Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Locked out of antivirus software - Open Cloud AV

Started by Joeicam , Oct 07 2011 05:00 PM

  • This topic is locked This topic is locked

#1
Joeicam
Posted 07 October 2011 - 05:00 PM

Joeicam

    Malware Removal

  • Malware Removal
  • 1,289 posts
Hello! I am trying to fix a friend's computer.

- I have Microsoft Security Essentials installed on it, but when I go to click the Scan Now button it says "Access is denied".
- Ad-aware SE is also installed on the computer and when I try to run that it says that it "Failed to connect to service."

As I write this, I am going through their computer's programs and checking
on the internet to see if they're harmful or not and I came across:

- Open Cloud AV

Their computer is extremely unorganized, so I don't think I will be able to check out all of the programs, but
for now, here is the OTL log for the computer.

Also, if you have any suggestions as to which FREE anti-virus to use that would be great :).
Oh, one more thing. I've heard that you should only have one anti-virus installed on
your computer, so is having both Microsoft Security Essentials and Ad-aware SE a bad thing?

Thanks for all your help! - Joe









OTL logfile created on: 10/7/2011 5:39:26 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = F:\Put On Flash Drive
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 534.41 Mb Available Physical Memory | 69.68% Memory free
1.83 Gb Paging File | 1.70 Gb Available in Paging File | 92.84% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 2.56 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 3.76 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: OWNER-Z3XNVOAA4 | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 20:25:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- F:\Put On Flash Drive\OTL.exe
PRC - [2011/09/10 14:31:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/10 14:31:16 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/17 16:24:51 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
SRV - [2011/08/07 19:29:30 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/02/27 18:06:27 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008/02/27 18:06:12 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/16 08:22:48 | 000,138,496 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/09/22 13:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 09:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 11:34:04 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 11:34:04 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...LryKjQW.veuU5aA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 F0 E6 0C F9 BC CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "My Way"
FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.mywebs...bf5&searchfor="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Owner\Local Settings\Application Data\RobloxVersions\version-7a404405e6f944e5\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/10/02 22:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Guffins\bar\1.bin [2011/08/17 16:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 14:31:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/10 14:31:21 | 000,000,000 | ---D | M]

[2011/03/29 20:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/03/29 20:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/10/02 22:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions
[2011/03/29 19:22:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/02 22:13:14 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\[email protected]
[2011/08/08 17:55:56 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\[email protected]
[2011/08/19 22:52:52 | 000,009,979 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\searchplugins\Guffins.xml
[2011/08/08 19:49:52 | 000,009,987 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\searchplugins\mywebsearch.xml
[2011/09/18 18:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/22 19:08:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 21:12:08 | 000,000,000 | ---D | M] (Mighty Magoo TextLinks) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2011/08/17 16:24:57 | 000,000,000 | ---D | M] (Guffins) -- C:\PROGRAM FILES\GUFFINS\BAR\1.BIN
[2011/08/22 19:08:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/22 19:08:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\System32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\RobloxVersions\version-7a404405e6f944e5\\NPRobloxProxy.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: ArcadeWeb = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
CHR - Extension: RebateRobot = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.0.1_0\
CHR - Extension: RebateRobot = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.0.1_0\.svn\text-base\.svn-base

Hosts file not found
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AW Class) - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Program Files\ArcadeWeb\arcadeweb32.dll File not found
O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (MindSpark)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files\Guffins\bar\1.bin\u4SrcAs.dll (COMPANYVERS_NAME)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (MindSpark)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Guffins Browser Plugin Loader] C:\Program Files\Guffins\bar\1.bin\u4brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [KBrzPNyxAuDoFpH8234A] C:\WINDOWS\system32\d7fRL9gTXjCk.exe File not found
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [lxdpamon] C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TrayIcRun] RunDll32.exe "C:\Program Files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon File not found
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [vtxuagwa] C:\DOCUME~1\Owner\LOCALS~1\Temp\hcwfjrttj\cdqwhamsika.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.1; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; FunWebProducts)" -"http://www.chuckeche...ic-tac-toe.php" File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://edits.mywebse...aA&n=2011080720 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.game...apWebPlayer.cab (GameTap Player)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229565322252 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E923B3AB-4F0D-4CAB-BEE2-15EC3C00E717}: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/17 20:20:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{434f2a11-5322-11e0-9b55-0007e97d9c8e}\Shell - "" = AutoRun
O33 - MountPoints2\{434f2a11-5322-11e0-9b55-0007e97d9c8e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{434f2a11-5322-11e0-9b55-0007e97d9c8e}\Shell\AutoRun\command - "" = F:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 20:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/10/03 20:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/03 20:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/02 22:20:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/10/02 22:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP
[2011/10/02 22:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8
[2011/10/02 19:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/02 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/02 19:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Open Cloud AV
[2011/10/02 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj
[2011/10/02 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD
[2011/10/02 19:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HP0ycS1ib3n4Q6
[2009/04/26 13:09:15 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009/04/26 13:09:15 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009/04/26 13:09:15 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009/04/26 13:09:15 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009/04/26 13:09:15 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009/04/26 13:09:15 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009/04/26 13:09:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009/04/26 13:09:14 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009/04/26 13:09:14 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009/04/26 13:09:14 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpih.exe
[2009/04/26 13:09:13 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2009/04/26 13:09:13 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcoms.exe
[2009/04/26 13:09:13 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009/04/26 13:09:13 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcfg.exe
[2008/12/18 17:38:48 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 17:27:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/07 17:27:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/03 20:22:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{15ADE941-D1B0-45A0-A189-325EF3069597}.job
[2011/10/03 20:21:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/03 20:00:59 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/03 19:49:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2823853647
[2011/10/03 19:49:18 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\iMeshNAG.job
[2011/10/02 22:14:09 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk
[2011/10/02 22:13:13 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/02 20:43:48 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/10/02 19:44:17 | 000,001,208 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/10/02 19:23:31 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/02 01:52:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/01 19:32:10 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/01 13:26:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/27 21:06:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/27 21:06:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/27 07:42:21 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iTunes.lnk
[2011/09/26 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/14 03:02:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/02 19:53:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/02 19:44:17 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk
[2011/10/02 19:44:14 | 000,001,208 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/10/02 19:40:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2823853647
[2011/04/25 18:07:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 18:07:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/07 21:44:48 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/01/27 20:59:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/15 19:56:26 | 000,029,024 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/04 11:19:03 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2009/09/04 11:13:05 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/17 10:49:07 | 000,517,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\phn.dat
[2009/04/26 13:14:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009/04/26 13:14:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2009/04/26 13:09:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009/04/26 13:09:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009/04/26 13:09:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2009/04/02 14:50:38 | 000,000,361 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/02/01 23:43:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/10 22:45:06 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 17:39:28 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/12/18 17:38:49 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2008/12/18 17:38:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/12/18 17:38:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2008/12/18 17:38:48 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2008/12/18 16:44:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/12/17 20:25:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/17 20:17:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/17 14:09:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/17 14:07:58 | 000,178,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/07/16 11:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 11:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 11:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 11:35:06 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 11:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 11:35:03 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 11:33:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 11:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 11:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 11:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 11:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 11:17:59 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys

========== LOP Check ==========

[2009/03/30 20:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
[2011/01/29 17:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/03/29 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/08/25 14:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2011/01/28 18:02:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/07/29 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/21 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/10/02 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD
[2011/01/15 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FCTB000060231
[2011/05/20 19:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2010/01/02 11:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2011/10/02 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj
[2011/08/08 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/08/22 19:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/10/02 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8
[2011/10/02 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP
[2011/03/29 20:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2011/01/19 21:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TP
[2011/09/28 21:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2010/07/30 18:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/10/01 19:32:10 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/10/03 19:49:18 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\iMeshNAG.job
[2011/10/02 01:52:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/10/03 20:00:59 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/10/03 20:22:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{15ADE941-D1B0-45A0-A189-325EF3069597}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\WINDOWS\2823853647:2959716183.exe

< End of report >
  • 0

Advertisements

#2
Joeicam
Posted 07 October 2011 - 05:08 PM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
I found the tutorial on how to remove Open Cloud AV, so I am going to proceed with that.
  • 0

#3
Joeicam
Posted 07 October 2011 - 05:29 PM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
It didn't work. I installed Malwarebytes' Anti-Malware on the computer but when the program started to scan, it crashed. When I opened it back it up it says
"Windows cannot access the specific device, path, or file. You may not have the appropriate permissions to access the item". I followed the guide completely. I renamed the installer.exe to "iexplore.exe" and I changed the mbam.exe file to "iexplore.exe".

Edited by Joeicam, 07 October 2011 - 05:30 PM.

  • 0

#4
Joeicam
Posted 09 October 2011 - 07:39 PM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
I also tried to run the programs in safe mode, but that doesn't do anything either.
  • 0

#5
maliprog
Posted 13 October 2011 - 12:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Joeicam and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

After this please continue with steps below.


Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • Combofix log
  • OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#6
Joeicam
Posted 15 October 2011 - 01:50 AM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
Hello :)!
Thank you for responding to my post!

I am unable to disable my other anti-virus software running. I went to the guide you gave me but it didn't work. I am able to open up Microsoft Security Essentials, but the settings tab is grayed out, leaving me unable to click it. Ad-aware just won't open because it says it "Failed to connect to service".
  • 0

#7
maliprog
Posted 15 October 2011 - 02:24 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please go to Control Panel and navigate to Add/Remove programs. Please uninstall your antivirus software for now. We'll install it later.

After this continue with the steps.
  • 0

#8
Joeicam
Posted 16 October 2011 - 12:06 AM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
Okay! That appeared to work! Thank you.



Combo Fix Log





ComboFix 11-10-13.03 - Owner 10/15/2011 17:32:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.571 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\SPL1.tmp
c:\documents and settings\All Users\SPL199.tmp
c:\documents and settings\All Users\SPL1DD4.tmp
c:\documents and settings\All Users\SPL2.tmp
c:\documents and settings\All Users\SPL3.tmp
c:\documents and settings\All Users\SPL4.tmp
c:\documents and settings\All Users\SPLBB.tmp
c:\documents and settings\All Users\SPLC1A.tmp
c:\documents and settings\All Users\SPLD6A.tmp
c:\documents and settings\All Users\SPLD8.tmp
c:\documents and settings\Owner\Application Data\ldr.ini
c:\documents and settings\Owner\Application Data\O66ddWK8fRL9TXjOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\OucS2ibD3n5Q6W8Open Cloud AV.ico
c:\documents and settings\Owner\WINDOWS
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\GuffinsEI
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\1.bin\M3UNPAT.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00023A9E
c:\program files\MyWebSearch\bar\Cache\009BB37F.bin
c:\program files\MyWebSearch\bar\Cache\009BCB0E.bin
c:\program files\MyWebSearch\bar\Cache\009BCD31
c:\program files\MyWebSearch\bar\Cache\1473360C
c:\program files\MyWebSearch\bar\Cache\147337A3.bin
c:\program files\MyWebSearch\bar\Cache\1473385E.bin
c:\program files\MyWebSearch\bar\Cache\14733939.bmp
c:\program files\MyWebSearch\bar\Cache\14733A04.bin
c:\program files\MyWebSearch\bar\Cache\14733AEE.bin
c:\program files\MyWebSearch\bar\Cache\14945CFD
c:\program files\MyWebSearch\bar\Cache\1C2C5ED2.bmp
c:\program files\MyWebSearch\bar\Cache\1C2C5FBC.bin
c:\program files\MyWebSearch\bar\Cache\1E196C22.exe
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Retrogamer_2z\bar\1.bin\2zBAr.dll
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\windows\$NtUninstallKB57537$
c:\windows\$NtUninstallKB57537$\1335251112\@
c:\windows\$NtUninstallKB57537$\1335251112\bckfg.tmp
c:\windows\$NtUninstallKB57537$\1335251112\cfg.ini
c:\windows\$NtUninstallKB57537$\1335251112\Desktop.ini
c:\windows\$NtUninstallKB57537$\1335251112\keywords
c:\windows\$NtUninstallKB57537$\1335251112\kwrd.dll
c:\windows\$NtUninstallKB57537$\1335251112\L\mriabkln
c:\windows\$NtUninstallKB57537$\1335251112\lsflt7.ver
c:\windows\$NtUninstallKB57537$\1335251112\U\00000001.@
c:\windows\$NtUninstallKB57537$\1335251112\U\00000002.@
c:\windows\$NtUninstallKB57537$\1335251112\U\80000000.@
c:\windows\$NtUninstallKB57537$\1335251112\U\80000032.@
c:\windows\$NtUninstallKB57537$\2732847619
c:\windows\system32\d3d9caps.dat
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_4f9650a8
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-15 22:16 . 2011-10-15 22:16 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-15 02:13 . 2011-10-15 02:13 -------- d-----w- c:\program files\iTunes Library Updater
2011-10-08 19:23 . 2011-10-08 19:23 0 ---ha-w- c:\documents and settings\Owner\Local Settings\Application Data\BITCD.tmp
2011-10-07 23:25 . 2011-10-15 04:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-07 23:20 . 2011-10-07 23:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 23:19 . 2011-10-07 23:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-10-07 23:19 . 2011-10-07 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-04 01:21 . 2011-10-04 01:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-03 03:14 . 2011-10-03 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\rhYCwkUVrOtP
2011-10-03 03:14 . 2011-10-03 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\OucS2ibD3n5Q6W8
2011-10-03 00:44 . 2011-10-03 00:44 -------- d-----w- c:\documents and settings\Owner\Application Data\O66ddWK8fRL9TXj
2011-10-03 00:44 . 2011-10-03 00:44 -------- d-----w- c:\documents and settings\Owner\Application Data\CllONNtxP0uc2iD
2011-10-03 00:43 . 2011-10-03 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\HP0ycS1ib3n4Q6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2003-07-16 16:34 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2003-07-16 16:34 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-07-16 16:45 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-23 00:08 . 2011-08-23 00:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-23 00:08 . 2010-07-29 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-22 23:48 . 2003-07-16 16:45 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2003-07-16 16:17 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-01-16 356864]
"{c3d3840c-12ea-4461-a61d-190555fecc82}"= "c:\program files\Guffins\bar\1.bin\u4SrcAs.dll" [2011-08-17 62864]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{c3d3840c-12ea-4461-a61d-190555fecc82}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a916eefe-6a17-4d7d-a131-2738b260bb55}]
2011-08-17 21:24 669072 ----a-w- c:\progra~1\Guffins\bar\1.bin\u4bar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-01-16 02:12 1530880 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
2011-08-17 21:24 62864 ----a-w- c:\program files\Guffins\bar\1.bin\u4SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-01-16 1530880]
"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"= "c:\program files\Guffins\bar\1.bin\u4bar.dll" [2011-08-17 669072]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-01-16 1530880]
"{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}"= "c:\program files\Guffins\bar\1.bin\u4bar.dll" [2011-08-17 669072]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"lxdpamon"="c:\program files\Lexmark Z2300 Series\lxdpamon.exe" [2008-03-27 16040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
"Guffins Browser Plugin Loader"="c:\progra~1\Guffins\bar\1.bin\u4brmon.exe" [2011-08-17 30096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpwbgw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/28/2011 7:02 PM 64288]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [4/26/2009 1:14 PM 98984]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/9/2011 7:30 AM 92592]
S1 MpKsl0674b3b0;MpKsl0674b3b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{969B544B-D3D4-4D1F-BDD6-DC97BB80D1B8}\MpKsl0674b3b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{969B544B-D3D4-4D1F-BDD6-DC97BB80D1B8}\MpKsl0674b3b0.sys [?]
S1 MpKsl074ef97f;MpKsl074ef97f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{271FEEAB-0C52-4597-93BA-6E91FE119A71}\MpKsl074ef97f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{271FEEAB-0C52-4597-93BA-6E91FE119A71}\MpKsl074ef97f.sys [?]
S1 MpKsl0815a378;MpKsl0815a378;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EF5F620-E549-4169-A5A8-903EB3E7E751}\MpKsl0815a378.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EF5F620-E549-4169-A5A8-903EB3E7E751}\MpKsl0815a378.sys [?]
S1 MpKsl10b27448;MpKsl10b27448;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADC4DFC-49CF-4E04-ACC5-4773C24CB3C6}\MpKsl10b27448.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADC4DFC-49CF-4E04-ACC5-4773C24CB3C6}\MpKsl10b27448.sys [?]
S1 MpKsl2bdbf1fa;MpKsl2bdbf1fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADC4DFC-49CF-4E04-ACC5-4773C24CB3C6}\MpKsl2bdbf1fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADC4DFC-49CF-4E04-ACC5-4773C24CB3C6}\MpKsl2bdbf1fa.sys [?]
S1 MpKsl2e23f045;MpKsl2e23f045;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B6819C5-27F1-4220-B8D6-278D2617E79D}\MpKsl2e23f045.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B6819C5-27F1-4220-B8D6-278D2617E79D}\MpKsl2e23f045.sys [?]
S1 MpKsl30f4b6cb;MpKsl30f4b6cb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E57757D7-2258-43EC-B225-A7F89D43588C}\MpKsl30f4b6cb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E57757D7-2258-43EC-B225-A7F89D43588C}\MpKsl30f4b6cb.sys [?]
S1 MpKsl32900911;MpKsl32900911;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{426AA7F8-CD97-4464-91FE-198F3A21591B}\MpKsl32900911.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{426AA7F8-CD97-4464-91FE-198F3A21591B}\MpKsl32900911.sys [?]
S1 MpKsl35f0643f;MpKsl35f0643f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F271F4A1-7C55-4549-B26E-429961953949}\MpKsl35f0643f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F271F4A1-7C55-4549-B26E-429961953949}\MpKsl35f0643f.sys [?]
S1 MpKsl396b6d36;MpKsl396b6d36;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E57757D7-2258-43EC-B225-A7F89D43588C}\MpKsl396b6d36.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E57757D7-2258-43EC-B225-A7F89D43588C}\MpKsl396b6d36.sys [?]
S1 MpKsl3fe64d05;MpKsl3fe64d05;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{714AD5C5-CE95-4645-8DB3-AE9ACFAC2992}\MpKsl3fe64d05.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{714AD5C5-CE95-4645-8DB3-AE9ACFAC2992}\MpKsl3fe64d05.sys [?]
S1 MpKsl44669d6a;MpKsl44669d6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35B02ADD-6F67-4D0D-AAEB-1BFCBA9EA56B}\MpKsl44669d6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35B02ADD-6F67-4D0D-AAEB-1BFCBA9EA56B}\MpKsl44669d6a.sys [?]
S1 MpKsl48b68a50;MpKsl48b68a50;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D7DCFC4-FC4A-4CD6-8521-D02D57DF975D}\MpKsl48b68a50.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D7DCFC4-FC4A-4CD6-8521-D02D57DF975D}\MpKsl48b68a50.sys [?]
S1 MpKsl4e396e3b;MpKsl4e396e3b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC36E97-D029-4647-B3B0-B0C87035146A}\MpKsl4e396e3b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC36E97-D029-4647-B3B0-B0C87035146A}\MpKsl4e396e3b.sys [?]
S1 MpKsl545bbec4;MpKsl545bbec4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC0357A3-4D53-48B6-BA58-68F98B8D1B7A}\MpKsl545bbec4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC0357A3-4D53-48B6-BA58-68F98B8D1B7A}\MpKsl545bbec4.sys [?]
S1 MpKsl56277529;MpKsl56277529;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41F17152-A9ED-46D3-AE23-DF885A1E3234}\MpKsl56277529.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41F17152-A9ED-46D3-AE23-DF885A1E3234}\MpKsl56277529.sys [?]
S1 MpKsl5861feb5;MpKsl5861feb5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FC63BBF-CEA0-4BF0-AFE1-99A2620192DD}\MpKsl5861feb5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FC63BBF-CEA0-4BF0-AFE1-99A2620192DD}\MpKsl5861feb5.sys [?]
S1 MpKsl5d6e557e;MpKsl5d6e557e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C5F15-F369-4707-9785-5F3DA7CF68E0}\MpKsl5d6e557e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C5F15-F369-4707-9785-5F3DA7CF68E0}\MpKsl5d6e557e.sys [?]
S1 MpKsl64a5dc03;MpKsl64a5dc03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{268FEE86-AB05-43B6-B9EA-FE2ACA37340B}\MpKsl64a5dc03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{268FEE86-AB05-43B6-B9EA-FE2ACA37340B}\MpKsl64a5dc03.sys [?]
S1 MpKsl7010111e;MpKsl7010111e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9901FBE3-D1A9-4A55-BB84-FCFC4EEDEA76}\MpKsl7010111e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9901FBE3-D1A9-4A55-BB84-FCFC4EEDEA76}\MpKsl7010111e.sys [?]
S1 MpKsl865e3f6f;MpKsl865e3f6f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5DEA607-6B6D-4EB9-AAB0-BF4757D1011F}\MpKsl865e3f6f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5DEA607-6B6D-4EB9-AAB0-BF4757D1011F}\MpKsl865e3f6f.sys [?]
S1 MpKsl88c22640;MpKsl88c22640;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7389832-61EB-48BE-A9C0-FCE70FF16DF9}\MpKsl88c22640.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7389832-61EB-48BE-A9C0-FCE70FF16DF9}\MpKsl88c22640.sys [?]
S1 MpKsl8b8909df;MpKsl8b8909df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E57757D7-2258-43EC-B225-A7F89D43588C}\MpKsl8b8909df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E57757D7-2258-43EC-B225-A7F89D43588C}\MpKsl8b8909df.sys [?]
S1 MpKsl95ff253a;MpKsl95ff253a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C9D976F-5847-49CD-B6BC-E2BEEED303B6}\MpKsl95ff253a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C9D976F-5847-49CD-B6BC-E2BEEED303B6}\MpKsl95ff253a.sys [?]
S1 MpKsl9789166c;MpKsl9789166c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F49BE77-91E6-4760-BE60-187037EE96A4}\MpKsl9789166c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F49BE77-91E6-4760-BE60-187037EE96A4}\MpKsl9789166c.sys [?]
S1 MpKslb7be999f;MpKslb7be999f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20F942EC-978E-4ECE-AC05-F143C3728308}\MpKslb7be999f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20F942EC-978E-4ECE-AC05-F143C3728308}\MpKslb7be999f.sys [?]
S1 MpKslbc97ac82;MpKslbc97ac82;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B1778B8-FEA7-413C-ABE4-96FC5A6868CF}\MpKslbc97ac82.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B1778B8-FEA7-413C-ABE4-96FC5A6868CF}\MpKslbc97ac82.sys [?]
S1 MpKslbf431c2e;MpKslbf431c2e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFA5F6D5-4717-4C83-907A-6B33A7E8AA9D}\MpKslbf431c2e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFA5F6D5-4717-4C83-907A-6B33A7E8AA9D}\MpKslbf431c2e.sys [?]
S1 MpKslc17ec2af;MpKslc17ec2af;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA20B146-D0F8-4525-8EE2-832FB2C82E28}\MpKslc17ec2af.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA20B146-D0F8-4525-8EE2-832FB2C82E28}\MpKslc17ec2af.sys [?]
S1 MpKslc22d3b1e;MpKslc22d3b1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{714AD5C5-CE95-4645-8DB3-AE9ACFAC2992}\MpKslc22d3b1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{714AD5C5-CE95-4645-8DB3-AE9ACFAC2992}\MpKslc22d3b1e.sys [?]
S1 MpKslc4b5b948;MpKslc4b5b948;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35B02ADD-6F67-4D0D-AAEB-1BFCBA9EA56B}\MpKslc4b5b948.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35B02ADD-6F67-4D0D-AAEB-1BFCBA9EA56B}\MpKslc4b5b948.sys [?]
S1 MpKsld162b8ed;MpKsld162b8ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9901FBE3-D1A9-4A55-BB84-FCFC4EEDEA76}\MpKsld162b8ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9901FBE3-D1A9-4A55-BB84-FCFC4EEDEA76}\MpKsld162b8ed.sys [?]
S1 MpKsld9fbebfe;MpKsld9fbebfe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6DA2D70-66E2-4902-9AF8-7380D75EC65A}\MpKsld9fbebfe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6DA2D70-66E2-4902-9AF8-7380D75EC65A}\MpKsld9fbebfe.sys [?]
S1 MpKsldd0a6b93;MpKsldd0a6b93;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{101BE3F3-CC4D-4C6C-A568-C86AFF6C1DF1}\MpKsldd0a6b93.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{101BE3F3-CC4D-4C6C-A568-C86AFF6C1DF1}\MpKsldd0a6b93.sys [?]
S1 MpKslddd527b6;MpKslddd527b6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FC63BBF-CEA0-4BF0-AFE1-99A2620192DD}\MpKslddd527b6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FC63BBF-CEA0-4BF0-AFE1-99A2620192DD}\MpKslddd527b6.sys [?]
S1 MpKsldf207028;MpKsldf207028;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EF5F620-E549-4169-A5A8-903EB3E7E751}\MpKsldf207028.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EF5F620-E549-4169-A5A8-903EB3E7E751}\MpKsldf207028.sys [?]
S1 MpKsle668e603;MpKsle668e603;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDAA2345-9885-49D0-A621-9DC30842F672}\MpKsle668e603.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDAA2345-9885-49D0-A621-9DC30842F672}\MpKsle668e603.sys [?]
S1 MpKslea920349;MpKslea920349;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E2255D6-F24E-497F-8646-BD536FDBF928}\MpKslea920349.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E2255D6-F24E-497F-8646-BD536FDBF928}\MpKslea920349.sys [?]
S1 MpKslef795cbf;MpKslef795cbf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B817B7B-3355-47FF-A310-82B3E62F0986}\MpKslef795cbf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B817B7B-3355-47FF-A310-82B3E62F0986}\MpKslef795cbf.sys [?]
S1 MpKslf12fc086;MpKslf12fc086;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDAA2345-9885-49D0-A621-9DC30842F672}\MpKslf12fc086.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDAA2345-9885-49D0-A621-9DC30842F672}\MpKslf12fc086.sys [?]
S1 MpKslf985a266;MpKslf985a266;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{714AD5C5-CE95-4645-8DB3-AE9ACFAC2992}\MpKslf985a266.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{714AD5C5-CE95-4645-8DB3-AE9ACFAC2992}\MpKslf985a266.sys [?]
S2 GuffinsService;GuffinsService;c:\progra~1\Guffins\bar\1.bin\u4barsvc.exe [8/17/2011 4:24 PM 42504]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2011 11:58 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2011 11:58 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 04:58]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 04:58]
.
2011-10-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
2011-10-16 c:\windows\Tasks\User_Feed_Synchronization-{15ADE941-D1B0-45A0-A189-325EF3069597}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZJxdm534U2us&ptb=AcfJB_ZLryKjQW.veuU5aA
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm534U2us&ptb=AcfJB_ZLryKjQW.veuU5aA&ind=2011080720&ptnrS=ZJxdm534U2us&si=CNSBzY-4vqoCFWICQAodB3mt7A&n=77dea810&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Guffins: [email protected] - c:\program files\Guffins\bar\1.bin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: My Web Search: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-TrayIcRun - c:\program files\ArcadeWeb\arcadeweb32.dll
HKLM-Run-KBrzPNyxAuDoFpH8234A - c:\windows\system32\d7fRL9gTXjCk.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 00:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TrayIcRun = RunDll32.exe "c:\program files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\windows\2823853647:2959716183.exe 784 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\System32\wbem\fastprox.dll
.
- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\progra~1\Guffins\bar\1.bin\u4brstub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\program files\Lexmark Z2300 Series\lxdpMsdMon.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-16 00:54:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-16 05:54
.
Pre-Run: 2,547,953,664 bytes free
Post-Run: 5,657,665,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - EE8A6A6102BE3438E0E0550CB3A8B7CA
  • 0

#9
Joeicam
Posted 16 October 2011 - 12:12 AM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
OTL Log

OTL logfile created on: 10/16/2011 1:04:53 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 328.22 Mb Available Physical Memory | 42.79% Memory free
1.83 Gb Paging File | 1.52 Gb Available in Paging File | 82.86% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 5.29 Gb Free Space | 18.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-Z3XNVOAA4 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/13 11:55:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/09/10 14:31:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 16:24:52 | 000,022,048 | ---- | M] (MindSpark) -- C:\Program Files\Guffins\bar\1.bin\u4medint.exe
PRC - [2011/08/17 16:24:51 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\Guffins\bar\1.bin\u4brmon.exe
PRC - [2011/03/09 07:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 10:15:23 | 000,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
PRC - [2008/03/27 10:15:19 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmsdmon.exe
PRC - [2008/02/27 18:06:27 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2008/02/27 18:06:12 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpserv.exe
PRC - [2002/04/03 02:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/15 03:16:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/15 03:14:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/15 03:14:18 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/15 03:13:58 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/15 03:11:10 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/15 03:09:55 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/10 14:31:16 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/22 19:13:38 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/04/28 20:07:46 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/03/27 10:15:23 | 000,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
MOD - [2008/03/27 10:15:19 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmsdmon.exe
MOD - [2008/02/27 06:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdpdrpp.dll
MOD - [2007/11/20 12:39:19 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.monitor.core.dll
MOD - [2007/11/20 12:39:19 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.monitor.common.dll
MOD - [2007/11/20 12:38:10 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/11/07 04:52:39 | 000,090,112 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmonr.dll
MOD - [2007/10/26 10:08:07 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/17 16:24:51 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
SRV - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/02/27 18:06:27 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008/02/27 18:06:12 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/09/22 13:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 09:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 11:34:04 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 11:34:04 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...LryKjQW.veuU5aA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 F0 E6 0C F9 BC CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "My Way"
FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Owner\Local Settings\Application Data\RobloxVersions\version-7a404405e6f944e5\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Guffins\bar\1.bin [2011/10/15 13:28:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 14:31:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/10 14:31:21 | 000,000,000 | ---D | M]

[2011/03/29 20:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/03/29 20:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/10/16 01:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions
[2011/03/29 19:22:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/02 22:13:14 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\[email protected]
[2011/10/15 13:28:39 | 000,000,000 | ---D | M] (Guffins) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\[email protected]
[2011/08/19 22:52:52 | 000,009,979 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\searchplugins\Guffins.xml
[2011/08/08 19:49:52 | 000,009,987 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\searchplugins\mywebsearch.xml
[2011/09/18 18:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/22 19:08:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 21:12:08 | 000,000,000 | ---D | M] (Mighty Magoo TextLinks) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2011/08/22 19:08:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/22 19:08:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\System32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\RobloxVersions\version-7a404405e6f944e5\\NPRobloxProxy.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RebateRobot = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.1.1_0\

O1 HOSTS File: ([2011/10/16 00:48:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (MindSpark)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files\Guffins\bar\1.bin\u4SrcAs.dll (COMPANYVERS_NAME)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (MindSpark)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Guffins Browser Plugin Loader] C:\Program Files\Guffins\bar\1.bin\u4brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [lxdpamon] C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - http://tbedits.guffi...B8&n=2011081717 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.game...apWebPlayer.cab (GameTap Player)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229565322252 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E923B3AB-4F0D-4CAB-BEE2-15EC3C00E717}: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/17 20:20:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 17:24:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/15 17:19:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/15 17:19:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/15 17:19:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/15 17:19:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/15 17:16:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/10/15 02:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/15 02:42:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/14 22:31:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/14 22:31:42 | 004,257,740 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/14 21:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Library Updater
[2011/10/14 21:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTLU
[2011/10/08 07:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/10/07 18:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/07 18:20:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/07 18:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/10/07 18:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/03 20:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/10/03 20:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/03 20:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/02 22:20:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/02 22:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP
[2011/10/02 22:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8
[2011/10/02 19:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/02 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/02 19:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Open Cloud AV
[2011/10/02 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj
[2011/10/02 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD
[2011/10/02 19:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HP0ycS1ib3n4Q6
[2009/04/26 13:09:15 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009/04/26 13:09:15 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009/04/26 13:09:15 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009/04/26 13:09:15 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009/04/26 13:09:15 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009/04/26 13:09:15 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009/04/26 13:09:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009/04/26 13:09:14 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009/04/26 13:09:14 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009/04/26 13:09:14 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpih.exe
[2009/04/26 13:09:13 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2009/04/26 13:09:13 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcoms.exe
[2009/04/26 13:09:13 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009/04/26 13:09:13 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcfg.exe
[2008/12/18 17:38:48 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 01:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/16 00:49:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{15ADE941-D1B0-45A0-A189-325EF3069597}.job
[2011/10/16 00:48:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/16 00:48:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/16 00:48:47 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 00:23:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/15 17:46:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/15 17:24:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/15 17:16:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/15 13:57:44 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iTunes.lnk
[2011/10/15 03:27:41 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/15 03:08:37 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/15 03:08:37 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/15 03:02:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/14 21:24:32 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to CD Drive.lnk
[2011/10/13 11:55:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/13 11:53:10 | 004,257,740 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/11 05:41:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/10/10 19:09:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2823853647
[2011/10/08 17:56:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/10/08 14:23:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{B8D9F8CB-273F-4989-B3B2-AF481AE787E9}
[2011/10/07 18:27:51 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/02 22:14:09 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk
[2011/09/27 21:06:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/27 21:06:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/26 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/15 17:24:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/15 17:24:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/15 17:19:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/15 17:19:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/15 17:19:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/15 17:19:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/15 17:19:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/14 21:24:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to CD Drive.lnk
[2011/10/08 14:23:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{B8D9F8CB-273F-4989-B3B2-AF481AE787E9}
[2011/10/02 19:44:17 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk
[2011/10/02 19:40:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2823853647
[2011/04/25 18:07:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 18:07:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/27 20:59:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/15 19:56:26 | 000,029,024 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/04 11:19:03 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2009/09/04 11:13:05 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/17 10:49:07 | 000,517,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\phn.dat
[2009/04/26 13:14:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009/04/26 13:14:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2009/04/26 13:09:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009/04/26 13:09:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009/04/26 13:09:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2009/04/02 14:50:38 | 000,000,361 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/02/01 23:43:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/10 22:45:06 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 17:39:28 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/12/18 17:38:49 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2008/12/18 17:38:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/12/18 17:38:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2008/12/18 17:38:48 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2008/12/18 16:44:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/12/17 20:25:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/17 20:17:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/17 14:09:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/17 14:07:58 | 000,178,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/07/16 11:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 11:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 11:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 11:35:06 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 11:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 11:35:03 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 11:33:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 11:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 11:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 11:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 11:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/01/29 17:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/03/29 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/07/29 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/21 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/10/02 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD
[2011/01/15 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FCTB000060231
[2011/05/20 19:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2010/01/02 11:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2011/10/02 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj
[2011/08/08 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/08/22 19:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/10/02 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8
[2011/10/02 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP
[2011/03/29 20:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2011/01/19 21:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TP
[2010/07/30 18:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/10/16 01:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/10/16 00:49:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{15ADE941-D1B0-45A0-A189-325EF3069597}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\WINDOWS\2823853647:2959716183.exe

< End of report >
  • 0

#10
maliprog
Posted 16 October 2011 - 06:19 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Joeicam,

Combofix did great job. Let's remove leftovers. Test your system after these steps and let me know results.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...LryKjQW.veuU5aA
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    FF - prefs.js..extensions.enabledItems: [email protected]:1.1
    FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="
    [2011/10/02 22:13:14 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\[email protected]
    [2011/10/02 22:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP
    [2011/10/02 22:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8
    [2011/10/02 19:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Open Cloud AV
    [2011/10/02 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj
    [2011/10/02 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD
    [2011/10/02 19:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HP0ycS1ib3n4Q6
    [2011/10/10 19:09:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2823853647
    [2011/10/08 14:23:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{B8D9F8CB-273F-4989-B3B2-AF481AE787E9}
    [2011/10/02 19:44:17 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk
    [2011/10/02 19:40:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2823853647
    [2010/07/29 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/03/21 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
    [2011/10/02 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD
    [2011/01/15 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FCTB000060231
    [2011/10/02 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj
    [2011/08/08 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
    [2011/10/02 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8
    [2011/10/02 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP

    :Files
    C:\WINDOWS\2823853647
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Update Malwarebytes and do Quick Scan. Post log after the scan.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

Advertisements

#11
Joeicam
Posted 16 October 2011 - 09:32 PM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: [email protected]:1.1 removed from extensions.enabledItems
Prefs.js: "http://search.mywebs...kwd&searchfor=" removed from keyword.URL
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f2lpsdz0.default\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP folder moved successfully.
C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8 folder moved successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Open Cloud AV folder moved successfully.
C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj folder moved successfully.
C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD folder moved successfully.
C:\Documents and Settings\Owner\Application Data\HP0ycS1ib3n4Q6 folder moved successfully.
C:\WINDOWS\2823853647 moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{B8D9F8CB-273F-4989-B3B2-AF481AE787E9} moved successfully.
C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk moved successfully.
File C:\WINDOWS\2823853647 not found.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F} folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\CllONNtxP0uc2iD\ not found.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\skins\radio\gray03 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\skins\radio folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\skins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\images\weather\png folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\images\weather folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\images\ticker folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\images\msgbox folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231\Toolbar folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FCTB000060231 folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\O66ddWK8fRL9TXj\ not found.
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_FCD4E43240DE4767885546C8F8AE201A folder moved successfully.
C:\Documents and Settings\Owner\Application Data\OpenCandy folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\OucS2ibD3n5Q6W8\ not found.
Folder C:\Documents and Settings\Owner\Application Data\rhYCwkUVrOtP\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\2823853647 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Megan!!!
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 41163 bytes
->Flash cache emptied: 13760 bytes

User: Owner
->Temp folder emptied: 2051 bytes
->Temporary Internet Files folder emptied: 820544 bytes
->Java cache emptied: 909395 bytes
->FireFox cache emptied: 50669892 bytes
->Google Chrome cache emptied: 198870378 bytes
->Apple Safari cache emptied: 1074176 bytes
->Flash cache emptied: 2985363 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 46937 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 247.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Megan!!!

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10162011_222715

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
Joeicam
Posted 16 October 2011 - 09:41 PM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7962

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/16/2011 10:41:17 PM
mbam-log-2011-10-16 (22-41-17).txt

Scan type: Quick scan
Objects scanned: 177133
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 37
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\Guffins\bar\1.bin\NPu4Stub.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4Plugin.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4bar.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4script.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4feedmg.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a916eefe-6a17-4d7d-a131-2738b260bb55} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A916EEFE-6A17-4D7D-A131-2738B260BB55} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A916EEFE-6A17-4D7D-A131-2738B260BB55} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A916EEFE-6A17-4D7D-A131-2738B260BB55} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1D69E858-32D5-4888-A395-579C8124112B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D69E858-32D5-4888-A395-579C8124112B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f28c606-9536-4078-b89f-143b5c01571c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71a84035-08ad-4964-b6e9-9ffc06390057} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.ScriptButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.ScriptButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{442d3d85-b938-4ff8-9c15-027405dea3ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{18e5fe5f-481d-4991-b833-ca21803d5e7d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6BDBEE40-391D-44E5-9D40-8035CC2BB6EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.FeedManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Guffins.FeedManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GuffinsService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3d3840c-12ea-4461-a61d-190555fecc82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3D3840C-12EA-4461-A61D-190555FECC82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6a34acb-76fa-4a14-88ea-5d54797a2028} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6A34ACB-76FA-4A14-88EA-5D54797A2028} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6A34ACB-76FA-4A14-88EA-5D54797A2028} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6A34ACB-76FA-4A14-88EA-5D54797A2028} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Guffins Browser Plugin Loader (Adware.MyWebSearch) -> Value: Guffins Browser Plugin Loader -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{C3D3840C-12EA-4461-A61D-190555FECC82} (Adware.MyWebSearch) -> Value: {C3D3840C-12EA-4461-A61D-190555FECC82} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (PUP.MightyMagoo) -> Not selected for removal.
c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (PUP.MightyMagoo) -> Not selected for removal.
c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (PUP.MightyMagoo) -> Not selected for removal.

Files Infected:
c:\Program Files\Guffins\bar\1.bin\u4brstub.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\Guffins\bar\1.bin\u4brmon.exe (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\NPu4Stub.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4Plugin.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\Guffins\bar\1.bin\u4bar.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\Guffins\bar\1.bin\u4htmlmu.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\Guffins\bar\1.bin\u4mlbtn.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4script.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\Guffins\bar\1.bin\u4medint.exe (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4feedmg.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\Guffins\bar\1.bin\u4barsvc.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\Guffins\bar\1.bin\u4SrcAs.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest (PUP.MightyMagoo) -> Not selected for removal.
c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (PUP.MightyMagoo) -> Not selected for removal.
c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\mmtextlinks.jar (PUP.MightyMagoo) -> Not selected for removal.
c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\mmagootlf.xpt (PUP.MightyMagoo) -> Not selected for removal.
  • 0

#13
Joeicam
Posted 16 October 2011 - 09:46 PM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
My machine appears to be running a lot faster and smoother than it did before :). Is the malware all clear?
  • 0

#14
maliprog
Posted 16 October 2011 - 11:09 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Joeicam

Nice to hear that. Because of the infection we must do one more scan. Please come back with log from VRT tool.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#15
Joeicam
Posted 17 October 2011 - 09:55 AM

Joeicam

    Malware Removal

  • Topic Starter
  • Malware Removal
  • 1,289 posts
Okay! I'll get right on that. Sorry that I won't reply with the information right away. I am fixing my friend's computer on the weekends as during the week I am at school. I'll post the information as soon as possible. Thank you so much for all your help so far!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP