Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirected to pages, running slow in Vista [Closed]

Started by Wazootyman13 , Nov 26 2011 09:20 PM

  • This topic is locked This topic is locked

#1
Wazootyman13
Posted 26 November 2011 - 09:20 PM

Wazootyman13

    New Member

  • Member
  • Pip
  • 4 posts
This happened on my GF's computer. She said she might have accidentally clicked a link that loaded up spyware. She's getting redirected to other pages at random. Computer seems to run a little bit slower as well. Tried using Ad-Aware and Malwarebyte's removal program to fix it, but it's still popping up.

Log
OTL logfile created on: 11/26/2011 7:12:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Raina\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.25% Memory free
8.19 Gb Paging File | 6.26 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 61.23 Gb Free Space | 41.08% Space Free | Partition Type: NTFS

Computer Name: RAINA-PC | User Name: Raina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 19:11:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raina\Desktop\OTL.exe
PRC - [2011/11/24 13:47:55 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Raina\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/09 11:29:57 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/21 01:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/11 16:59:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/01/20 18:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2007/06/10 23:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM04Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 11:29:57 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/10/21 01:10:08 | 000,087,440 | ---- | M] () -- C:\Program Files (x86)\adawaretb\adawareDx.dll
MOD - [2011/08/30 11:07:47 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/08/26 22:53:53 | 005,969,360 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/11 16:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2008/02/15 10:25:42 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/09/20 07:31:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV - [2011/11/17 18:25:13 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/12/04 09:14:03 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/04 09:14:03 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/04 09:14:03 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/04 09:14:03 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/15 11:34:20 | 006,816,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/04/10 21:34:05 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - [2009/04/10 21:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/07/20 09:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/04 19:42:18 | 000,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/02/15 10:27:02 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/01/24 16:32:12 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 18:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 18:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007/12/06 19:52:48 | 001,198,072 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2007/11/30 01:05:04 | 000,058,128 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/10/26 06:39:14 | 000,315,440 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/10 23:01:00 | 000,265,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM04Vid.sys -- (OEM04Vid)
DRV:64bit: - [2007/03/26 17:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 10:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/03/05 16:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM04Vfx.sys -- (OEM04Vfx)
DRV:64bit: - [2007/02/27 14:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV - [2011/11/25 15:47:59 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 B7 9F C7 76 A9 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the Web"
FF - prefs.js..browser.search.order.1: "Search the Web"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
FF - prefs.js..keyword.URL: "http://www.google.co...b=adawaretb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 11:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 11:29:58 | 000,000,000 | ---D | M]

[2010/08/24 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raina\AppData\Roaming\Mozilla\Extensions
[2011/11/26 17:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions
[2010/08/25 09:10:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/25 15:45:48 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/06/19 20:00:45 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions\[email protected]
[2011/08/30 11:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/30 11:05:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/30 11:05:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 10:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========


Hosts file not found
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Raina\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Raina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6045C2B9-4687-43D7-9399-188C733A8D36}: DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Raina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 19:11:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raina\Desktop\OTL.exe
[2011/11/26 18:46:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Raina\Desktop\dds.scr
[2011/11/25 19:47:04 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Roaming\Malwarebytes
[2011/11/25 19:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 19:45:40 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/25 15:47:59 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/25 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Local\adaware
[2011/11/25 15:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/11/25 15:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/25 15:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/11/25 15:45:38 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/25 15:45:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/11/25 15:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/25 15:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/11/25 15:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/11/24 13:47:50 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/14 15:54:37 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Roaming\dvdcss
[2011/11/03 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Local\Akamai
[1 C:\Users\Raina\Documents\*.tmp files -> C:\Users\Raina\Documents\*.tmp -> ]
[1 C:\Users\Raina\Desktop\*.tmp files -> C:\Users\Raina\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/26 19:12:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 19:12:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 19:11:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raina\Desktop\OTL.exe
[2011/11/26 19:11:14 | 000,084,148 | ---- | M] () -- C:\Users\Raina\Desktop\FdU4JLdM.htm.part.htm
[2011/11/26 18:46:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Raina\Desktop\dds.scr
[2011/11/26 18:35:36 | 000,233,414 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/11/26 18:35:36 | 000,233,414 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/11/26 18:35:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 18:35:27 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/11/26 18:35:27 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/11/26 17:46:43 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/26 17:46:43 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/26 17:46:43 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/26 17:40:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 17:40:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 17:39:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/26 17:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/11/26 17:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/11/26 01:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/11/26 01:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/11/26 00:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/11/26 00:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/26 00:01:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/11/26 00:01:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/11/26 00:01:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/11/26 00:01:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/11/25 21:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/11/25 21:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/11/25 20:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/11/25 20:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/11/25 19:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/11/25 19:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/11/25 15:47:59 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/25 15:47:58 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/25 15:45:40 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/25 15:09:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\e05fQ32A2.com.b
[2011/11/25 15:09:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\b6C1idxj.dat
[2011/11/25 15:09:21 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\e05fQ32A2.com_
[2011/11/25 15:09:21 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\e05fQ32A2.com
[2011/11/13 20:03:14 | 000,078,848 | ---- | M] () -- C:\Users\Raina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[1 C:\Users\Raina\Documents\*.tmp files -> C:\Users\Raina\Documents\*.tmp -> ]
[1 C:\Users\Raina\Desktop\*.tmp files -> C:\Users\Raina\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 19:11:13 | 000,084,148 | ---- | C] () -- C:\Users\Raina\Desktop\FdU4JLdM.htm.part.htm
[2011/11/26 01:24:56 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/25 16:48:07 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\e05fQ32A2.com_
[2011/11/25 16:48:07 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\e05fQ32A2.com
[2011/11/25 15:45:40 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/25 15:09:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\e05fQ32A2.com.b
[2011/11/25 15:06:20 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/11/25 15:06:20 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/11/25 15:06:20 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/11/25 15:06:20 | 000,000,112 | ---- | C] () -- C:\ProgramData\b6C1idxj.dat
[2011/11/25 15:06:19 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/11/25 15:06:19 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/11/25 15:06:18 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/11/25 15:06:18 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/11/25 15:06:17 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/11/25 15:06:17 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/11/25 15:06:17 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/11/25 15:06:16 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/11/25 15:06:16 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/11/25 15:06:16 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/11/25 15:06:15 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/11/25 15:06:15 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/11/25 15:06:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/11/25 15:06:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/11/25 15:06:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/11/25 15:06:14 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/11/25 15:06:14 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/11/25 15:06:13 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/11/25 15:06:13 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/11/25 15:06:13 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/11/25 15:06:13 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/11/25 15:06:12 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/11/25 15:06:12 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/11/25 15:06:11 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/11/25 15:06:11 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/11/25 15:06:11 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/11/25 15:06:11 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/11/25 15:06:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/11/25 15:06:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/11/25 15:06:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/11/25 15:06:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/11/25 15:06:10 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/11/25 15:06:10 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/11/25 15:06:10 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/11/25 15:06:10 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/11/25 15:06:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/11/25 15:06:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/11/25 15:06:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/11/25 15:06:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/11/25 15:06:09 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/11/25 15:06:09 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/11/25 15:06:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/11/25 15:06:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/11/25 15:06:08 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/11/25 15:06:07 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/12/04 09:16:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/09/02 10:29:58 | 000,157,407 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/09/02 10:29:58 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/08/31 10:49:23 | 000,078,848 | ---- | C] () -- C:\Users\Raina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 22:52:26 | 000,000,680 | ---- | C] () -- C:\Users\Raina\AppData\Local\d3d9caps.dat
[2010/08/24 20:11:00 | 000,233,414 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/24 20:10:48 | 000,233,414 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/24 11:47:05 | 000,000,732 | ---- | C] () -- C:\Users\Raina\AppData\Local\d3d9caps64.dat
[2009/12/02 14:43:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 14:43:19 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/02 14:42:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/02 13:54:20 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/08/30 11:38:20 | 000,000,000 | ---D | M] -- C:\Users\Raina\AppData\Roaming\OpenOffice.org
[2011/11/24 12:57:58 | 000,000,000 | ---D | M] -- C:\Users\Raina\AppData\Roaming\uTorrent
[2011/11/26 00:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/11/26 00:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/11/26 01:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/11/26 17:26:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/11/26 17:26:19 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/11/26 17:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/11/26 17:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/11/26 18:35:27 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/11/26 18:35:27 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/11/25 19:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/11/26 01:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/11/25 19:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/11/25 20:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/11/25 20:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/11/25 21:31:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/11/25 21:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/11/26 00:01:26 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/11/26 00:01:26 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/11/26 00:01:26 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/11/26 00:01:26 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/11/26 17:26:18 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/11/26 17:26:18 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/11/26 17:39:06 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
ali.B
Posted 27 November 2011 - 01:59 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\Windows\tasks\At*.job
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2


Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Things I would like to see in your reply:
  • OTL log
  • aswMBR log

  • 0

#3
Wazootyman13
Posted 01 December 2011 - 09:15 PM

Wazootyman13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry it took me so long to respond, thought I had clicked to be emailed when there was a response.

OTL log
OTL logfile created on: 12/1/2011 7:07:01 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Raina\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 66.90% Memory free
8.17 Gb Paging File | 6.91 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 62.57 Gb Free Space | 41.98% Space Free | Partition Type: NTFS

Computer Name: RAINA-PC | User Name: Raina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 19:11:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raina\Desktop\OTL.exe
PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Raina\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/09 11:29:57 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/11/03 12:06:56 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/10/21 01:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/11 16:59:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2007/06/10 23:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM04Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 11:29:57 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/08/30 11:07:47 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/11 16:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2008/02/15 10:25:42 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/09/20 07:31:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV - [2011/11/17 18:25:13 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/12/04 09:14:03 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/04 09:14:03 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/04 09:14:03 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/04 09:14:03 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/15 11:34:20 | 006,816,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/04/10 21:34:05 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - [2009/04/10 21:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/07/20 09:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/04 19:42:18 | 000,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/02/15 10:27:02 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/01/24 16:32:12 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 18:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 18:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007/12/06 19:52:48 | 001,198,072 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2007/11/30 01:05:04 | 000,058,128 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/10/26 06:39:14 | 000,315,440 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/10 23:01:00 | 000,265,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM04Vid.sys -- (OEM04Vid)
DRV:64bit: - [2007/03/26 17:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 10:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/03/05 16:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM04Vfx.sys -- (OEM04Vfx)
DRV:64bit: - [2007/02/27 14:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV - [2011/11/25 15:47:59 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 B7 9F C7 76 A9 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the Web"
FF - prefs.js..browser.search.order.1: "Search the Web"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
FF - prefs.js..keyword.URL: "http://www.google.co...b=adawaretb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 11:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 11:29:58 | 000,000,000 | ---D | M]

[2010/08/24 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raina\AppData\Roaming\Mozilla\Extensions
[2011/11/30 14:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions
[2010/08/25 09:10:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/25 15:45:48 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/06/19 20:00:45 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\extensions\[email protected]
[2011/08/30 11:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/30 11:05:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/30 11:05:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 10:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========


O1 HOSTS File: ([2011/12/01 19:01:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Raina\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Raina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6045C2B9-4687-43D7-9399-188C733A8D36}: DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Raina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 19:01:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/26 19:11:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raina\Desktop\OTL.exe
[2011/11/26 18:46:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Raina\Desktop\dds.scr
[2011/11/25 19:47:04 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Roaming\Malwarebytes
[2011/11/25 19:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 19:45:40 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/25 15:47:59 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/25 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Local\adaware
[2011/11/25 15:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/11/25 15:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/25 15:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/11/25 15:45:38 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/25 15:45:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/11/25 15:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/25 15:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/11/25 15:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/11/24 13:47:50 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/14 15:54:37 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Roaming\dvdcss
[2011/11/03 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\Raina\AppData\Local\Akamai
[1 C:\Users\Raina\Documents\*.tmp files -> C:\Users\Raina\Documents\*.tmp -> ]
[1 C:\Users\Raina\Desktop\*.tmp files -> C:\Users\Raina\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 19:10:12 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/01 19:10:12 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/01 19:10:12 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/01 19:03:57 | 000,233,414 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/01 19:03:53 | 000,233,414 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/01 19:03:51 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 19:03:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 19:03:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 19:03:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 19:02:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/01 19:01:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/01 18:21:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/01 18:21:05 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/01 18:16:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 08:40:01 | 000,001,404 | ---- | M] () -- C:\Users\Raina\Desktop\Bush 2007.csv
[2011/11/30 08:26:00 | 000,000,558 | ---- | M] () -- C:\Users\Raina\Desktop\Bush 2009.csv
[2011/11/30 08:25:47 | 000,000,503 | ---- | M] () -- C:\Users\Raina\Desktop\Bush 2008.csv
[2011/11/26 19:11:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raina\Desktop\OTL.exe
[2011/11/26 19:11:14 | 000,084,148 | ---- | M] () -- C:\Users\Raina\Desktop\FdU4JLdM.htm.part.htm
[2011/11/26 18:46:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Raina\Desktop\dds.scr
[2011/11/25 15:47:59 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/25 15:47:58 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/25 15:45:40 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/25 15:09:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\e05fQ32A2.com.b
[2011/11/25 15:09:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\b6C1idxj.dat
[2011/11/25 15:09:21 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\e05fQ32A2.com_
[2011/11/25 15:09:21 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\e05fQ32A2.com
[2011/11/13 20:03:14 | 000,078,848 | ---- | M] () -- C:\Users\Raina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[1 C:\Users\Raina\Documents\*.tmp files -> C:\Users\Raina\Documents\*.tmp -> ]
[1 C:\Users\Raina\Desktop\*.tmp files -> C:\Users\Raina\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/30 08:40:01 | 000,001,404 | ---- | C] () -- C:\Users\Raina\Desktop\Bush 2007.csv
[2011/11/30 08:25:59 | 000,000,558 | ---- | C] () -- C:\Users\Raina\Desktop\Bush 2009.csv
[2011/11/30 08:02:53 | 000,000,503 | ---- | C] () -- C:\Users\Raina\Desktop\Bush 2008.csv
[2011/11/28 15:47:24 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/28 15:47:24 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/26 19:11:13 | 000,084,148 | ---- | C] () -- C:\Users\Raina\Desktop\FdU4JLdM.htm.part.htm
[2011/11/26 01:24:56 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/25 16:48:07 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\e05fQ32A2.com_
[2011/11/25 16:48:07 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\e05fQ32A2.com
[2011/11/25 15:45:40 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/25 15:09:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\e05fQ32A2.com.b
[2011/11/25 15:06:20 | 000,000,112 | ---- | C] () -- C:\ProgramData\b6C1idxj.dat
[2010/12/04 09:16:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/09/02 10:29:58 | 000,157,407 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/09/02 10:29:58 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/08/31 10:49:23 | 000,078,848 | ---- | C] () -- C:\Users\Raina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 22:52:26 | 000,000,680 | ---- | C] () -- C:\Users\Raina\AppData\Local\d3d9caps.dat
[2010/08/24 20:11:00 | 000,233,414 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/24 20:10:48 | 000,233,414 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/24 11:47:05 | 000,000,732 | ---- | C] () -- C:\Users\Raina\AppData\Local\d3d9caps64.dat
[2009/12/02 14:43:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 14:43:19 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/02 14:42:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/02 13:54:20 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/08/30 11:38:20 | 000,000,000 | ---D | M] -- C:\Users\Raina\AppData\Roaming\OpenOffice.org
[2011/11/24 12:57:58 | 000,000,000 | ---D | M] -- C:\Users\Raina\AppData\Roaming\uTorrent
[2011/12/01 19:02:49 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ASW Log
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-01 19:11:35
-----------------------------
19:11:35.513 OS Version: Windows x64 6.0.6002 Service Pack 2
19:11:35.513 Number of processors: 2 586 0x1706
19:11:35.513 ComputerName: RAINA-PC UserName: Raina
19:11:36.868 Initialize success
19:11:51.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:11:51.747 Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3
19:11:51.756 Disk 0 MBR read successfully
19:11:51.759 Disk 0 MBR scan
19:11:51.763 Disk 0 Windows VISTA default MBR code
19:11:51.768 Service scanning
19:11:53.917 Modules scanning
19:11:53.921 Disk 0 trace - called modules:
19:11:53.967 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:11:53.971 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ecc790]
19:11:53.974 3 CLASSPNP.SYS[fffffa60011d4c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80045c5050]
19:11:53.978 Scan finished successfully
19:13:52.813 Disk 0 MBR has been saved successfully to "C:\Users\Raina\Desktop\MBR.dat"
19:13:52.814 The log file has been saved successfully to "C:\Users\Raina\Desktop\aswMBR.txt"
  • 0

#4
ali.B
Posted 02 December 2011 - 03:48 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#5
Wazootyman13
Posted 02 December 2011 - 07:47 PM

Wazootyman13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ran the tests, still got some pop ups into new tabs.

MalwareBytes Log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8293

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/2/2011 4:06:54 PM
mbam-log-2011-12-02 (16-06-54).txt

Scan type: Quick scan
Objects scanned: 167060
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Log
C:\Users\Raina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\19a31173-2640d6ac a variant of Win32/Kryptik.WEQ trojan cleaned by deleting - quarantined
C:\Users\Raina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-35883e4f a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Users\Raina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-37931e36 a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Users\Raina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-39819a3a a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Users\Raina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-3c64df4a a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Users\Raina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-57c2e2e0 a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Users\Raina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-72512daf a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Windows\System32\e05fQ32A2.com a variant of Win32/Kryptik.VRX trojan cleaned by deleting - quarantined
C:\Windows\System32\e05fQ32A2.com_ a variant of Win32/Kryptik.VRX trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.E trojan cleaned by deleting - quarantined
C:\Windows\Temp\hki30103.exe a variant of Win32/Kryptik.VRX trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan
  • 0

#6
ali.B
Posted 03 December 2011 - 01:53 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply
  • 0

#7
Wazootyman13
Posted 04 December 2011 - 02:58 AM

Wazootyman13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here's the ComboFix log

ComboFix 11-12-04.02 - Raina 12/04/2011 0:40.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1689 [GMT -8:00]
Running from: c:\users\Raina\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Raina\Documents\~WRL2530.tmp
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-03 00:08 . 2011-12-03 00:08 -------- d-----w- c:\program files (x86)\ESET
2011-12-02 23:52 . 2011-12-02 23:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-02 15:13 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12D04B10-22C6-4FEC-84EC-1223FD57EC75}\mpengine.dll
2011-12-02 03:01 . 2011-12-02 03:01 -------- d-----w- C:\_OTL
2011-11-26 09:24 . 2011-11-25 23:47 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-26 03:47 . 2011-11-26 03:47 -------- d-----w- c:\users\Raina\AppData\Roaming\Malwarebytes
2011-11-26 03:45 . 2011-11-26 03:45 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 03:45 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 23:47 . 2011-11-25 23:47 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-25 23:45 . 2011-11-25 23:45 -------- d-----w- c:\users\Raina\AppData\Local\adaware
2011-11-25 23:45 . 2011-12-04 08:50 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-25 23:45 . 2011-11-25 23:45 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-11-25 23:45 . 2011-11-25 23:45 -------- d-----w- c:\program files (x86)\adawaretb
2011-11-25 23:45 . 2011-11-25 23:45 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-25 23:45 . 2011-11-03 20:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-25 23:45 . 2011-11-25 23:45 -------- d-----w- c:\programdata\Lavasoft
2011-11-25 23:45 . 2011-11-25 23:45 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-24 21:47 . 2011-11-24 21:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-14 23:54 . 2011-11-14 23:54 -------- d-----w- c:\users\Raina\AppData\Roaming\dvdcss
2011-11-09 07:09 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:09 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 07:09 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 07:09 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 07:09 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 07:09 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:25 . 2011-10-13 21:32 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-13 21:32 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-13 21:32 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-13 21:32 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-13 21:32 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-13 21:32 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-13 21:32 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 21:32 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 21:32 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 23:01 . 2011-10-13 21:32 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 22:29 . 2011-10-13 21:32 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-13 21:32 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-13 21:32 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-13 21:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-13 21:32 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 21:32 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 13:56 . 2011-10-13 21:32 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Raina\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-06-11 36864]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\Raina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 135664]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 135664]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-25 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [x]
S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 04:26]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 04:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 16329760]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 93728]
"combofix"="c:\combofix\CF24969.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Raina\AppData\Roaming\Mozilla\Firefox\Profiles\fv157u97.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Add to Amazon Wish List Button: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,e2,ba,1d,e1,38,5b,44,b0,8f,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,e2,ba,1d,e1,38,5b,44,b0,8f,a5,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,e2,ba,1d,e1,38,5b,44,b0,8f,a5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-12-04 00:57:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-04 08:57
.
Pre-Run: 71,673,028,608 bytes free
Post-Run: 71,424,462,848 bytes free
.
- - End Of File - - 3F9A90333CA1AD1630EACE3A79143714
  • 0

#8
ali.B
Posted 04 December 2011 - 03:38 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#9
ali.B
Posted 10 December 2011 - 01:25 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP