Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lingering Firefox redirection (Shopica, etc.) after XP 2012 Attack

Started by jss10 , Aug 01 2011 04:17 PM

  • This topic is locked This topic is locked

#1
jss10
Posted 01 August 2011 - 04:17 PM

jss10

    Member

  • Member
  • PipPip
  • 40 posts
Last week my system was attacked by the XP Security 2012 virus, which I had to use a paid computer phone service to get rid of (the technician did a "log me in" session). I did so, and I thought everything was okay, but now, a few days later, I'm noticing one lingering effect. As the title of this thread suggests, I'm experiencing some redirection with search results in Firefox (NOT IE, which seems to be working fine). Also as suggested by the title, the result of the redirection is usually Shopica or Shopzilla or something like that.

Also, this morning when I booted up my computer, I got one of those BHO messages (an attempt to change your home page, or something like that) on my screen. Of course, I told it to keep the old settings.

So, while things aren't as bad as they were before the virus was supposedly "cleaned," they're not yet perfect either. Below is the information you request. Thanks.

OTL logfile created on: 8/1/2011 5:44:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jordan Solomon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.24% Memory free
3.85 Gb Paging File | 2.82 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 54.51 Gb Free Space | 36.58% Space Free | Partition Type: NTFS

Computer Name: JORDAN-B44B7F29 | User Name: Jordan Solomon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 17:43:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/04/03 12:55:18 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 22:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/11/06 07:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 07:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/10/02 14:42:54 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2008/10/02 14:41:48 | 000,677,104 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/07/10 01:51:06 | 000,095,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1230403542\ee\aolsoftware.exe
PRC - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldwcoms.exe
PRC - [2007/08/10 14:33:28 | 000,455,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/07/03 10:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/06/26 03:56:06 | 000,598,664 | ---- | M] ( ) -- C:\WINDOWS\system32\dldfcoms.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/02 08:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 17:43:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
MOD - [2008/11/06 07:42:56 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\idleproc.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NetTcpPortSharing32)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 22:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/05/16 10:58:22 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldwcoms.exe -- (dldw_device)
SRV - [2007/06/26 03:56:08 | 000,098,952 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 03:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldfcoms.exe -- (dldf_device)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/15 11:54:58 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110731.003\navex15.sys -- (NAVEX15)
DRV - [2011/06/15 11:54:58 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110731.003\naveng.sys -- (NAVENG)
DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/05/25 02:00:36 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2009/01/14 03:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/27 14:38:23 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/11/18 19:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/13 13:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 13:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 13:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/09/20 07:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 07:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/11 05:23:22 | 004,614,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/07 03:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/05/31 03:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/01 21:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 15:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 15:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 15:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC 04 18 35 58 DB 38 4E B6 C6 C6 B1 E5 55 11 59 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.1.886.21021\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 09:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 09:05:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/04/03 13:01:26 | 000,000,000 | ---D | M]

[2009/01/02 18:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Extensions
[2011/07/28 19:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions
[2011/07/28 19:11:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\{e3274192-5079-4cf8-adbe-85fa2cf1f226}
[2011/07/30 13:17:00 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\[email protected]
[2011/06/28 09:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 12:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 10:52:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 15:49:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/23 10:07:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 10:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/28 09:47:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/04/09 09:41:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/27 09:35:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/27 14:47:00 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/26 16:27:39 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/10/06 16:02:30 | 000,000,851 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.208.77.54 hcurltest1
O1 - Hosts: 82.165.161.232 hcurltest2
O1 - Hosts: 255.255.255.255 hcurltest5
O1 - Hosts: 255.255.255.255 vnsjs1.1stworks.com
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [Dell V505 Fax Server] C:\Program Files\Dell V505\fm3032.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [dldwamon] C:\Program Files\Dell V505\dldwamon.exe ()
O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files\Dell V505\dldwmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [winsp2up.exe] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk = File not found
O4 - Startup: C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230402208544 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 03:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{45dd7884-d895-11de-92c5-0021851a66ea}\Shell - "" = AutoRun
O33 - MountPoints2\{45dd7884-d895-11de-92c5-0021851a66ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45dd7884-d895-11de-92c5-0021851a66ea}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 17:43:45 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/07/29 15:15:52 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/29 15:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/29 15:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/29 14:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\Malwarebytes
[2011/07/29 14:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/29 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/28 22:19:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/07/14 19:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\My Documents\UserTesting
[2010/08/02 13:44:56 | 000,785,920 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChat.ocx
[2010/08/02 13:44:55 | 004,515,328 | ---- | C] (WBI) -- C:\Program Files\SFServer.dll
[2010/08/02 13:44:55 | 000,103,424 | ---- | C] (Worden Bros) -- C:\Program Files\AutoLabelN.ocx
[2010/08/02 13:44:55 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB3.ocx
[2010/08/02 13:44:55 | 000,054,784 | ---- | C] (Dell Computer Corporation) -- C:\Program Files\WBScroll.ocx
[2010/08/02 13:44:55 | 000,019,968 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBSplit.ocx
[2010/08/02 13:44:55 | 000,015,872 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBHandle.ocx
[2010/08/02 13:44:54 | 000,102,912 | ---- | C] (Worden Bros) -- C:\Program Files\TC2000Dev.dll
[2010/08/02 13:44:54 | 000,095,232 | ---- | C] (WBI Inc.) -- C:\Program Files\WBChartH.ocx
[2010/08/02 13:44:54 | 000,092,672 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBIFileTransfer.dll
[2010/08/02 13:44:54 | 000,084,480 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBList.ocx
[2010/08/02 13:44:54 | 000,078,336 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolBar.ocx
[2010/08/02 13:44:54 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB.ocx
[2010/08/02 13:44:54 | 000,046,592 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChart.ocx
[2010/08/02 13:44:54 | 000,033,280 | ---- | C] (Worden Brothers, Inc.) -- C:\Program Files\UploadWP.exe
[2010/08/02 13:44:54 | 000,024,064 | ---- | C] (WBI) -- C:\Program Files\ZipUtil.exe
[2010/08/02 13:44:54 | 000,020,992 | ---- | C] (wbi) -- C:\Program Files\WBIMediaPlayer.dll
[2010/08/02 13:44:54 | 000,019,968 | ---- | C] (Worden Bros) -- C:\Program Files\TCWatchListReader.dll
[2010/08/02 13:44:54 | 000,013,312 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\RemProg.exe
[2010/08/02 13:44:51 | 005,168,128 | ---- | C] (Worden Brothers Inc.) -- C:\Program Files\TeleChart.exe
[2010/08/02 13:44:50 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\Program Files\Qpro32.dll
[2010/08/02 13:44:50 | 000,037,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Regsvr32.exe
[2009/09/09 19:56:50 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDWhcp.dll
[2009/09/09 19:56:49 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwusb1.dll
[2009/09/09 19:56:49 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwinpa.dll
[2009/09/09 19:56:49 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwiesc.dll
[2009/09/09 19:56:48 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwserv.dll
[2009/09/09 19:56:48 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwpmui.dll
[2009/09/09 19:56:48 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwlmpm.dll
[2009/09/09 19:56:47 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwhbn3.dll
[2009/09/09 19:56:47 | 000,328,944 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwih.exe
[2009/09/09 19:56:46 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcoms.exe
[2009/09/09 19:56:45 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomc.dll
[2009/09/09 19:56:45 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomm.dll
[2009/09/09 19:56:45 | 000,369,904 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcfg.exe
[2009/04/03 18:57:14 | 000,436,224 | ---- | C] (Irfan Skiljan) -- C:\Program Files\i_view32.exe
[2009/04/03 18:56:58 | 001,618,664 | ---- | C] (Connected Software, Inc.) -- C:\Program Files\ePreserver.exe
[2008/12/27 14:39:09 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfserv.dll
[2008/12/27 14:39:09 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfusb1.dll
[2008/12/27 14:39:09 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfpmui.dll
[2008/12/27 14:39:09 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhcp.dll
[2008/12/27 14:39:09 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfinpa.dll
[2008/12/27 14:39:09 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfiesc.dll
[2008/12/27 14:39:09 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfprox.dll
[2008/12/27 14:39:08 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomc.dll
[2008/12/27 14:39:08 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhbn3.dll
[2008/12/27 14:39:08 | 000,598,664 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcoms.exe
[2008/12/27 14:39:08 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldflmpm.dll
[2008/12/27 14:39:08 | 000,365,192 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcfg.exe
[2008/12/27 14:39:08 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomm.dll
[2008/12/27 14:39:08 | 000,320,136 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfih.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 17:43:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/08/01 08:50:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/01 08:46:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 08:46:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 09:12:01 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/31 09:12:01 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/30 12:21:46 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 12:21:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 15:15:52 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/29 15:09:32 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/29 14:55:52 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/28 22:52:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 21:45:04 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\60299f23
[2011/07/28 21:30:04 | 000,000,111 | ---- | M] () -- C:\WINDOWS\System32\1242009427
[2011/07/28 19:45:40 | 000,000,644 | -H-- | M] () -- C:\aaw7boot(4).cmd
[2011/07/28 19:45:40 | 000,000,644 | -H-- | M] () -- C:\aaw7boot(3).cmd
[2011/07/28 19:45:40 | 000,000,644 | -H-- | M] () -- C:\aaw7boot(2).cmd
[2011/07/27 11:07:52 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\g2mdlhlpx.exe
[2011/07/18 13:10:18 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Word 2007.lnk
[2011/07/08 15:17:42 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeleChart.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/29 15:09:32 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 19:45:43 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/07/28 19:45:39 | 000,000,644 | -H-- | C] () -- C:\aaw7boot(4).cmd
[2011/07/28 19:45:39 | 000,000,644 | -H-- | C] () -- C:\aaw7boot(3).cmd
[2011/07/28 19:45:39 | 000,000,644 | -H-- | C] () -- C:\aaw7boot(2).cmd
[2011/07/28 19:14:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\60299f23
[2011/07/28 19:11:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\System32\1242009427
[2011/07/26 14:23:04 | 000,012,068 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\My Documents\Jordan Solomon Resume.PDF
[2011/07/08 15:17:42 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeleChart.lnk
[2011/06/15 19:25:51 | 000,001,225 | ---- | C] () -- C:\Program Files\GoMeetNow.lnk
[2011/06/09 09:11:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/09 09:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/29 00:22:25 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 13:44:50 | 000,074,752 | ---- | C] () -- C:\Program Files\TCPatch.exe
[2010/08/02 13:44:50 | 000,006,783 | ---- | C] () -- C:\Program Files\Disclaim.rtf
[2010/08/02 13:44:50 | 000,002,518 | ---- | C] () -- C:\Program Files\DftL.def
[2009/09/24 21:43:11 | 000,000,809 | ---- | C] () -- C:\Program Files\STC Series 7.lnk
[2009/09/09 20:01:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldwvs.dll
[2009/09/09 20:01:25 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldwcoin.dll
[2009/09/09 20:00:31 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\dldwdrs.dll
[2009/09/09 20:00:31 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldwcaps.dll
[2009/09/09 20:00:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldwcnv4.dll
[2009/09/09 19:59:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDWPMON.DLL
[2009/09/09 19:59:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDWFXPU.DLL
[2009/09/09 19:59:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dldwoem.dll
[2009/09/09 19:57:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.dll
[2009/09/09 19:57:23 | 000,017,648 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.exe
[2009/09/09 19:56:50 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\DLDWinst.dll
[2009/09/09 19:56:49 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldwutil.dll
[2009/09/09 19:56:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldwinsb.dll
[2009/09/09 19:56:47 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldwins.dll
[2009/09/09 19:56:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\dldwjswr.dll
[2009/09/09 19:56:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldwinsr.dll
[2009/09/09 19:56:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldwgrd.dll
[2009/09/09 19:56:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldwcub.dll
[2009/09/09 19:56:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldwcu.dll
[2009/09/09 19:56:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldwcur.dll
[2009/09/09 19:56:45 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDWcfg.dll
[2009/08/28 18:29:26 | 000,005,772 | ---- | C] () -- C:\Program Files\AUDTEST.WAV
[2009/08/28 18:28:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/04/22 21:14:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/20 12:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/20 12:42:32 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/14 00:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/14 00:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/14 00:05:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/07 18:05:58 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/28 03:13:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/28 03:07:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/28 03:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 21:59:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/27 21:56:22 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 19:32:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/27 18:39:00 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2008/12/27 18:38:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008/12/27 16:35:12 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 16:08:57 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2008/12/27 16:08:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2008/12/27 14:41:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldfvs.dll
[2008/12/27 14:41:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfcoin.dll
[2008/12/27 14:41:06 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldfdrs.dll
[2008/12/27 14:41:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldfcnv4.dll
[2008/12/27 14:41:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldfcaps.dll
[2008/12/27 14:40:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMON.DLL
[2008/12/27 14:40:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDFFXPU.DLL
[2008/12/27 14:40:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldfoem.dll
[2008/12/27 14:40:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMRC.DLL
[2008/12/27 14:39:09 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\dldfutil.dll
[2008/12/27 14:39:09 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfinst.dll
[2008/12/27 14:39:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldfgrd.dll
[2008/12/27 14:39:08 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfinsb.dll
[2008/12/27 14:39:08 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfins.dll
[2008/12/27 14:39:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldfjswr.dll
[2008/12/27 14:39:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldfinsr.dll
[2008/12/27 14:39:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldfcub.dll
[2008/12/27 14:39:08 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldfcfg.dll
[2008/12/27 14:39:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldfcu.dll
[2008/12/27 14:39:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldfcur.dll
[2008/12/27 14:36:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/11 11:32:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2008/10/29 18:13:33 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/21 13:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 13:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2008/01/31 18:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/10/04 04:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 04:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 04:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 04:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 04:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 04:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 04:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 04:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 04:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,457,910 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,076,054 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/02/25 10:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1stWorks
[2008/12/27 14:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\948 Series
[2011/07/29 15:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/26 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/04/03 13:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/04/04 18:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/09 19:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505
[2009/09/09 19:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505 Series
[2008/12/27 14:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/27 15:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\948 Series
[2009/06/30 14:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Any Video Converter
[2010/08/02 14:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\BlocksDataDownloader
[2008/12/27 14:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Foxit
[2011/06/21 12:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\GoMeetNow
[2011/06/11 23:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\IrfanView
[2009/09/03 12:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Software Defender
[2008/12/27 14:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Thinstall
[2009/09/09 20:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\V505 Series
[2009/01/15 10:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Viewpoint
[2010/08/02 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Worden Brothers, Inc
[2011/08/01 08:50:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/29 14:55:52 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 05 August 2011 - 04:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello jss10 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC 04 18 35 58 DB 38 4E B6 C6 C6 B1 E5 55 11 59 [binary data]
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    [2011/07/28 19:11:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\{e3274192-5079-4cf8-adbe-85fa2cf1f226}
    O4 - HKCU..\Run: [winsp2up.exe] File not found
    O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
    [2011/07/28 19:45:40 | 000,000,644 | -H-- | M] () -- C:\aaw7boot(4).cmd
    [2011/07/28 19:45:40 | 000,000,644 | -H-- | M] () -- C:\aaw7boot(3).cmd
    [2011/07/28 19:45:40 | 000,000,644 | -H-- | M] () -- C:\aaw7boot(2).cmd
    [2011/07/28 19:14:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\60299f23
    [2011/07/28 19:11:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\System32\1242009427

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please update your Malwarebytes and do Quick Scan then post log here for me.

Step 3

Run OTL Run Scan one more time but make sure that All Users option is selected this time. Post OTL log after the scan

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • OTL scan log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
jss10
Posted 05 August 2011 - 10:18 PM

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi Maliprog. First of all, I'm pasting the fix log you requested below this message. However, next you say "Please update your Malwarebyes...". Unfortunately, I don't know what you mean here. Could you please explain? Once you do, hopefully I'll be able to go ahead with Steps 2,3, and 4. Thanks. Here's the fix log:

========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\{e3274192-5079-4cf8-adbe-85fa2cf1f226}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\{e3274192-5079-4cf8-adbe-85fa2cf1f226}\defaults folder moved successfully.
C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\{e3274192-5079-4cf8-adbe-85fa2cf1f226}\chrome folder moved successfully.
C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\{e3274192-5079-4cf8-adbe-85fa2cf1f226} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winsp2up.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ not found.
C:\aaw7boot(4).cmd moved successfully.
C:\aaw7boot(3).cmd moved successfully.
C:\aaw7boot(2).cmd moved successfully.
C:\WINDOWS\system32\60299f23 moved successfully.
C:\WINDOWS\system32\1242009427 moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jordan Solomon\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jordan Solomon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 08052011_234646
  • 0

#4
maliprog
Posted 05 August 2011 - 11:12 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please forgave me. I taught that you already have Malwarebytes installed on your system so I just wanted to update its malware database and do the scan. Here is how you will do it now:

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
jss10
Posted 06 August 2011 - 09:58 PM

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Okay, still a little bit confused. I clicked on the link you provided, but I didn't see anything about mbam-setup.exe . I did click on "Download Now" on the page that came up, and did download a program, but that program is called ARO 2011, which you never mentioned. Is this the same program? If not, what happened? Sorry about this. Thanks.

Edited by jss10, 06 August 2011 - 10:01 PM.

  • 0

#6
maliprog
Posted 06 August 2011 - 11:03 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I double checked my link and it's work for me. Don't start that application and delete it. I don't know what that is. Name of Malwareybtes installation should be mbam-setup-1.51.1.1800.exe for the latest version of this software.

Location 1
Location 2
Location 3
  • 0

#7
jss10
Posted 07 August 2011 - 11:10 AM

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Okay, that one worked -- I was able to find the right download link. I'll paste the report in a second, but first two quick questions:

1. When I the computer restarted, a message from Windows Security Center popped up notifying me that Automatic Updates has been turned off, and that my computer is more vulnerable as a result. What is that about, and should I try to turn it back on?

2. I did uninstall that ARO 2011 that I mentioned in my last post. Since I never actually used it, that shouldn't cause any problems, right?

Okay, here's the MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7401

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/7/2011 12:44:16 PM
mbam-log-2011-08-07 (12-44-16).txt

Scan type: Quick scan
Objects scanned: 164439
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsp2up.exe (Rogue.Agent) -> Value: winsp2up.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
maliprog
Posted 07 August 2011 - 12:13 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good. Please do OTL scan from Step 3 and post log.
  • 0

#9
jss10
Posted 07 August 2011 - 12:29 PM

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Oh yeah, okay. It's right below. Could you also please respond to the two questions in my last post? Thanks.

OTL logfile created on: 8/7/2011 2:24:03 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jordan Solomon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.24% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 54.30 Gb Free Space | 36.43% Space Free | Partition Type: NTFS

Computer Name: JORDAN-B44B7F29 | User Name: Jordan Solomon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 17:43:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/08 10:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/04/03 12:55:18 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 22:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/11/06 07:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 07:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/10/02 14:42:54 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2008/10/02 14:41:48 | 000,677,104 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1230403542\ee\aolsoftware.exe
PRC - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldwcoms.exe
PRC - [2007/08/10 14:33:28 | 000,455,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/07/03 10:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/06/26 03:56:06 | 000,598,664 | ---- | M] ( ) -- C:\WINDOWS\system32\dldfcoms.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/02 08:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 17:43:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
MOD - [2008/11/06 07:42:56 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\idleproc.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NetTcpPortSharing32)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 22:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/05/16 10:58:22 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldwcoms.exe -- (dldw_device)
SRV - [2007/06/26 03:56:08 | 000,098,952 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 03:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldfcoms.exe -- (dldf_device)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/08/04 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110806.002\navex15.sys -- (NAVEX15)
DRV - [2011/08/04 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110806.002\naveng.sys -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/01/14 03:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/27 14:38:23 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/11/18 19:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/13 13:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 13:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 13:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/09/20 07:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 07:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/11 05:23:22 | 004,614,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/07 03:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/05/31 03:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/01 21:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 15:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 15:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 15:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC 04 18 35 58 DB 38 4E B6 C6 C6 B1 E5 55 11 59 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC 04 18 35 58 DB 38 4E B6 C6 C6 B1 E5 55 11 59 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC 04 18 35 58 DB 38 4E B6 C6 C6 B1 E5 55 11 59 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC 04 18 35 58 DB 38 4E B6 C6 C6 B1 E5 55 11 59 [binary data]

IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.1.886.21021\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 09:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 09:05:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/04/03 13:01:26 | 000,000,000 | ---D | M]

[2009/01/02 18:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Extensions
[2011/07/28 19:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions
[2011/07/30 13:17:00 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions\[email protected]
[2011/06/28 09:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 12:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 10:52:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 15:49:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/23 10:07:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 10:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/28 09:47:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/04/09 09:41:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/27 09:35:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/27 14:47:00 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/26 16:27:39 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/05 23:46:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [Dell V505 Fax Server] C:\Program Files\Dell V505\fm3032.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [dldwamon] C:\Program Files\Dell V505\dldwamon.exe ()
O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files\Dell V505\dldwmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk = File not found
O4 - Startup: C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230402208544 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 03:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{45dd7884-d895-11de-92c5-0021851a66ea}\Shell - "" = AutoRun
O33 - MountPoints2\{45dd7884-d895-11de-92c5-0021851a66ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45dd7884-d895-11de-92c5-0021851a66ea}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 12:37:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/07 12:37:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/06 23:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\Sammsoft
[2011/08/05 23:46:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/03 20:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\GoMeetNow
[2011/08/01 17:43:45 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/07/29 15:15:52 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/29 15:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/29 15:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/29 14:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\Malwarebytes
[2011/07/29 14:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/29 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/28 22:19:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/07/14 19:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\My Documents\UserTesting
[2010/08/02 13:44:56 | 000,785,920 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChat.ocx
[2010/08/02 13:44:55 | 004,515,328 | ---- | C] (WBI) -- C:\Program Files\SFServer.dll
[2010/08/02 13:44:55 | 000,103,424 | ---- | C] (Worden Bros) -- C:\Program Files\AutoLabelN.ocx
[2010/08/02 13:44:55 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB3.ocx
[2010/08/02 13:44:55 | 000,054,784 | ---- | C] (Dell Computer Corporation) -- C:\Program Files\WBScroll.ocx
[2010/08/02 13:44:55 | 000,019,968 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBSplit.ocx
[2010/08/02 13:44:55 | 000,015,872 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBHandle.ocx
[2010/08/02 13:44:54 | 000,102,912 | ---- | C] (Worden Bros) -- C:\Program Files\TC2000Dev.dll
[2010/08/02 13:44:54 | 000,095,232 | ---- | C] (WBI Inc.) -- C:\Program Files\WBChartH.ocx
[2010/08/02 13:44:54 | 000,092,672 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBIFileTransfer.dll
[2010/08/02 13:44:54 | 000,084,480 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBList.ocx
[2010/08/02 13:44:54 | 000,078,336 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolBar.ocx
[2010/08/02 13:44:54 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB.ocx
[2010/08/02 13:44:54 | 000,046,592 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChart.ocx
[2010/08/02 13:44:54 | 000,033,280 | ---- | C] (Worden Brothers, Inc.) -- C:\Program Files\UploadWP.exe
[2010/08/02 13:44:54 | 000,024,064 | ---- | C] (WBI) -- C:\Program Files\ZipUtil.exe
[2010/08/02 13:44:54 | 000,020,992 | ---- | C] (wbi) -- C:\Program Files\WBIMediaPlayer.dll
[2010/08/02 13:44:54 | 000,019,968 | ---- | C] (Worden Bros) -- C:\Program Files\TCWatchListReader.dll
[2010/08/02 13:44:54 | 000,013,312 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\RemProg.exe
[2010/08/02 13:44:51 | 005,168,128 | ---- | C] (Worden Brothers Inc.) -- C:\Program Files\TeleChart.exe
[2010/08/02 13:44:50 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\Program Files\Qpro32.dll
[2010/08/02 13:44:50 | 000,037,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Regsvr32.exe
[2009/09/09 19:56:50 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDWhcp.dll
[2009/09/09 19:56:49 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwusb1.dll
[2009/09/09 19:56:49 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwinpa.dll
[2009/09/09 19:56:49 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwiesc.dll
[2009/09/09 19:56:48 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwserv.dll
[2009/09/09 19:56:48 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwpmui.dll
[2009/09/09 19:56:48 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwlmpm.dll
[2009/09/09 19:56:47 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwhbn3.dll
[2009/09/09 19:56:47 | 000,328,944 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwih.exe
[2009/09/09 19:56:46 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcoms.exe
[2009/09/09 19:56:45 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomc.dll
[2009/09/09 19:56:45 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomm.dll
[2009/09/09 19:56:45 | 000,369,904 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcfg.exe
[2009/04/03 18:57:14 | 000,436,224 | ---- | C] (Irfan Skiljan) -- C:\Program Files\i_view32.exe
[2009/04/03 18:56:58 | 001,618,664 | ---- | C] (Connected Software, Inc.) -- C:\Program Files\ePreserver.exe
[2008/12/27 14:39:09 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfserv.dll
[2008/12/27 14:39:09 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfusb1.dll
[2008/12/27 14:39:09 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfpmui.dll
[2008/12/27 14:39:09 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhcp.dll
[2008/12/27 14:39:09 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfinpa.dll
[2008/12/27 14:39:09 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfiesc.dll
[2008/12/27 14:39:09 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfprox.dll
[2008/12/27 14:39:08 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomc.dll
[2008/12/27 14:39:08 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhbn3.dll
[2008/12/27 14:39:08 | 000,598,664 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcoms.exe
[2008/12/27 14:39:08 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldflmpm.dll
[2008/12/27 14:39:08 | 000,365,192 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcfg.exe
[2008/12/27 14:39:08 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomm.dll
[2008/12/27 14:39:08 | 000,320,136 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfih.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 12:52:25 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/07 12:48:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/07 12:48:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 12:37:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/07 09:12:10 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/07 09:12:10 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/05 23:46:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/05 12:37:19 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Word 2007.lnk
[2011/08/04 08:51:19 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/08/01 17:43:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/07/30 12:21:46 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 12:21:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 15:15:52 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/29 15:09:32 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/29 14:55:52 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/28 22:52:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/27 11:07:52 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\g2mdlhlpx.exe
[2011/07/08 15:17:42 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeleChart.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 12:37:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 15:09:32 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 19:45:43 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/07/26 14:23:04 | 000,012,068 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\My Documents\Jordan Solomon Resume.PDF
[2011/07/08 15:17:42 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeleChart.lnk
[2011/06/15 19:25:51 | 000,001,225 | ---- | C] () -- C:\Program Files\GoMeetNow.lnk
[2011/06/09 09:11:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/09 09:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/29 00:22:25 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 13:44:50 | 000,074,752 | ---- | C] () -- C:\Program Files\TCPatch.exe
[2010/08/02 13:44:50 | 000,006,783 | ---- | C] () -- C:\Program Files\Disclaim.rtf
[2010/08/02 13:44:50 | 000,002,518 | ---- | C] () -- C:\Program Files\DftL.def
[2009/09/24 21:43:11 | 000,000,809 | ---- | C] () -- C:\Program Files\STC Series 7.lnk
[2009/09/09 20:01:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldwvs.dll
[2009/09/09 20:01:25 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldwcoin.dll
[2009/09/09 20:00:31 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\dldwdrs.dll
[2009/09/09 20:00:31 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldwcaps.dll
[2009/09/09 20:00:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldwcnv4.dll
[2009/09/09 19:59:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDWPMON.DLL
[2009/09/09 19:59:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDWFXPU.DLL
[2009/09/09 19:59:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dldwoem.dll
[2009/09/09 19:57:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.dll
[2009/09/09 19:57:23 | 000,017,648 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.exe
[2009/09/09 19:56:50 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\DLDWinst.dll
[2009/09/09 19:56:49 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldwutil.dll
[2009/09/09 19:56:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldwinsb.dll
[2009/09/09 19:56:47 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldwins.dll
[2009/09/09 19:56:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\dldwjswr.dll
[2009/09/09 19:56:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldwinsr.dll
[2009/09/09 19:56:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldwgrd.dll
[2009/09/09 19:56:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldwcub.dll
[2009/09/09 19:56:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldwcu.dll
[2009/09/09 19:56:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldwcur.dll
[2009/09/09 19:56:45 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDWcfg.dll
[2009/08/28 18:29:26 | 000,005,772 | ---- | C] () -- C:\Program Files\AUDTEST.WAV
[2009/08/28 18:28:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/04/22 21:14:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/20 12:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/20 12:42:32 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/14 00:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/14 00:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/14 00:05:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/07 18:05:58 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/28 03:13:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/28 03:07:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/28 03:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 21:59:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/27 21:56:22 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 19:32:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/27 18:39:00 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2008/12/27 18:38:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008/12/27 16:35:12 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 16:08:57 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2008/12/27 16:08:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2008/12/27 14:41:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldfvs.dll
[2008/12/27 14:41:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfcoin.dll
[2008/12/27 14:41:06 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldfdrs.dll
[2008/12/27 14:41:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldfcnv4.dll
[2008/12/27 14:41:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldfcaps.dll
[2008/12/27 14:40:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMON.DLL
[2008/12/27 14:40:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDFFXPU.DLL
[2008/12/27 14:40:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldfoem.dll
[2008/12/27 14:40:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMRC.DLL
[2008/12/27 14:39:09 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\dldfutil.dll
[2008/12/27 14:39:09 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfinst.dll
[2008/12/27 14:39:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldfgrd.dll
[2008/12/27 14:39:08 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfinsb.dll
[2008/12/27 14:39:08 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfins.dll
[2008/12/27 14:39:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldfjswr.dll
[2008/12/27 14:39:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldfinsr.dll
[2008/12/27 14:39:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldfcub.dll
[2008/12/27 14:39:08 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldfcfg.dll
[2008/12/27 14:39:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldfcu.dll
[2008/12/27 14:39:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldfcur.dll
[2008/12/27 14:36:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/11 11:32:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2008/10/29 18:13:33 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/21 13:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 13:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2008/01/31 18:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/10/04 04:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 04:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 04:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 04:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 04:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 04:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 04:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 04:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 04:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,457,910 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,076,054 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#10
maliprog
Posted 07 August 2011 - 12:54 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I sure can...

1. When I the computer restarted, a message from Windows Security Center popped up notifying me that Automatic Updates has been turned off, and that my computer is more vulnerable as a result. What is that about, and should I try to turn it back on?


Yes please try to turn them on. Some rogue antivirus can turn it off and disable them.

2. I did uninstall that ARO 2011 that I mentioned in my last post. Since I never actually used it, that shouldn't cause any problems, right?


I check that software and it shouldn't do any problems to us. You did good thing uninstalling it.
  • 0

Advertisements

#11
jss10
Posted 07 August 2011 - 02:06 PM

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Okay, now we have a little problem. I clicked on "Turn on Automatic Updates," but I got a message saying

"We're sorry. The Security Center could not change your Automatic Updates settings. To try changing these settings yourself, go to System in Control Panel. On the Automatic Updates tab, select Automatic (recommended), and then click OK."

I did so, and although I was able to change it (that is, now "Automatic" is checked), I still get that warning message, and when click on the little Windows Security Alerts icon in my Taskbar, Automatic Updates is still listed as "Off." Obviously, this worries me, as I would think it makes me more vulnerable to future attack. What should I do now? Thanks again.

Edited by jss10, 07 August 2011 - 02:07 PM.

  • 0

#12
maliprog
Posted 07 August 2011 - 11:54 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jss10,

After these two steps your updates should work again.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\AutoRun\command - "" = Autorun.exe /run
    O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell00\Command - "" = Autorun.exe /run
    O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell01\Command - "" = Autorun.exe /action
    O33 - MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\Shell\Shell02\Command - "" = Autorun.exe /uninstall

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Microsoft FixIt from Here and run it in order to fix Windows Updates.

Step 3


Please don't forget to include these items in your reply:

  • OTL fix log
It would be helpful if you could post each log in separate post
  • 0

#13
jss10
Posted 08 August 2011 - 09:54 AM

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi. The OTL fix log is pasted below. As for the FixIt, whenever I try to run it, I get a message stating "Windows cannot open this file..." and then asking me to choose a program to open it with. Obviously, I have no idea which program could open this type of file. Please let me know what to do about this. Thanks.

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6091ed7-d450-11dd-9323-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6091ed7-d450-11dd-9323-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6091ed7-d450-11dd-9323-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6091ed7-d450-11dd-9323-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6091ed7-d450-11dd-9323-00038a000015}\ not found.
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jordan Solomon\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jordan Solomon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1710518 bytes
->FireFox cache emptied: 11799539 bytes
->Flash cache emptied: 456 bytes

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jordan Solomon
->Temp folder emptied: 18781477 bytes
->Temporary Internet Files folder emptied: 42698533 bytes
->Java cache emptied: 81179 bytes
->FireFox cache emptied: 53612411 bytes
->Google Chrome cache emptied: 58300425 bytes
->Flash cache emptied: 22401 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10663180 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 26149207 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132767 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 33549 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 214.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User

User: Jordan Solomon
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_114215

Files\Folders moved on Reboot...
C:\Documents and Settings\Jordan Solomon\Local Settings\Temporary Internet Files\Content.IE5\RCK9MSWZ\CAKLYTTM.php moved successfully.
C:\Documents and Settings\Jordan Solomon\Local Settings\Temporary Internet Files\Content.IE5\E4ULZDSO\xd_proxy[1].php moved successfully.

Registry entries deleted on Reboot...
  • 0

#14
maliprog
Posted 08 August 2011 - 01:23 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's try this. Download

Attached File  repairupdates.zip   347bytes   106 downloads

to your Desktop. UnZip it on your desktop and run repairupdates.bat by double click on it. Wait until program finish and it will close itself. Try to start updates now.

NOTE: Sometimes it is necessary to disable and then enable update in Control Panel to finish repair them.
  • 0

#15
jss10
Posted 08 August 2011 - 02:15 PM

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
It worked -- thanks!

Now that that's out of the way, we can get back to dealing with the malware removal. From what you can tell from my logs, I'm not "clean" yet, am I?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP