007/08/10 17:12:20 | 000,065,596 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 21:22:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 03:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (XoftSpyService)
SRV - File not found [Auto | Running] -- -- (WUSB54GSC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2011/06/26 22:02:45 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2007/10/09 14:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MovieBario Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {58beca16-cae6-4b7a-a0e8-153d0cbba63a}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://ws.infospace...._id=60531&qkw="
FF - prefs.js..network.proxy.autoconfig_url: "http://srd.ohsu.edu/"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{34A01DB8-FF34-483D-B513-B01967340C07}: C:\Documents and Settings\OWNER\Local Settings\Application Data\{34A01DB8-FF34-483D-B513-B01967340C07}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/10 01:34:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 20:35:53 | 000,000,000 | ---D | M]

[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
[2010/05/09 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions\[email protected]
[2011/07/04 11:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions
[2010/09/08 17:25:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (MovieBario Community Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}
[2010/09/08 17:25:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/03 23:08:09 | 000,000,000 | ---D | M] (CoolChaser Layouts Auto Insert) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2010/12/13 23:58:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/06/20 15:43:51 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\extensions\[email protected]
[2011/05/30 16:22:27 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\askcom.xml
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\BearShareWebSearch.xml
[2010/12/05 00:11:38 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\bing-zugo.xml
[2010/11/23 13:02:52 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\conduit.xml
[2010/11/03 23:08:13 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\yg1bqqxh.default\searchplugins\search-the-web.xml
[2011/07/02 12:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 02:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/08/31 11:04:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/03/28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2011/06/28 23:19:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/31 10:37:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 20:24:14 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/29 20:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/29 20:24:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/29 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 23:43:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 23:10:45 | 004,129,340 | R--- | C] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2011/06/26 21:24:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/20 21:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2011/06/20 15:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\AskToolbar
[2011/06/19 22:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\PrivacIE
[2011/06/19 22:15:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\OWNER\IETldCache
[2011/06/19 22:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/19 09:55:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 09:51:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 09:51:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 09:51:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 09:51:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 09:51:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 09:51:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/08 21:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/08 21:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2011/06/08 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\SlimWare Utilities Inc
[2011/06/08 21:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/06/07 23:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/05 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/04 20:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\GooredFix Backups
[2011/06/04 20:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/04 20:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/06/04 20:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7
[2011/06/04 20:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\Valve
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 13:34:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 13:34:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 13:34:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 13:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/04 12:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/02 12:22:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 23:23:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/28 23:19:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/28 23:11:16 | 000,020,337 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Ovn1ZsSc.htm.part.htm
[2011/06/28 23:10:56 | 004,129,340 | R--- | M] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2011/06/26 22:02:45 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/26 21:40:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/20 15:43:00 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/19 09:55:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/13 19:12:30 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/07 23:51:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/05 21:26:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 15:29:14 | 001,156,579 | R--- | M] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[1 C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\OWNER\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/29 20:24:14 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 23:11:16 | 000,020,337 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Ovn1ZsSc.htm.part.htm
[2011/06/20 15:43:44 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/20 15:43:00 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/20 15:43:00 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\FrostWire 4.21.8.lnk
[2011/06/19 22:16:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\OWNER\Start Menu\Programs\Internet Explorer.lnk
[2011/06/19 09:55:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 09:55:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 09:51:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 09:51:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 09:51:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 09:51:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 09:51:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/13 18:06:13 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/06/10 00:40:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:38:03 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/06/05 21:26:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/05 21:23:42 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 21:23:42 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 15:30:49 | 001,156,579 | R--- | C] () -- C:\Documents and Settings\OWNER\My Documents\IMAG0122.jpg
[2010/09/15 22:21:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/28 17:53:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\PCCleanerVersion.ini
[2010/05/15 22:00:36 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/14 01:33:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\fusioncache.dat
[2009/12/31 16:52:44 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\mcs.rma
[2009/12/31 16:52:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\68ACF9
[2009/12/31 16:36:00 | 000,001,220 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/30 18:40:03 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 18:22:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/10 18:22:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/10 18:22:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/09/25 11:32:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/10 19:23:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/10 19:23:00 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/10 19:23:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/10 19:22:30 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/09/09 19:33:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/08/31 11:58:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/31 10:40:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/31 10:34:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/31 03:29:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/31 03:27:55 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,270,336 | ---- | C] () -- C:\WINDOWS\agozatec.dll
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/03 00:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/02 20:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/08 21:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/05 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/23 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/23 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/09 19:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/14 01:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2009/10/11 22:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/21 23:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Acreon
[2011/06/08 21:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2010/12/08 00:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FOG Downloader
[2011/06/28 00:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FrostWire
[2010/10/22 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ICAClient
[2010/04/19 16:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Leadertech
[2010/12/09 21:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LimeWire
[2010/05/15 00:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient
[2010/01/31 01:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/09/10 13:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\OpenOffice.org
[2011/06/20 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\playitall
[2011/07/04 13:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4

< End of report >



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/4/2011 1:44:45 PM
mbam-log-2011-07-04 (13-44-45).txt

Scan type: Quick scan
Objects scanned: 161939
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#29
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Thank you :unsure:
  • 0

#30
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP