Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AV Protection 2011 I can't get internet

Started by Dougrbi , Nov 18 2011 07:18 PM

  • This topic is locked This topic is locked

#1
Dougrbi
Posted 18 November 2011 - 07:18 PM

Dougrbi

    Member

  • Member
  • PipPip
  • 57 posts
So I was on a sport web site, got hit with this AV Security thing, I downloaded on my other computer Rkill, loaded it, downloaded Malwarebytes, and even Tdss Rootkit removing tool, TDSS says nothing found, Malwarebytes said 5 trojans found, removed them reboot, AV pops back up. Also note that Malwarebytes is 79 days out of date, but it just hangs, won't load a web page or connect to the internet at all. It says it is connected, but I can't get any connection. Please help.
Also note that Rkill killed C:\users\doug\roaming\f8333\43b61.exe

OTL Log:
OTL logfile created on: 11/18/2011 7:47:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Doug\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.30 Gb Available Physical Memory | 83.37% Memory free
8.10 Gb Paging File | 7.54 Gb Available in Paging File | 93.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 184.26 Gb Free Space | 65.02% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.59 Gb Free Space | 38.14% Space Free | Partition Type: NTFS

Computer Name: DOUGLT | User Name: Doug | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/18 19:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/07/18 02:17:56 | 000,290,816 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\authServer.exe -- (Auth Service)
SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/06/16 13:13:00 | 000,779,704 | ---- | M] (FLIR) [Auto | Stopped] -- C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe -- (T3Srv)
SRV:64bit: - [2009/03/31 07:00:18 | 000,268,288 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/31 07:00:02 | 000,089,600 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 03:16:05 | 000,046,592 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2011/07/18 02:17:56 | 000,290,816 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\authServer.exe -- (Auth Service)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/12/08 12:12:10 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 12:12:04 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 11:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 21:14:46 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2008/07/27 10:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 14:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/12/08 12:12:30 | 000,087,456 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/09/17 14:40:06 | 000,072,216 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 14:39:58 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/02/05 21:13:48 | 000,066,040 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/04 14:54:06 | 000,049,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 14:47:38 | 000,040,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/16 10:32:26 | 000,176,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/03/31 08:53:54 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/31 08:48:56 | 010,275,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/31 07:00:28 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/31 06:19:00 | 000,225,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/19 15:02:00 | 000,311,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 05:33:58 | 000,159,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/12/30 18:00:22 | 000,172,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/21 09:26:28 | 004,735,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/12/19 18:24:48 | 000,041,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2008/08/31 10:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/08/31 10:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/21 22:50:32 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2008/08/21 22:50:02 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/01/20 18:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 18:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/11/14 00:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/20 18:57:40 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motport.sys -- (motport)
DRV:64bit: - [2007/06/20 18:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2006/11/01 23:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2010/09/17 14:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/09 15:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/11/13 20:00:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 16:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 16:25:24 | 000,000,000 | ---D | M]

[2010/01/08 11:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
[2011/11/10 07:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions
[2010/06/29 13:23:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/19 16:49:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/10 16:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/08/23 15:49:55 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111108151048.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111111065352.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FS Camera Monitor] C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe (FLIR)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NMSVC] C:\Program Files (x86)\CE\nmSvc.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [564.exe] C:\Users\Doug\AppData\Roaming\Microsoft\61AF\564.exe ()
O4 - HKCU..\Run: [jXXqqjYYCe] C:\Users\Doug\AppData\Roaming\dwme.exe ()
O4 - HKCU..\Run: [LaaQQJ66dW8fR9h8234A] C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe\AV Protection 2011v121.exe (Корпорация Майкрософт)
F3:64bit: - HKCU WinNT: Load - (C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe) - C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe) -C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\nmNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - CCESpy.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84722BE2-2DF7-4342-8A0B-614951F105E7}: DhcpNameServer = 192.168.2.1 68.87.85.102
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Doug\AppData\Roaming\F8333\43B61.exe) -C:\Users\Doug\AppData\Roaming\F8333\43B61.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Doug\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Doug\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell - "" = AutoRun
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7cca3723-4ffc-11df-b443-00256443b61a}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 19:44:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
[2011/11/18 19:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/18 19:17:28 | 002,924,032 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Doug\AppData\Roaming\java.exe
[2011/11/18 17:22:04 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\yELgTZqhYVlBx0c
[2011/11/18 17:22:04 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\rivD3onF4m5W7E8
[2011/11/18 16:39:01 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\iExploreT.exe.exe
[2011/11/18 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\wG5aQJ6dW8
[2011/11/18 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\PL9hTXqjUeIrOyA
[2011/11/18 15:50:41 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\nmH5sWdEL
[2011/11/18 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\euvS2ibF3n5Q6W
[2011/11/18 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\YZqjYCwkIr
[2011/11/18 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\DxA0ucS2iDpGaHs
[2011/11/18 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IexploreM.exe
[2011/11/18 14:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/18 14:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\33C9A
[2011/11/18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/18 13:31:52 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\aCwkUVrlOtPySiD
[2011/11/18 13:31:51 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\CibDonGHs7E8Tq
[2011/11/18 13:18:52 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\33C9A
[2011/11/18 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\y2iibDp4aQHsWE9
[2011/11/18 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\QrllONtxx0uc1b
[2011/11/18 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
[2011/11/18 13:18:18 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\F8333
[2011/11/18 13:18:13 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\ynGG55aQH6dWKf
[2011/11/18 13:18:12 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\XzPPNyycA1uv2
[2011/11/18 13:18:12 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe
[2011/11/09 03:01:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/11/18 19:45:15 | 000,769,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/18 19:45:15 | 000,650,440 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/18 19:45:15 | 000,121,324 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/18 19:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
[2011/11/18 19:26:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/18 19:25:46 | 414,052,347 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/18 19:19:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 19:19:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 19:17:28 | 002,924,032 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Doug\AppData\Roaming\java.exe
[2011/11/18 17:22:06 | 000,001,882 | ---- | M] () -- C:\Users\Doug\Desktop\AV Protection 2011.lnk
[2011/11/18 17:21:34 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 16:31:51 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\iExploreT.exe.exe
[2011/11/18 14:41:37 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/18 14:05:14 | 001,008,092 | ---- | M] () -- C:\Users\Doug\Desktop\iExplore.exe.com
[2011/11/18 13:18:24 | 000,001,207 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\ldr.ini
[2011/11/18 13:18:13 | 000,289,792 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\dwme.exe
[2011/11/18 13:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 16:25:32 | 000,000,914 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/10 16:25:32 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/11/18 17:22:06 | 000,001,882 | ---- | C] () -- C:\Users\Doug\Desktop\AV Protection 2011.lnk
[2011/11/18 14:19:10 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/18 14:10:51 | 001,008,092 | ---- | C] () -- C:\Users\Doug\Desktop\iExplore.exe.com
[2011/11/18 13:18:19 | 000,001,207 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\ldr.ini
[2011/11/18 13:18:13 | 000,289,792 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\dwme.exe
[2011/11/10 16:25:32 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/19 08:50:11 | 000,241,912 | ---- | C] () -- C:\Windows\SysWow64\nmNsp.dll
[2011/07/19 08:50:11 | 000,182,520 | ---- | C] () -- C:\Windows\SysWow64\CESpy.dll
[2011/07/19 08:50:00 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\authServer.exe
[2011/07/01 16:55:51 | 000,000,732 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps64.dat
[2010/03/03 10:40:34 | 000,026,311 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\UserTile.png
[2009/12/14 09:03:27 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/01 01:42:49 | 000,000,680 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2009/11/27 17:29:17 | 000,007,680 | ---- | C] () -- C:\Users\Doug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 20:47:08 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/16 20:47:07 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/16 20:47:07 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/16 20:47:07 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/16 18:50:52 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/24 19:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/24 19:58:04 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/11/18 13:19:15 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\33C9A
[2011/11/18 13:31:56 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\aCwkUVrlOtPySiD
[2010/04/25 18:23:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Amazon
[2011/11/18 13:31:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\CibDonGHs7E8Tq
[2011/11/18 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\DxA0ucS2iDpGaHs
[2011/11/18 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\euvS2ibF3n5Q6W
[2011/11/18 13:18:42 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\F8333
[2011/04/14 11:31:31 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\FLIR Systems
[2011/11/18 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\nmH5sWdEL
[2011/11/18 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe
[2010/03/03 10:40:34 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PeerNetworking
[2011/11/18 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PL9hTXqjUeIrOyA
[2011/11/18 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\QrllONtxx0uc1b
[2011/11/18 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\rivD3onF4m5W7E8
[2011/04/14 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ThermaCAM Connect 3
[2011/11/18 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\wG5aQJ6dW8
[2011/11/18 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\XzPPNyycA1uv2
[2011/11/18 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\y2iibDp4aQHsWE9
[2011/11/18 17:22:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\yELgTZqhYVlBx0c
[2011/11/18 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ynGG55aQH6dWKf
[2011/11/18 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\YZqjYCwkIr
[2011/11/18 19:19:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: SYSTMDRIVE


< MD5 for: EXPLORER.EXE >
[2009/04/24 19:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2009/04/24 19:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2009/04/24 19:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/24 19:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/24 19:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/24 19:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2009/04/24 19:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2009/04/24 19:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/24 19:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/24 19:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 18:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 18:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 18:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 18:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/20 18:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\winlogon.exe
[2008/01/20 18:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/20 18:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:Windows\assembly\tmp\U\*.*/s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6916 bytes -> C:\Users\Doug\Desktop\Seattle Remodeling LOGO2009.png:Q30lsldxJoudresxAaaqpcawXc

< End of report >

OTL Extra Log:
OTL Extras logfile created on: 11/18/2011 7:47:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Doug\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.30 Gb Available Physical Memory | 83.37% Memory free
8.10 Gb Paging File | 7.54 Gb Available in Paging File | 93.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 184.26 Gb Free Space | 65.02% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.59 Gb Free Space | 38.14% Space Free | Partition Type: NTFS

Computer Name: DOUGLT | User Name: Doug | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{204AB0C2-3227-4699-AB84-58421184B904}" = lport=137 | protocol=17 | dir=in | app=system |
"{365B1779-114D-417E-9E90-B95794952D48}" = lport=139 | protocol=6 | dir=in | app=system |
"{4124EEE5-B1F8-4F6E-8A2B-14EC0580518B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5C1D57E6-EA56-4925-A2B9-79099072962A}" = rport=138 | protocol=17 | dir=out | app=system |
"{659C1BB8-C10E-45F1-A2AD-19E85476FCA8}" = lport=138 | protocol=17 | dir=in | app=system |
"{6AC20253-60A5-408E-9ECA-ACB2D0EE46A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{6B2912C8-1D28-42AF-8F2E-8955BACEE76A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7580C986-5395-4362-B8BD-C76D063AD872}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B38A07C-B123-458B-AAA9-F32909A7A87D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C3E127C-F991-4729-88F9-1833ABD66AD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{AAA3B5A9-9405-4016-BC4A-778C12A57864}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B8427830-A65E-4819-9FFC-D27B4C250B55}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3F24C2C-D47A-43BF-B20A-855C001C2B2B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0838C878-5514-478A-8B45-FB52D36357AB}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{1166832D-40C5-492E-A401-491950BFAA00}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1601130E-9241-48F5-BB5F-4AB54F42D2B6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{22351CB2-3F60-4F7B-BB4C-AC5EABA0B945}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{22EBE20E-E513-4123-953F-ECD82B0DB6EB}" = protocol=1 | dir=out | [email protected],-28544 |
"{3EEE1B32-84D3-46F0-A054-AFD7D1275E1E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5885DEED-8F7D-440F-8E79-7F1DBAC0555C}" = protocol=58 | dir=out | [email protected],-28546 |
"{867289C6-4C69-4E6F-A818-2E108B330174}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{9022DBA5-B75C-4C95-9561-ECACCE596B22}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9596F6BE-FDDF-475A-86ED-4893E21D2AF6}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{98E1B37D-5C39-4985-8538-7BFC1DA2D3A2}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{AEEDA231-EBBA-429E-AEC5-15B1AE5C36E9}" = protocol=1 | dir=in | [email protected],-28543 |
"{D5872BB2-F55E-49AC-9B8B-034739B6247B}" = protocol=58 | dir=in | [email protected],-28545 |
"{DBBDE84B-0E4D-4C5F-BC97-F7D95112CB2C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E213FFB2-DEBB-4E4A-AD66-E887FF1A3883}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{FC2A275D-2FFA-4B66-B242-7142DA3EB563}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{2A1FF30C-09EC-4C77-81AF-CB8F93BC439E}" = FLIR Device Drivers
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04F693CE-1C19-4DED-8418-31A9E79212D2}" = Xactimate 25
"{0596593B-6CF6-4AF8-B1C5-665D3D4DEC3B}" = FLIR QuickReport 1.2 SP1
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (XACTWARE)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A3D88A98-506E-4CFC-B294-E256C679B0EE}" = Microsoft Store Download Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BAE06076-DB3F-4936-8864-249A7B2AA662}" = Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Google Calendar Sync" = Google Calendar Sync
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSC" = McAfee Internet Security
"Office14.SingleImage" = Microsoft Office Professional 2010
"TurboMeeting" = TurboMeeting
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2011 11:41:42 AM | Computer Name = DougLT | Source = Windows Search Service | ID = 3013
Description =

Error - 9/6/2011 9:30:37 AM | Computer Name = DougLT | Source = VSS | ID = 8194
Description =

Error - 9/6/2011 9:30:48 AM | Computer Name = DougLT | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/6/2011 9:31:42 AM | Computer Name = DougLT | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2011 10:13:15 AM | Computer Name = DougLT | Source = VSS | ID = 8194
Description =

Error - 9/10/2011 10:13:32 AM | Computer Name = DougLT | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/10/2011 10:14:33 AM | Computer Name = DougLT | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2011 10:14:49 AM | Computer Name = DougLT | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 9.2.0.124, time stamp 0x4ac7307c,
faulting module Updater.api_unloaded, version 0.0.0.0, time stamp 0x4ac71d2c, exception
code 0xc0000005, fault offset 0x65aecfe9, process id 0x10a0, application start time
0x01cc6fc3f2c1b89a.

Error - 9/10/2011 10:14:55 AM | Computer Name = DougLT | Source = Windows Search Service | ID = 3013
Description =

Error - 9/10/2011 10:14:55 AM | Computer Name = DougLT | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/1/2010 7:48:30 PM | Computer Name = Doug-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/18/2011 11:21:53 PM | Computer Name = DougLT | Source = DCOM | ID = 10005
Description =

Error - 11/18/2011 11:22:19 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 11:22:19 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7026
Description =

Error - 11/18/2011 11:26:53 PM | Computer Name = DougLT | Source = DCOM | ID = 10005
Description =

Error - 11/18/2011 11:27:05 PM | Computer Name = DougLT | Source = DCOM | ID = 10005
Description =

Error - 11/18/2011 11:27:11 PM | Computer Name = DougLT | Source = DCOM | ID = 10005
Description =

Error - 11/18/2011 11:27:18 PM | Computer Name = DougLT | Source = DCOM | ID = 10005
Description =

Error - 11/18/2011 11:27:28 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7001
Description =

Error - 11/18/2011 11:27:28 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7026
Description =

Error - 11/18/2011 11:30:44 PM | Computer Name = DougLT | Source = DCOM | ID = 10005
Description =


< End of report >

Edited by Dougrbi, 18 November 2011 - 10:05 PM.

  • 0

Advertisements

#2
Essexboy
Posted 19 November 2011 - 08:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets start making some headway on this nasty. Several system files are infected

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKCU..\Run: [564.exe] C:\Users\Doug\AppData\Roaming\Microsoft\61AF\564.exe ()
    O4 - HKCU..\Run: [jXXqqjYYCe] C:\Users\Doug\AppData\Roaming\dwme.exe ()
    O4 - HKCU..\Run: [LaaQQJ66dW8fR9h8234A] C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe\AV Protection 2011v121.exe (Корпорация Майкрософт)
    F3:64bit: - HKCU WinNT: Load - (C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe) - C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe ()
    F3 - HKCU WinNT: Load - (C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe) -C:\Users\Doug\AppData\Roaming\33C9A\lvvm.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Users\Doug\AppData\Roaming\F8333\43B61.exe) -C:\Users\Doug\AppData\Roaming\F8333\43B61.exe ()
    [2011/11/18 17:22:04 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\yELgTZqhYVlBx0c
    [2011/11/18 17:22:04 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\rivD3onF4m5W7E8
    [2011/11/18 16:39:01 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\iExploreT.exe.exe
    [2011/11/18 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\wG5aQJ6dW8
    [2011/11/18 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\PL9hTXqjUeIrOyA
    [2011/11/18 15:50:41 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\nmH5sWdEL
    [2011/11/18 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\euvS2ibF3n5Q6W
    [2011/11/18 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\YZqjYCwkIr
    [2011/11/18 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\DxA0ucS2iDpGaHs
    [2011/11/18 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IexploreM.exe
    [2011/11/18 14:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\33C9A
    [2011/11/18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
    [2011/11/18 13:31:52 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\aCwkUVrlOtPySiD
    [2011/11/18 13:31:51 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\CibDonGHs7E8Tq
    [2011/11/18 13:18:52 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\33C9A
    [2011/11/18 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\y2iibDp4aQHsWE9
    [2011/11/18 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\QrllONtxx0uc1b
    [2011/11/18 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
    [2011/11/18 13:18:18 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\F8333
    [2011/11/18 13:18:13 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\ynGG55aQH6dWKf
    [2011/11/18 13:18:12 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\XzPPNyycA1uv2
    [2011/11/18 13:18:12 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe
    [2011/11/18 19:17:28 | 002,924,032 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Doug\AppData\Roaming\java.exe
    [2011/11/18 17:22:06 | 000,001,882 | ---- | M] () -- C:\Users\Doug\Desktop\AV Protection 2011.lnk
    [2011/11/18 17:21:34 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/18 16:31:51 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\iExploreT.exe.exe
    [2011/11/18 14:05:14 | 001,008,092 | ---- | M] () -- C:\Users\Doug\Desktop\iExplore.exe.com
    [2011/11/18 13:18:24 | 000,001,207 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\ldr.ini
    [2011/11/18 13:18:13 | 000,289,792 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\dwme.exe
    [2011/11/18 17:22:06 | 000,001,882 | ---- | C] () -- C:\Users\Doug\Desktop\AV Protection 2011.lnk
    [2011/11/18 14:10:51 | 001,008,092 | ---- | C] () -- C:\Users\Doug\Desktop\iExplore.exe.com
    [2011/11/18 13:18:19 | 000,001,207 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\ldr.ini
    [2011/11/18 13:18:13 | 000,289,792 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\dwme.exe
    [2011/11/18 13:19:15 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\33C9A
    [2011/11/18 13:31:56 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\aCwkUVrlOtPySiD
    [2010/04/25 18:23:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Amazon
    [2011/11/18 13:31:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\CibDonGHs7E8Tq
    [2011/11/18 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\DxA0ucS2iDpGaHs
    [2011/11/18 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\euvS2ibF3n5Q6W
    [2011/11/18 13:18:42 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\F8333
    [2011/11/18 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\nmH5sWdEL
    [2011/11/18 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe
    [2010/03/03 10:40:34 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PeerNetworking
    [2011/11/18 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PL9hTXqjUeIrOyA
    [2011/11/18 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\QrllONtxx0uc1b
    [2011/11/18 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\rivD3onF4m5W7E8
    [2011/04/14 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ThermaCAM Connect 3
    [2011/11/18 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\wG5aQJ6dW8
    [2011/11/18 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\XzPPNyycA1uv2
    [2011/11/18 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\y2iibDp4aQHsWE9
    [2011/11/18 17:22:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\yELgTZqhYVlBx0c
    [2011/11/18 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ynGG55aQH6dWKf
    [2011/11/18 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\YZqjYCwkIr
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\procs\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\h\explorer.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\winlogon.exe
    @Alternate Data Stream - 6916 bytes -> C:\Users\Doug\Desktop\Seattle Remodeling LOGO2009.png:Q30lsldxJoudresxAaaqpcawXc

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Essexboy
Posted 23 November 2011 - 03:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP