Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have the Svchost.exe trojan and SuperAntiSpyware gets rid of it, but

Started by Dom Fontana , Sep 18 2011 09:45 AM

  • This topic is locked This topic is locked

#16
Dom Fontana
Posted 23 September 2011 - 10:09 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
I always write back to you right away just so you know I am here and following your instructions. hahaha

Also, I don't have Malwarebytes Anti-Malware installed. Actually, I like that program much better than SuperAntiSpyware, but it kept hanging during a scan and said Not Responding, so I uninstalled it. I just downloaded it again, will install it, update it, and try what you said in Step 2.

1) New ComboFix log:

ComboFix 11-09-23.03 - Dominick J. Fontana 09/23/2011 11:26:49.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3518.2558 [GMT -4:00]
Running from: c:\users\Dominick J. Fontana\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Dominick J. Fontana\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\HOSTNAMEE.EXE"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\HOSTNAMEE.EXE
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 15:34 . 2011-09-23 15:34 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Local\temp
2011-09-23 15:34 . 2011-09-23 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-23 12:20 . 2011-09-23 12:20 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\MpKsl20750f32.sys
2011-09-23 12:20 . 2011-09-23 14:51 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\offreg.dll
2011-09-23 12:20 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\mpengine.dll
2011-09-21 10:01 . 2011-09-21 10:01 -------- d-----w- c:\windows\system32\3056
2011-09-20 14:40 . 2011-09-21 07:23 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\SMIGames
2011-09-20 11:22 . 2011-09-20 11:22 -------- d-----w- c:\windows\Wedding Dash - Ready Aim Love
2011-09-17 13:47 . 2011-09-17 13:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-16 12:46 . 2011-09-16 12:46 -------- d-----w- c:\windows\Wedding Dash 2 - Rings Around the World
2011-09-15 03:06 . 2011-09-15 03:06 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Local\Apple Computer
2011-09-14 10:01 . 2011-09-21 10:01 -------- d-----w- c:\windows\system32\1037
2011-09-09 03:04 . 2011-08-21 14:56 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-09 03:04 . 2011-08-21 14:56 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A6BFBB9-813D-48E7-B879-4FD452F10648}\gapaengine.dll
2011-09-07 11:57 . 2011-09-14 10:01 -------- d-----w- c:\windows\system32\1032
2011-09-04 09:40 . 2011-09-04 09:40 -------- d-----w- C:\_OTL
2011-09-04 08:20 . 2011-09-04 08:20 218624 ----a-w- c:\windows\system32\itnetw32.dll
2011-09-04 08:13 . 2011-09-04 08:18 -------- d-----w- c:\windows\system32\Adobe
2011-09-04 03:50 . 2011-09-04 03:50 -------- d-----w- c:\programdata\casualArts
2011-09-04 03:50 . 2011-09-04 03:50 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\casualArts
2011-09-02 16:57 . 2011-09-02 16:57 -------- d-----w- c:\windows\Time Mysteries - Inheritance [UPDATED]
2011-09-01 12:04 . 2011-09-01 12:04 -------- d-----w- c:\programdata\Fenomen Games
2011-08-28 02:53 . 2011-08-28 02:53 -------- d-----w- c:\program files\Common Files\Java
2011-08-28 02:45 . 2011-08-28 02:45 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-08-28 02:42 . 2011-08-28 02:43 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-27 11:45 . 2011-08-27 11:45 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
2011-08-27 11:45 . 2011-08-27 11:45 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 09:39 . 2011-08-27 11:35 -------- d-----w- c:\programdata\Avira
2011-08-27 09:36 . 2011-08-27 09:36 -------- d-----w- c:\programdata\HitPoint Studios
2011-08-26 18:01 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-26 15:50 . 2011-08-26 17:06 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 10:54 . 2011-08-26 10:56 -------- d-----w- c:\users\Dominick J. Fontana\FrostWire
2011-08-26 10:54 . 2011-08-26 17:55 -------- d-----w- c:\users\Dominick J. Fontana\.frostwire5
2011-08-25 12:38 . 2011-08-25 12:38 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Casual Box
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-08-23 03:02 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-28 02:51 . 2011-07-27 18:40 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-13 09:04 . 2011-07-28 11:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-08-20 14:46 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63C79D10-5DD5-4117-8748-03DDAE88A67C}\mpengine.dll
2011-08-08 12:13 . 2011-08-08 12:13 1152 ----a-w- c:\windows\system32\windrv.sys
2011-08-07 11:31 . 2011-08-07 11:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-05 10:53 . 2011-08-05 10:53 53248 ----a-r- c:\users\Dominick J. Fontana\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-05 10:53 . 2011-08-05 10:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-29 12:06 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-28 14:39 . 2011-01-28 10:22 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-22 04:54 . 2011-08-11 11:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-11 11:56 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30 . 2011-08-11 11:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50476A70-23CE-61D4-4AF9-651A3FB40F04}]
2009-07-14 01:16 65536 ----a-w- c:\windows\System32\PeerrDistSvc.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-28 606208]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"MaxMenuMgr"="d:\programs\Seagate Manager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"PWRISOVM.EXE"="d:\programs\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 MpKsl23cd48fb;MpKsl23cd48fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72E28A9E-6343-4440-B439-422225D6EA56}\MpKsl23cd48fb.sys [x]
R1 MpKsl517f41c0;MpKsl517f41c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC6ED00-9463-4D1F-87AE-AE651E11511A}\MpKsl517f41c0.sys [x]
R1 MpKsl5e4611be;MpKsl5e4611be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CC8828D-A330-4811-9A82-6370EA2F4CE2}\MpKsl5e4611be.sys [x]
R1 MpKsl83591d93;MpKsl83591d93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F70CE2-8CE0-48C8-9CC4-D6F46CED286D}\MpKsl83591d93.sys [x]
R1 MpKsla4b22a4c;MpKsla4b22a4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58FDFEF4-7EB3-409A-803E-B887376A351E}\MpKsla4b22a4c.sys [x]
R1 MpKslce25963e;MpKslce25963e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{868ABC79-1C45-4A1C-B7F2-4D24DDC12343}\MpKslce25963e.sys [x]
R1 MpKsldd8a1e0f;MpKsldd8a1e0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EDAEF55-24F3-4C5A-9D9C-771A6334EC82}\MpKsldd8a1e0f.sys [x]
R1 MpKslf01c5627;MpKslf01c5627;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8652A4-05FF-44A8-957F-D3C6D9341628}\MpKslf01c5627.sys [x]
R1 MpKslf3843a20;MpKslf3843a20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8652A4-05FF-44A8-957F-D3C6D9341628}\MpKslf3843a20.sys [x]
R1 shlfwoov;shlfwoov;c:\windows\system32\drivers\shlfwoov.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-26 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-26 3072]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-09-17 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-29 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 218688]
S1 MpKsl20750f32;MpKsl20750f32;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\MpKsl20750f32.sys [2011-09-23 28752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;d:\programs\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 FreeAgentGoNext Service;Seagate Service;d:\programs\Seagate Manager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesService32.exe [2011-05-20 1523008]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesDriver32.sys [2011-04-26 10064]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
itnetsvc REG_MULTI_SZ itlperf
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc28.mail.yahoo.com/mc/welcome?&.rand=331798557#_pg=showFolder;_ylc=X3oDMTBvamJjMmxoBF9TAzM5ODMwMTAyNwRhYwNtdkZsZE1zZw--&mid=1_26962_AL5TimIAARbYTloXXAZm2EMo8qU&fid=Inbox&sort=date&order=up&startMid=10&filterBy=&.rand=379203569&hash=dcc56b0d2767d37a65bbc2d24656cab1&.jsrand=5992681
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110828
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110828&q=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - d:\programs\Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\86609300]
"imagepath"="\??\c:\windows\TEMP\3370.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\967f5800]
"imagepath"="\??\c:\windows\TEMP\15A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-23 11:35:37
ComboFix-quarantined-files.txt 2011-09-23 15:35
ComboFix2.txt 2011-09-23 14:54
.
Pre-Run: 12,572,811,264 bytes free
Post-Run: 12,271,206,400 bytes free
.
- - End Of File - - 3DCB621BDC3828730BB4B2DE49F59F87


2) MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7781

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/23/2011 11:55:05 AM
mbam-log-2011-09-23 (11-55-05).txt

Scan type: Quick scan
Objects scanned: 166884
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


3) Fresh OTL scan log

OTL logfile created on: 9/23/2011 12:04:09 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Dominick J. Fontana\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 65.45% Memory free
13.74 Gb Paging File | 12.59 Gb Available in Paging File | 91.61% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 11.48 Gb Free Space | 25.39% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 32.83 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 53.56 Gb Free Space | 30.31% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/04 05:31:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
PRC - [2011/06/23 19:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 03:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/20 14:00:34 | 000,671,552 | ---- | M] (TuneUp Software) -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesApp32.exe
PRC - [2011/05/20 13:58:28 | 001,523,008 | ---- | M] (TuneUp Software) -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesService32.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- D:\Programs\Seagate Manager\Sync\FreeAgentService.exe
PRC - [2009/09/16 21:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/23 19:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/07/29 07:28:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/20 13:58:28 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/20 13:55:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- D:\Programs\Seagate Manager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/23 08:20:46 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\MpKsl20750f32.sys -- (MpKsl20750f32)
DRV - [2011/07/28 10:39:24 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/30 08:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/26 15:30:20 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/22 14:32:20 | 000,042,552 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2009/02/25 20:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 20:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/08/12 22:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc28.mail.....jsrand=5992681
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 35 21 12 73 4C CC 01 [binary data]
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20110828"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {766fca73-0742-b02b-8971-c78fe158c4ba}:4.6.7.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1390
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20110828&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/08/19 09:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/07/28 09:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/09/16 08:23:48 | 000,000,000 | ---D | M]

[2011/07/28 09:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions
[2011/08/27 06:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\extensions
[2011/08/27 06:52:24 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/28 09:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/27 06:52:20 | 000,001,945 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\searchplugins\bing-zugo.xml
[2011/07/28 09:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 09:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/07 06:14:34 | 000,000,000 | ---D | M] (No name found) -- D:\PROGRAMS\AVG10\FIREFOX
[2011/07/28 09:44:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{766FCA73-0742-B02B-8971-C78FE158C4BA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/08 12:05:24 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/09/23 11:34:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {50476A70-23CE-61D4-4AF9-651A3FB40F04} - C:\Windows\System32\PeerrDistSvc.dll (VMware, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] D:\Programs\Seagate Manager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Windows Mobile Device Center] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programs\Malwarebytes Anti-Malware Free\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16967369-DB80-4671-8F51-D460B287BA48}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 09:38:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 08:05:20 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 09:54:29 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 12:01:52 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
[2011/09/23 11:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/23 11:47:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/23 11:35:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/23 11:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/23 11:35:38 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Local\temp
[2011/09/23 10:43:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/23 10:43:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/23 10:43:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/23 10:43:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/23 10:43:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/23 10:39:36 | 004,225,780 | R--- | C] (Swearware) -- C:\Users\Dominick J. Fontana\Desktop\Combo-Fix.exe
[2011/09/23 10:10:00 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dominick J. Fontana\Desktop\TDSSKiller.exe
[2011/09/21 06:01:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\3056
[2011/09/20 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SMIGames
[2011/09/20 07:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wedding Dash - Ready Aim Love
[2011/09/20 07:22:08 | 000,000,000 | ---D | C] -- C:\Windows\Wedding Dash - Ready Aim Love
[2011/09/16 08:46:32 | 000,000,000 | ---D | C] -- C:\Windows\Wedding Dash 2 - Rings Around the World
[2011/09/14 23:06:43 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Local\Apple Computer
[2011/09/14 06:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\1037
[2011/09/13 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Dash
[2011/09/07 07:57:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\1032
[2011/09/07 06:37:26 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Documents\Green Gamer
[2011/09/04 05:40:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 04:20:03 | 000,218,624 | ---- | C] (Intel Corporation ) -- C:\Windows\System32\itnetw32.dll
[2011/09/04 04:13:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/09/03 23:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2011/09/03 23:50:42 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\casualArts
[2011/09/02 12:57:39 | 000,000,000 | ---D | C] -- C:\Windows\Time Mysteries - Inheritance [UPDATED]
[2011/09/01 08:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fenomen Games
[2011/08/27 23:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/27 22:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/27 22:52:25 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/08/27 22:52:25 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/08/27 22:52:25 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/08/27 22:49:23 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/08/27 22:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/08/27 22:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/08/27 22:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/27 22:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/27 07:45:59 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
[2011/08/27 07:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/27 05:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/27 05:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HitPoint Studios
[2011/08/26 14:01:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/26 11:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/26 06:54:59 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\FrostWire
[2011/08/26 06:54:40 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\.frostwire5
[2011/08/25 08:38:32 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Casual Box

========== Files - Modified Within 30 Days ==========

[2011/09/23 11:34:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/23 10:58:58 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 10:58:58 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 10:51:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/23 10:51:20 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 10:39:36 | 004,225,780 | R--- | M] (Swearware) -- C:\Users\Dominick J. Fontana\Desktop\Combo-Fix.exe
[2011/09/23 07:43:34 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dominick J. Fontana\Desktop\TDSSKiller.exe
[2011/09/21 07:31:40 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/21 07:31:40 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/20 07:22:13 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Wedding Dash - Ready Aim Love.lnk
[2011/09/13 06:40:48 | 000,013,312 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 05:31:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
[2011/09/04 04:20:03 | 000,218,624 | ---- | M] (Intel Corporation ) -- C:\Windows\System32\itnetw32.dll
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/28 23:45:21 | 003,932,160 | -HS- | M] () -- C:\Users\Dominick J. Fontana\ntuser.bak
[2011/08/27 22:51:03 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/08/27 22:51:03 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/08/27 22:51:03 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/08/27 22:51:03 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/08/27 22:49:23 | 000,000,911 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.4.lnk
[2011/08/27 22:46:47 | 000,001,109 | -H-- | M] () -- C:\IPH.PH
[2011/08/27 22:45:26 | 000,001,890 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

========== Files Created - No Company Name ==========

[2011/09/23 10:43:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/23 10:43:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/23 10:43:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/23 10:43:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/23 10:43:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/20 07:22:13 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Wedding Dash - Ready Aim Love.lnk
[2011/08/27 22:49:23 | 000,000,911 | ---- | C] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.4.lnk
[2011/08/27 22:43:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/27 22:36:07 | 000,000,765 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/08/20 10:06:49 | 000,017,408 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\WebpageIcons.db
[2011/08/08 08:13:17 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2011/08/07 07:32:43 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/07 07:32:43 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/07 07:24:41 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/07/29 09:52:57 | 000,013,312 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 07:56:46 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/07/29 07:24:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/29 07:22:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/28 09:42:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/28 09:38:21 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/07/28 09:38:21 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/07/28 09:38:21 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/07/28 09:38:21 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/07/28 09:38:21 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/07/27 13:13:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/27 12:11:43 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/07/27 12:10:15 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2011/07/27 11:31:50 | 000,001,044 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,356,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/06 06:38:08 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\2monkeys
[2011/07/28 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2011/07/28 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\acccore
[2011/07/28 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar
[2011/08/03 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar Entertainment
[2011/08/20 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar Stargaze
[2011/07/27 13:34:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AnvSoft
[2011/09/07 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artifex Mundi
[2011/07/28 12:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artogon
[2011/07/27 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG10
[2011/07/28 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/07/28 12:29:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Az-Art
[2011/07/28 12:29:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Big Fish Games
[2011/09/21 03:14:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BitTorrent
[2011/08/01 13:29:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Blue Tea Games
[2011/07/28 12:29:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boolat Games
[2011/08/27 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boomzap
[2011/07/31 11:57:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BrablGames
[2011/07/28 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/08/25 08:38:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Casual Box
[2011/09/03 23:50:43 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\casualArts
[2011/07/28 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CattaleGames
[2011/07/28 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CursedOnboard
[2011/07/28 10:53:13 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/07/28 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DailyMagic
[2011/07/28 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/08/06 06:15:24 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Die Saeule der Maya
[2011/07/28 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DivoGames
[2011/07/28 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dragon Altar Games
[2011/07/28 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DragonsEye Studios
[2011/08/03 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/07/28 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight
[2011/07/28 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight Shared
[2011/07/28 12:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\EleFun Games
[2011/08/10 06:54:47 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Elephant Games
[2011/07/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enki Games
[2011/07/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enlightenus2_BFG
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS G-Studio
[2011/09/11 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS Game Studios
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\fallenShadowsStrategyGuide
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Flood Light Games
[2011/08/15 13:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Floodlight Games
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FloodLightGames
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FlyWheelGames
[2011/07/28 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ForgottenRiddles
[2011/07/28 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fugazo
[2011/07/28 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\funkitron
[2011/07/28 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Funswitch
[2011/07/28 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fuzzy Bug Interactive
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameInvest
[2011/09/11 09:40:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameMill Entertainment
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Games
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/07/28 12:34:40 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/08/08 08:12:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GetRightToGo
[2011/07/28 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ghost Ship Studios
[2011/07/28 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gogii
[2011/07/28 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Happy Muffin Top
[2011/09/03 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HdO Adventure
[2011/08/27 05:36:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/07/28 12:34:58 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IntrigueIncRavensFlightStrategyGuide
[2011/08/26 13:50:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IObit
[2011/07/28 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Islands
[2011/07/28 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\iWin
[2011/07/30 23:51:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Jetdogs Studios
[2011/07/28 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\JoyBits
[2011/07/28 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Lazy Turtle Games
[2011/08/05 06:53:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Leadertech
[2011/07/28 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LegacyInteractive
[2011/07/28 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LestaStudio
[2011/07/28 12:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Lionhead Studios
[2011/07/28 12:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LittleGamesCompany
[2011/08/06 09:13:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/07/28 12:38:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\margrave3_full
[2011/07/28 12:38:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Maximize Games
[2011/07/28 12:39:02 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Millennium Secrets - Roxannes Necklace Strategy Guide
[2011/07/28 12:39:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Monkey Barrel Games
[2011/07/28 12:39:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MumboJumbo
[2011/07/28 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/07/28 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mystery of Mortlake Mansion
[2011/07/28 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Namco
[2011/07/28 11:46:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PandoraRecovery
[2011/08/03 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/07/28 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Phantasmat_bf_ce1
[2011/09/20 07:22:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayFirst
[2011/07/28 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayPond
[2011/07/28 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Princess Isabella
[2011/08/18 11:28:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/08/18 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ReelDealSlotQuest_TheMuseumEscape
[2011/07/28 12:42:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SerpentOfIsis
[2011/07/28 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/07/28 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Skunk Studios
[2011/09/21 03:23:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SMIGames
[2011/08/22 23:38:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Specialbit
[2011/07/28 12:43:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SpinTop Games
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SulusGames
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/07/28 12:44:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/08/17 12:36:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Total Eclipse
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TrickySoftware
[2011/07/28 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TuneUp Software
[2011/08/21 23:28:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Twilight Games
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ValuSoft
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\VampireSagaHL
[2011/09/16 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vast Studios
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\VendelGAMES
[2011/08/06 07:11:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vogat Interactive
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\WhiteBirdsProductions
[2011/09/23 07:16:20 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector (1).exe
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\win7windows\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\win7windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2011/09/14 16:15:28 | 000,007,680 | ---- | M] () MD5=50C48BBAC68F1A1AAEC93FC11F218403 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\system\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\win7windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\win7windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\win7windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\win7windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\win7windows\System32\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\win7windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:8075370B
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AE8FDB48
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4C3D5A8B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6708F08
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:48D3CC24
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:13FB6DB8

< End of report >

Edited by Dom Fontana, 23 September 2011 - 10:12 AM.

  • 0

Advertisements

#17
Dom Fontana
Posted 23 September 2011 - 10:20 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Some good news, Render, At first, MBAM did the same thing. It starts out very fast and scanned about 40,000 files in 38 seconds, and it stopped. I don't click on it or interfere with it in any way. After a few minutes, it said Not Responding at the top of the MBAM window. It was stuck on a dll file in the system32 directory. This time, I didn't do anything. For some reason after about 5-6 minutes, it just started up again and completed the scan. Since I already uninstalled SuperAntiSpyware, I am now going to go back to using MBAM. It's a much better program.

Just thought you'd like to know. :)
  • 0

#18
Render
Posted 23 September 2011 - 10:41 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\TEMP\3370.tmp
c:\windows\TEMP\15A.tmp

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\86609300]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\967f5800]

Driver::
86609300
967f5800


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#19
Dom Fontana
Posted 23 September 2011 - 11:00 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Here's the log file:

ComboFix 11-09-23.03 - Dominick J. Fontana 09/23/2011 12:45:36.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3518.2476 [GMT -4:00]
Running from: c:\users\Dominick J. Fontana\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Dominick J. Fontana\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\TEMP\15A.tmp"
"c:\windows\TEMP\3370.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_86609300
-------\Legacy_967F5800
-------\Service_86609300
-------\Service_967f5800
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 16:52 . 2011-09-23 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-23 15:47 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-23 15:35 . 2011-09-23 16:54 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Local\temp
2011-09-23 12:20 . 2011-09-23 16:53 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\offreg.dll
2011-09-23 12:20 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\mpengine.dll
2011-09-21 10:01 . 2011-09-21 10:01 -------- d-----w- c:\windows\system32\3056
2011-09-20 14:40 . 2011-09-21 07:23 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\SMIGames
2011-09-20 11:22 . 2011-09-20 11:22 -------- d-----w- c:\windows\Wedding Dash - Ready Aim Love
2011-09-16 12:46 . 2011-09-16 12:46 -------- d-----w- c:\windows\Wedding Dash 2 - Rings Around the World
2011-09-15 03:06 . 2011-09-15 03:06 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Local\Apple Computer
2011-09-14 10:01 . 2011-09-21 10:01 -------- d-----w- c:\windows\system32\1037
2011-09-09 03:04 . 2011-08-21 14:56 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-09 03:04 . 2011-08-21 14:56 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A6BFBB9-813D-48E7-B879-4FD452F10648}\gapaengine.dll
2011-09-07 11:57 . 2011-09-14 10:01 -------- d-----w- c:\windows\system32\1032
2011-09-04 09:40 . 2011-09-04 09:40 -------- d-----w- C:\_OTL
2011-09-04 08:20 . 2011-09-04 08:20 218624 ----a-w- c:\windows\system32\itnetw32.dll
2011-09-04 08:13 . 2011-09-04 08:18 -------- d-----w- c:\windows\system32\Adobe
2011-09-04 03:50 . 2011-09-04 03:50 -------- d-----w- c:\programdata\casualArts
2011-09-04 03:50 . 2011-09-04 03:50 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\casualArts
2011-09-02 16:57 . 2011-09-02 16:57 -------- d-----w- c:\windows\Time Mysteries - Inheritance [UPDATED]
2011-09-01 12:04 . 2011-09-01 12:04 -------- d-----w- c:\programdata\Fenomen Games
2011-08-28 02:53 . 2011-08-28 02:53 -------- d-----w- c:\program files\Common Files\Java
2011-08-28 02:45 . 2011-08-28 02:45 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-08-28 02:42 . 2011-08-28 02:43 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-27 11:45 . 2011-08-27 11:45 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
2011-08-27 11:45 . 2011-08-27 11:45 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 09:39 . 2011-08-27 11:35 -------- d-----w- c:\programdata\Avira
2011-08-27 09:36 . 2011-08-27 09:36 -------- d-----w- c:\programdata\HitPoint Studios
2011-08-26 18:01 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-26 15:50 . 2011-08-26 17:06 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 10:54 . 2011-08-26 10:56 -------- d-----w- c:\users\Dominick J. Fontana\FrostWire
2011-08-26 10:54 . 2011-08-26 17:55 -------- d-----w- c:\users\Dominick J. Fontana\.frostwire5
2011-08-25 12:38 . 2011-08-25 12:38 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Casual Box
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-08-23 03:02 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-28 02:51 . 2011-07-27 18:40 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-13 09:04 . 2011-07-28 11:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-08-20 14:46 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63C79D10-5DD5-4117-8748-03DDAE88A67C}\mpengine.dll
2011-08-08 12:13 . 2011-08-08 12:13 1152 ----a-w- c:\windows\system32\windrv.sys
2011-08-07 11:31 . 2011-08-07 11:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-05 10:53 . 2011-08-05 10:53 53248 ----a-r- c:\users\Dominick J. Fontana\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-05 10:53 . 2011-08-05 10:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-29 12:06 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-28 14:39 . 2011-01-28 10:22 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-22 04:54 . 2011-08-11 11:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-11 11:56 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30 . 2011-08-11 11:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50476A70-23CE-61D4-4AF9-651A3FB40F04}]
2009-07-14 01:16 65536 ----a-w- c:\windows\System32\PeerrDistSvc.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-28 606208]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"MaxMenuMgr"="d:\programs\Seagate Manager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"PWRISOVM.EXE"="d:\programs\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 MpKsl20750f32;MpKsl20750f32;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\MpKsl20750f32.sys [x]
R1 MpKsl23cd48fb;MpKsl23cd48fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72E28A9E-6343-4440-B439-422225D6EA56}\MpKsl23cd48fb.sys [x]
R1 MpKsl517f41c0;MpKsl517f41c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC6ED00-9463-4D1F-87AE-AE651E11511A}\MpKsl517f41c0.sys [x]
R1 MpKsl5e4611be;MpKsl5e4611be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CC8828D-A330-4811-9A82-6370EA2F4CE2}\MpKsl5e4611be.sys [x]
R1 MpKsl83591d93;MpKsl83591d93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F70CE2-8CE0-48C8-9CC4-D6F46CED286D}\MpKsl83591d93.sys [x]
R1 MpKsla4b22a4c;MpKsla4b22a4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58FDFEF4-7EB3-409A-803E-B887376A351E}\MpKsla4b22a4c.sys [x]
R1 MpKslce25963e;MpKslce25963e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{868ABC79-1C45-4A1C-B7F2-4D24DDC12343}\MpKslce25963e.sys [x]
R1 MpKsldd8a1e0f;MpKsldd8a1e0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EDAEF55-24F3-4C5A-9D9C-771A6334EC82}\MpKsldd8a1e0f.sys [x]
R1 MpKslf01c5627;MpKslf01c5627;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8652A4-05FF-44A8-957F-D3C6D9341628}\MpKslf01c5627.sys [x]
R1 MpKslf3843a20;MpKslf3843a20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8652A4-05FF-44A8-957F-D3C6D9341628}\MpKslf3843a20.sys [x]
R1 shlfwoov;shlfwoov;c:\windows\system32\drivers\shlfwoov.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-26 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-26 3072]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-29 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;d:\programs\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 FreeAgentGoNext Service;Seagate Service;d:\programs\Seagate Manager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesService32.exe [2011-05-20 1523008]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesDriver32.sys [2011-04-26 10064]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
itnetsvc REG_MULTI_SZ itlperf
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc28.mail.yahoo.com/mc/welcome?&.rand=331798557#_pg=showFolder;_ylc=X3oDMTBvamJjMmxoBF9TAzM5ODMwMTAyNwRhYwNtdkZsZE1zZw--&mid=1_26962_AL5TimIAARbYTloXXAZm2EMo8qU&fid=Inbox&sort=date&order=up&startMid=10&filterBy=&.rand=379203569&hash=dcc56b0d2767d37a65bbc2d24656cab1&.jsrand=5992681
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110828
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110828&q=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - d:\programs\Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-09-23 12:58:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-23 16:58
ComboFix2.txt 2011-09-23 15:35
ComboFix3.txt 2011-09-23 14:54
.
Pre-Run: 12,501,307,392 bytes free
Post-Run: 12,325,294,080 bytes free
.
- - End Of File - - 7DABE2E4675E5D3F46551BDB0F9FF1CE
  • 0

#20
Render
Posted 23 September 2011 - 11:10 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#21
Dom Fontana
Posted 23 September 2011 - 11:45 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, Render.

I have to go somewhere now. I will follow up with the next steps as soon as I get back.

Thanks so much for your help.
  • 0

#22
Render
Posted 23 September 2011 - 11:49 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#23
Dom Fontana
Posted 24 September 2011 - 02:36 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, Render.

Yes it did take long. It found 5 Infections.

This is the Report:

Status: Deleted (events: 5)
9/24/2011 12:03:50 AM Deleted virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Windows\System32\HOSTNAMEE.EXE.vir High
9/24/2011 4:15:03 AM Deleted Trojan program Trojan-Dropper.Win32.Mudrop.riy C:\Windows\System32\DeviceUxRees.dll High
9/24/2011 4:14:00 AM Deleted Trojan program Trojan.Win32.Agent.pgui C:\Windows\System32\itnetw32.dll High
9/24/2011 4:14:01 AM Deleted virus HEUR:Trojan.Win32.Generic C:\Windows\System32\KBDCCZ1.DLL High
9/24/2011 4:22:00 AM Deleted virus HEUR:Trojan.Win32.Generic c:\Windows\System32\PeerrDistSvc.dll High


I have attached the Zip File to this message.

Thanks.

Attached Files


  • 0

#24
Render
Posted 24 September 2011 - 02:42 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
How is your computer running now? Any problems?
  • 0

#25
Dom Fontana
Posted 24 September 2011 - 04:03 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, Render.

I just finished the scan a few hours ago and so far, so good. If you don't mind, maybe you can keep the thread open and let me use the computer for 24 hours and then I will report back here.

Also, as of now, I still have MS Security Essentials disabled. Should I enable it or wait until after we do the cleanup?

Thanks so much for your help. It is tremendously appreciated.

Edited by Dom Fontana, 24 September 2011 - 04:04 AM.

  • 0

Advertisements

#26
Render
Posted 24 September 2011 - 04:43 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please enable MSE now, run your PC as normal for a day or two and then come back to me.
  • 0

#27
Dom Fontana
Posted 24 September 2011 - 05:43 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Okay, I enabled it. I'll report back here in a day or so.

Go Yankees! :)
  • 0

#28
Render
Posted 25 September 2011 - 11:24 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#29
Dom Fontana
Posted 26 September 2011 - 08:41 PM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, Render.

The Internet was out in my neighborhood over the weekend, but now it's back. Give me another day and then I will report back here with my computer's status. So far, so good.
  • 0

#30
Render
Posted 27 September 2011 - 11:04 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP