Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect when clicking links on google search.

Started by Nirelep21 , Aug 16 2011 02:28 PM

  • This topic is locked This topic is locked

#16
SweetTech
Posted 22 August 2011 - 01:11 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please post the SecurityCheck log when you get a chance.
  • 0

Advertisements

#17
Nirelep21
Posted 22 August 2011 - 02:19 PM

Nirelep21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
  • 0

#18
SweetTech
Posted 22 August 2011 - 02:48 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\Documents and Settings\Mr. Anderson\Application Data\dwm.exe.vir a variant of Win32/Kryptik.RND trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Mr. Anderson\Application Data\Microsoft\conhost.exe.vir a variant of Win32/Kryptik.RWA trojan
C:\System Volume Information\_restore{441A1E49-1FF7-427B-9B63-2B5D7B1D5593}\RP682\A0059592.exe a variant of Win32/Kryptik.RLK trojan
C:\System Volume Information\_restore{441A1E49-1FF7-427B-9B63-2B5D7B1D5593}\RP683\A0059652.exe a variant of Win32/Kryptik.RLK trojan
C:\System Volume Information\_restore{441A1E49-1FF7-427B-9B63-2B5D7B1D5593}\RP683\A0059653.exe a variant of Win32/Kryptik.RLK trojan
C:\System Volume Information\_restore{441A1E49-1FF7-427B-9B63-2B5D7B1D5593}\RP685\A0060630.exe a variant of Win32/Kryptik.RND trojan
C:\System Volume Information\_restore{441A1E49-1FF7-427B-9B63-2B5D7B1D5593}\RP686\A0062926.exe a variant of Win32/Kryptik.RSU trojan
C:\System Volume Information\_restore{441A1E49-1FF7-427B-9B63-2B5D7B1D5593}\RP686\A0062939.exe a variant of Win32/Kryptik.RND trojan


These threat(s) below will be removed very shortly:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo3.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\25\591ffc59-7b2b4cdc a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\41\59e56f69-2213f257 probably a variant of Win32/Agent.FQRCZBA trojan
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\56\473ab678-5c7f266e a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\6\344bf2c6-45e234aa multiple threats
C:\Documents and Settings\Mr. Anderson\My Documents\Downloads\avi2video_install.exe Win32/Adware.MarketScore.A application
C:\Program Files\Craagle\Craagle.exe Win32/Adware.Craagle application


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo3.zip
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\25\591ffc59-7b2b4cdc
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\41\59e56f69-2213f257
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\56\473ab678-5c7f266e
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\6\344bf2c6-45e234aa
C:\Documents and Settings\Mr. Anderson\My Documents\Downloads\avi2video_install.exe
C:\Program Files\Craagle\Craagle.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
  • 0

#19
Nirelep21
Posted 23 August 2011 - 08:57 AM

Nirelep21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo3.zip moved successfully.
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\25\591ffc59-7b2b4cdc moved successfully.
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\41\59e56f69-2213f257 moved successfully.
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\56\473ab678-5c7f266e moved successfully.
C:\Documents and Settings\Mr. Anderson\Application Data\Sun\Java\Deployment\cache\6.0\6\344bf2c6-45e234aa moved successfully.
C:\Documents and Settings\Mr. Anderson\My Documents\Downloads\avi2video_install.exe moved successfully.
C:\Program Files\Craagle\Craagle.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Mr. Anderson\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mr. Anderson\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mr. Anderson
->Temp folder emptied: 3751269 bytes
->Temporary Internet Files folder emptied: 2423387 bytes
->Java cache emptied: 87162934 bytes
->FireFox cache emptied: 312215607 bytes
->Google Chrome cache emptied: 25735523 bytes
->Flash cache emptied: 1136673 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 176542 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 415.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mr. Anderson
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.4 log created on 08232011_075245

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_674.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#20
SweetTech
Posted 23 August 2011 - 09:03 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#21
Nirelep21
Posted 23 August 2011 - 09:11 AM

Nirelep21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 8/23/2011 8:08:20 AM - Run 3
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Mr. Anderson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.89% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 267.67 Gb Free Space | 57.47% Space Free | Partition Type: NTFS

Computer Name: MATRIX | User Name: Mr. Anderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 12:45:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Anderson\Desktop\OTL.exe
PRC - [2011/06/07 12:11:46 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/03/03 21:03:22 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/16 20:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 23:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/03 17:23:08 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/02 23:57:15 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_020306b0\mscorlib.dll
MOD - [2010/11/02 23:57:12 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_5c5c9c62\system.drawing.dll
MOD - [2010/11/02 23:57:09 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6059e70f\system.xml.dll
MOD - [2010/11/02 23:56:55 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7a032c98\system.windows.forms.dll
MOD - [2010/11/02 23:56:32 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_54776478\system.dll
MOD - [2010/11/02 23:56:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/10/12 15:06:20 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/10/12 15:06:20 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/10/12 15:06:20 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/01/20 14:10:21 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/01/20 14:10:18 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010/01/20 14:10:18 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010/01/20 14:10:17 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010/01/20 14:10:16 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/01/20 14:10:16 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010/01/20 14:10:16 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/01/20 14:10:16 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2010/01/20 14:10:16 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010/01/20 14:10:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010/01/20 14:10:16 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010/01/20 14:10:16 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010/01/20 14:10:16 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010/01/20 14:10:16 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/01/20 14:10:15 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010/01/20 14:10:15 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/01/20 14:10:15 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010/01/20 14:10:15 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/01/20 14:10:15 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010/01/20 14:10:14 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010/01/20 14:10:14 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010/01/20 14:10:14 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010/01/20 14:10:14 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/01/20 14:10:14 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/01/20 14:10:14 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/01/20 14:10:14 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/01/20 14:10:14 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010/01/20 14:10:14 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010/01/20 14:10:14 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/01/20 14:10:14 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/01/20 14:10:14 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/01/20 14:09:22 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2005/10/20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005/10/05 11:26:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Ralinktek.dll
MOD - [2005/03/21 16:36:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll
MOD - [2002/04/24 01:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - [2011/08/03 17:23:08 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/19 17:26:06 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 07:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/17 07:48:19 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/19 02:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/03/05 02:27:34 | 000,026,656 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PLCND532.sys -- (PLCND532)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/12 15:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=BBSR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/07/03 16:44:48 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/06/07 12:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/10 21:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/10 21:32:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 13:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 13:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/08/20 08:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins [2011/08/23 07:47:29 | 000,000,000 | ---D | M]

[2009/09/15 11:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\Extensions
[2011/08/18 09:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\Firefox\Profiles\g0zplb0z.default\extensions
[2010/11/03 21:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\Firefox\Profiles\g0zplb0z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/02 19:25:43 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\Firefox\Profiles\g0zplb0z.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010/08/31 16:39:51 | 000,000,000 | ---D | M] (Charter Update) -- C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\Firefox\Profiles\g0zplb0z.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2011/05/24 10:58:36 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Mr. Anderson\Application Data\Mozilla\Firefox\Profiles\g0zplb0z.default\extensions\[email protected]
[2011/03/01 19:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/28 20:07:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MR. ANDERSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0ZPLB0Z.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MR. ANDERSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0ZPLB0Z.DEFAULT\EXTENSIONS\[email protected]
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/23 07:52:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253038958000 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O24 - Desktop WallPaper: C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/15 01:17:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 08:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Sun
[2011/08/23 07:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/23 07:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/22 09:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/22 09:24:43 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Mr. Anderson\Desktop\esetsmartinstaller_enu.exe
[2011/08/22 09:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Application Data\Malwarebytes
[2011/08/22 09:16:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/22 09:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/22 09:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/22 09:15:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/22 09:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/22 09:15:14 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mr. Anderson\Desktop\mbam-setup.exe
[2011/08/22 08:53:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/18 08:55:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/18 08:54:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/18 08:54:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/18 08:54:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/18 08:54:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/18 08:54:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/18 08:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/18 08:54:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mr. Anderson\Start Menu\Programs\Administrative Tools
[2011/08/18 08:53:37 | 004,181,210 | R--- | C] (Swearware) -- C:\Documents and Settings\Mr. Anderson\Desktop\ComboFix.exe
[2011/08/17 13:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/17 13:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/16 12:58:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller
[2011/08/16 12:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Desktop\GooredFix Backups
[2011/08/16 12:53:40 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/16 12:53:12 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr. Anderson\Desktop\OTM.exe
[2011/08/16 12:48:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/16 12:46:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr. Anderson\Desktop\OTL.exe
[2011/08/11 00:29:23 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/11 00:29:23 | 000,056,400 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/08 12:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\CutePDF Writer
[2011/08/08 12:11:24 | 000,000,000 | ---D | C] -- C:\BusinessScans
[2011/08/08 11:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/08/08 11:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/08/07 08:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Matteo Rossi
[2011/08/07 08:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\iCopy
[2011/08/07 08:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\iCopy
[2011/08/07 08:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Start Menu\Programs\iCopy
[2011/08/07 08:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/08/07 08:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/08/07 08:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/07/26 13:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\Desktop\RTPR PDFS
[2011/07/26 13:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr. Anderson\riotsGamesLogs

========== Files - Modified Within 30 Days ==========

[2011/08/23 07:55:19 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/23 07:55:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/23 07:55:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/23 07:52:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/22 23:22:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-706699826-725345543-1003UA.job
[2011/08/22 23:17:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 18:22:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-706699826-725345543-1003Core.job
[2011/08/22 09:26:53 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Mr. Anderson\Desktop\SecurityCheck.exe
[2011/08/22 09:24:50 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Mr. Anderson\Desktop\esetsmartinstaller_enu.exe
[2011/08/22 09:16:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 09:14:57 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mr. Anderson\Desktop\mbam-setup.exe
[2011/08/22 08:53:01 | 004,181,210 | R--- | M] (Swearware) -- C:\Documents and Settings\Mr. Anderson\Desktop\ComboFix.exe
[2011/08/18 08:55:59 | 000,000,359 | RHS- | M] () -- C:\boot.ini
[2011/08/18 08:55:13 | 000,028,153 | ---- | M] () -- C:\Documents and Settings\Mr. Anderson\Application Data\C35A.177
[2011/08/17 12:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/16 15:05:12 | 140,550,608 | ---- | M] () -- C:\registrybackup.reg
[2011/08/16 12:52:47 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Anderson\Desktop\OTM.exe
[2011/08/16 12:45:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Anderson\Desktop\OTL.exe
[2011/08/11 08:33:16 | 000,000,243 | ---- | M] () -- C:\Boot.bak
[2011/08/11 00:29:23 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/11 00:29:23 | 000,056,400 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/10 22:54:51 | 000,000,131 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/10 17:59:56 | 000,092,636 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/08 12:19:42 | 009,570,147 | ---- | M] () -- C:\Documents and Settings\Mr. Anderson\My Documents\Application.pdf
[2011/08/08 11:28:10 | 000,117,153 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2011/08/08 11:27:17 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2011/08/08 11:26:39 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2011/08/08 11:26:39 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2011/08/08 11:26:02 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/08 11:25:52 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
[2011/08/08 11:25:42 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/08/07 08:07:47 | 000,110,060 | ---- | M] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/08/03 16:30:52 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/03 16:30:52 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/03 16:30:48 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/24 23:05:13 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/08/22 09:26:53 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Mr. Anderson\Desktop\SecurityCheck.exe
[2011/08/22 09:16:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/18 08:55:59 | 000,000,243 | ---- | C] () -- C:\Boot.bak
[2011/08/18 08:55:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/18 08:54:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/18 08:54:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/18 08:54:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/18 08:54:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/18 08:54:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/17 14:09:01 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mr. Anderson\Desktop\gmer.exe
[2011/08/16 15:04:47 | 140,550,608 | ---- | C] () -- C:\registrybackup.reg
[2011/08/10 22:54:51 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/10 18:36:47 | 000,028,153 | ---- | C] () -- C:\Documents and Settings\Mr. Anderson\Application Data\C35A.177
[2011/08/08 12:19:43 | 009,570,147 | ---- | C] () -- C:\Documents and Settings\Mr. Anderson\My Documents\Application.pdf
[2011/08/08 11:27:17 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2011/08/08 11:26:39 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2011/08/08 11:26:39 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2011/08/08 11:26:02 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/08 11:25:52 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
[2011/08/08 11:25:42 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/08/07 08:32:36 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/07 08:07:46 | 000,110,060 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/08/07 08:07:46 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/06/10 22:49:41 | 000,033,021 | ---- | C] () -- C:\WINDOWS\System32\CoreVorbis-uninstall.exe
[2011/03/25 00:34:49 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/25 00:34:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/25 00:34:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/25 00:34:38 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/02 00:40:49 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/31 04:42:31 | 000,241,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/24 22:21:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/12/05 13:25:23 | 000,000,062 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2010/11/13 12:36:19 | 000,117,153 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/11/13 12:35:53 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/10/11 16:36:35 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/05/19 17:24:00 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/30 15:39:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/27 17:47:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/02/27 17:46:41 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/02/27 10:06:26 | 000,000,247 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2010/02/05 11:43:10 | 000,092,636 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/20 14:16:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\fusioncache.dat
[2010/01/20 14:07:18 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/01/20 14:03:40 | 000,000,685 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/01/20 14:01:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/12/24 17:30:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/24 14:01:15 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/08 14:55:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI
[2009/11/18 19:44:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/22 01:47:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/22 01:46:40 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 13:52:24 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/09/15 11:07:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/15 11:02:39 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/09/15 01:18:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/15 01:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/14 16:20:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/14 16:19:53 | 000,423,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/05 02:27:42 | 000,001,181 | ---- | C] () -- C:\WINDOWS\System32\PLCLIB32.INI
[2008/03/05 02:27:42 | 000,001,181 | ---- | C] () -- C:\WINDOWS\System32\drivers\PLCLIB32.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,464,632 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,078,900 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/03 14:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2010/08/11 12:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/10/12 17:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AzigoGUID
[2011/06/14 11:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/12/28 10:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/10/30 23:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/01/20 14:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/08/22 12:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/01/20 14:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/05/03 15:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/06/07 12:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/07/24 15:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/05 10:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/03 01:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/06 08:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Amazon
[2010/04/03 14:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Armagetron
[2011/07/11 23:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Avery
[2011/06/14 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Big Fish Games
[2010/06/26 19:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Cakewalk
[2010/04/04 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\CrystalApp
[2009/09/24 15:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\CrystalSpace
[2011/06/10 21:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\DDMSettings
[2010/10/12 17:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Dev-Cpp
[2010/08/24 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\ElevatedDiagnostics
[2009/09/15 15:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\GarageGames
[2011/01/05 16:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\GetRightToGo
[2011/07/14 16:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\gtk-2.0
[2010/12/05 13:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\inkscape
[2010/10/19 18:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\iolo
[2011/07/06 12:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\jah
[2009/12/24 14:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Leadertech
[2010/06/14 19:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\LolClient
[2010/08/22 12:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\NCH Swift Sound
[2010/12/24 22:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\onverse
[2010/04/06 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\PlaneShift
[2011/03/16 23:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Tremulous
[2010/08/22 22:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\WinBatch
[2009/09/15 11:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Windows Desktop Search
[2009/09/15 13:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr. Anderson\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /HideShortcuts [2011/08/20 08:21:57 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /ShowShortcuts [2011/08/20 08:21:57 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/20 08:21:57 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe [2011/08/20 08:22:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe" -preferences [2011/08/20 08:22:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe" -safe-mode [2011/08/20 08:22:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Mr. Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/11/03 05:26:18 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/11/03 05:26:18 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/11/03 05:26:18 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-25 20:38:08

========== Alternate Data Streams ==========

@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D40D6F
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:359B3BDA
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7DEC6B7

< End of report >
  • 0

#22
Nirelep21
Posted 23 August 2011 - 09:13 AM

Nirelep21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No redirecting. No sluggishness. Normal operational feel.
  • 0

#23
SweetTech
Posted 23 August 2011 - 09:29 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#24
Nirelep21
Posted 23 August 2011 - 10:08 PM

Nirelep21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you so much for your help. It was very easy to follow your instructions and they were right on! Great work!
  • 0

#25
SweetTech
Posted 24 August 2011 - 02:05 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP