Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Open with error/ no internet connection [Solved]


  • This topic is locked This topic is locked

#16
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Good to hear you got ComboFix to run. Yes, please go ahead and uninstall PCSafeDoctor if you didn't purchase it.


While I am waiting for you to review the log, am I able to use the computer? Can I begin using some of the protections your "How did I get infected" blog suggests, or should I wait to do anything until I get further instructions?

Yes you can use the computer, but please don't install or run any new tools until we have this fully resolved. Also I would advise against any Banking/Shopping online etc until we know it's clear :thumbsup:

Can you tell me if the internet is now working?
  • 0

Advertisements


#17
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Yes, the internet is working...unfortunately I jumped the gun and went to my banking site today. Hopefully I don't get bit in the butt for that bonehead move.

At this point everything seems great, but I know in the cyberworld looks can be deceiving.

Kevin
  • 0

#18
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Good to hear the internet is back up and running :)

If you could do a fresh OTL scan for me, as I'd like to see if any of the items previously seen are still present, as it looks like the OTL fix was struggling for some reason earlier on. Then if you could run a scan with Kaspersky's Virus Removal Tool, which should help clear up any remaining items if they are still lurking.


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log



2)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


  • Then click on Actions on the left hand side
  • Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
  • Click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




In your next reply
Please post the contents of...
OTL log
Kaspersky log

  • 0

#19
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
PC Safe Doctor uninstalled.

Here are the requested logs:

OTL:

OTL logfile created on: 1/5/2012 10:25:59 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 424.32 Mb Available Physical Memory | 41.79% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 27.35 Gb Free Space | 36.71% Space Free | Partition Type: NTFS

Computer Name: USER-7086C1A3DC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 22:54:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/12/02 11:18:16 | 001,000,288 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/12/02 11:08:32 | 012,171,616 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\Evernote.exe
PRC - [2011/12/02 11:08:32 | 000,391,008 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/11/10 09:38:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/08 04:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/27 01:02:00 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/07 10:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/05/10 08:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/03/06 12:24:42 | 000,629,248 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GTray.exe
PRC - [2007/03/06 12:21:31 | 000,116,224 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
PRC - [2007/02/21 09:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 09:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 09:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/04/06 23:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/23 07:31:44 | 017,663,488 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
MOD - [2011/11/10 09:38:50 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/06 12:49:55 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/13 19:38:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/12 21:13:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 21:12:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 21:10:56 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/12 21:10:55 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/12 21:10:52 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/12 21:10:51 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/12 21:10:42 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/12 21:10:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/12 21:10:39 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/12 21:10:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/12 21:10:31 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/12 21:10:17 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/08/31 15:40:32 | 000,160,782 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avformat-52.dll
MOD - [2011/08/31 15:40:06 | 001,305,102 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avcodec-52.dll
MOD - [2011/08/31 15:40:06 | 000,096,782 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avutil-50.dll
MOD - [2011/03/02 10:17:11 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/02 10:17:10 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/02 10:17:07 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/02 10:17:06 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/02 10:17:06 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/02 10:17:06 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/02 10:17:06 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/02 10:17:04 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/02 10:17:03 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/02 10:17:03 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/03/02 10:17:02 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/12/08 04:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2010/12/08 04:23:52 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2010/12/08 04:23:50 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2010/12/08 04:23:50 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2010/03/03 15:33:12 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/09 21:41:08 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/09 21:41:05 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/01/09 21:41:04 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/01/09 21:41:01 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/09 21:41:01 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/09 21:41:00 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/09 21:41:00 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/01/09 21:40:58 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/09 21:40:58 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/09 21:40:58 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/01/09 15:43:39 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/09 15:43:39 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/09 15:43:38 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/09 15:43:38 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/09 15:43:38 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/09 15:43:38 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/19 18:51:04 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/01/31 22:53:47 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/01/31 22:53:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/01/31 22:43:37 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/01/31 22:43:36 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/01/31 22:43:33 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/01/31 22:43:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/01/31 22:43:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/01/31 22:43:31 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/21 09:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/11/01 10:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/10/17 14:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
MOD - [2001/11/17 12:25:08 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (CLEARWIRERcAppSvc)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/12 11:18:20 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2010/11/17 14:23:54 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/08 12:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/07/08 12:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/06/18 14:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 13:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010/01/25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/10/16 19:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/05/10 08:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/10 16:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/02/21 09:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 11:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/11/14 22:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 17:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 15:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/07/20 07:29:00 | 000,024,555 | R--- | M] (USB2LAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (NET8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {F78C6C5C-17E1-45A7-ACB0-F6760731BC67}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 13:14:06 | 000,000,000 | ---D | M]

[2010/10/26 19:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/16 20:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2011/06/20 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions
[2011/02/07 09:04:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 09:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\US9ZLBB6.DEFAULT\EXTENSIONS\[email protected]
[2011/11/10 09:38:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2011/08/20 22:00:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 09:38:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/04 21:52:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-299502267-1645522239-839522115-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1645522239-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-299502267-1645522239-839522115-500\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.c...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{268B952C-7E9C-4352-BAC8-90D44A37576F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60557C6D-1598-491F-9ACE-F9E6F8CD1DA1}: DhcpNameServer = 64.213.152.18 66.180.96.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/01 10:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 19:23:59 | 000,018,560 | ---- | C] (LeapFrog) -- C:\WINDOWS\System32\drivers\FlyUsb.sys
[2012/01/05 19:23:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/05 19:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LeapFrog Connect
[2012/01/05 19:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2012/01/05 19:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2012/01/05 12:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Evernote
[2012/01/05 12:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
[2012/01/05 12:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2012/01/04 21:26:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/04 16:30:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/04 16:30:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/04 16:30:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/04 16:30:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/04 16:30:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/04 16:29:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/01/04 16:26:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 16:26:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/01/04 16:20:04 | 004,370,643 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/04 16:05:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 23:00:19 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/02 22:50:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2012/01/02 22:50:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/10 15:25:35 | 000,463,520 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2011/08/10 15:25:35 | 000,330,400 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2011/08/10 15:25:35 | 000,031,392 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2008/11/05 23:11:21 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes801Setup.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 19:40:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 19:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 19:25:57 | 000,433,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 19:25:57 | 000,068,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 19:23:48 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2012/01/05 12:07:40 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/01/05 12:04:49 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Evernote.lnk
[2012/01/04 22:29:06 | 000,029,113 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chem Syll.pdf
[2012/01/04 21:52:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/04 21:51:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/04 21:51:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 21:26:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/04 16:30:04 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/04 16:11:41 | 004,370,643 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/04 16:08:30 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/04 16:08:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/04 12:56:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/01/02 22:59:25 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/02 22:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/12/29 22:54:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/12/29 22:24:12 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011/12/29 22:17:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/26 17:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/23 00:21:08 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/23 00:21:07 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/22 10:38:31 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/12/21 15:45:32 | 000,039,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf
[2011/12/21 11:46:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_3_Port
[2011/12/18 21:48:10 | 000,003,766 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/18 21:34:36 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/16 10:40:46 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/16 09:49:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/08 12:15:02 | 000,172,867 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf
[2011/12/07 18:21:00 | 005,312,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf
[2011/12/07 14:33:00 | 000,005,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 19:23:48 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2012/01/05 12:07:40 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/01/05 12:04:49 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Evernote.lnk
[2012/01/04 22:29:06 | 000,029,113 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chem Syll.pdf
[2012/01/04 21:26:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/04 21:26:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/04 16:30:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/04 16:30:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/04 16:30:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/04 16:30:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/04 16:30:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/02 23:02:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/12/29 22:24:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/21 15:45:32 | 000,039,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf
[2011/12/08 12:15:02 | 000,172,867 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf
[2011/12/07 18:21:00 | 005,312,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf
[2011/12/07 14:33:00 | 000,005,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info
[2011/10/04 20:50:46 | 003,426,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/10 15:25:35 | 000,401,056 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll
[2011/08/10 15:25:35 | 000,128,672 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll
[2011/07/23 12:09:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/23 12:09:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/18 11:25:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/13 21:00:46 | 000,039,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/12/23 14:03:16 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1D89FA2FC5.sys
[2010/12/23 14:03:15 | 000,003,766 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/12/13 16:41:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX7800.ini
[2010/10/26 19:16:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/09 22:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxemikisoxebu.bin
[2010/09/09 22:01:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dkesimibahu.dat
[2010/05/10 17:48:24 | 000,069,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/14 22:32:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/14 20:59:18 | 000,007,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2010/01/03 20:34:21 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/03 20:34:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/03 20:34:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/03 20:34:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/03 20:34:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/03 20:34:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/03 20:34:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/03 20:34:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/03 20:34:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/03 20:34:21 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/03 20:34:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/03 20:34:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/01 15:51:14 | 002,033,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2009/03/03 09:59:14 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/02/20 14:03:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/07 21:10:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/12/05 17:19:06 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/10/28 12:35:08 | 000,000,268 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/08/07 13:11:17 | 000,001,300 | ---- | C] () -- C:\WINDOWS\BARNACLES.INI
[2008/08/06 21:28:34 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/01 13:45:25 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/01 10:45:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/08/01 10:41:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/08/01 10:41:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/08/01 10:41:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/08/01 10:05:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/01 09:59:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/01 06:33:52 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/01 06:32:37 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,433,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,068,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/02/03 19:59:44 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll
[2005/01/30 13:27:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbcinst.exe
[2005/01/30 13:27:32 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\imyodbc.exe
[2001/11/17 12:25:08 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/11/07 20:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2008/08/02 07:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eFax Messenger
[2009/01/04 13:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/14 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Individual Software
[2010/12/13 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/10/26 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyPublisher
[2009/02/20 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paltalk
[2011/01/07 21:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF Software
[2011/01/13 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless
[2010/03/14 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2010/09/16 21:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro
[2010/09/16 20:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Songbird2
[2010/12/22 12:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2010/10/26 13:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
[2009/11/16 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2008/08/02 07:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2011/01/03 17:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eNcFc09000
[2010/12/13 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/01/05 19:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/04/11 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/01/16 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2011/08/10 11:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/04/18 11:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2008/10/07 11:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/09 07:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/07 21:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PDF Software

========== Purity Check ==========



< End of report >

Kaslog:

Status: Disinfected (events: 21)
1/5/2012 11:10:44 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dr C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\6f6553cb-479673d0 High
1/5/2012 11:10:44 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dr C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\6f6553cb-479673d0/powerColor/l1.class High
1/5/2012 11:11:02 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\29\66b5649d-4af686b0 High
1/5/2012 11:11:02 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\29\66b5649d-4af686b0/durdom/huiak.class High
1/5/2012 11:11:02 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\29\66b5649d-4af686b0/durdom/Stremer.class High
1/5/2012 11:12:22 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.js C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\29c05532-1e7705d2 High
1/5/2012 11:12:22 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.js C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\29c05532-1e7705d2/mordor/saruman.class High
1/5/2012 11:12:23 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\4e6a9e72-7f04e6e0 High
1/5/2012 11:12:23 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\4e6a9e72-7f04e6e0/durdom/huiak.class High
1/5/2012 11:12:23 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.eh C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\4e6a9e72-7f04e6e0/durdom/Stremer.class High
1/5/2012 11:12:24 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.js C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\51\6690273-367cfdda High
1/5/2012 11:12:24 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.js C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\51\6690273-367cfdda/mordor/saruman.class High
1/5/2012 11:12:25 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ek C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\6de611b4-392aba00 High
1/5/2012 11:12:25 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ek C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\6de611b4-392aba00/json/Parser.class High
1/5/2012 11:12:30 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.js C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\25fedd7e-5737632d High
1/5/2012 11:12:30 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.js C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\25fedd7e-5737632d/mordor/saruman.class High
1/5/2012 11:12:38 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\1be95149-75ace78f High
1/5/2012 11:12:37 PM Disinfected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\1be95149-75ace78f/bpac/b.class High
1/5/2012 11:12:37 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\1be95149-75ace78f/bpac/KAVS.class High
1/5/2012 11:12:40 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.g C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\bfacb09-1a72079e High
1/5/2012 11:12:40 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.g C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\bfacb09-1a72079e/part2/jilo3.class High
Status: Deleted (events: 5)
1/5/2012 11:13:02 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\22\20f90b16-59310d60 High
1/5/2012 11:13:03 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\54\3e1a46f6-25d3e050 High
1/6/2012 12:22:19 AM Deleted Trojan program Trojan.Win32.FakeAv.iquj C:\System Volume Information\_restore{36CAA484-21BC-42D4-98EE-7CA7C54F438B}\RP823\A0267388.exe High
1/6/2012 12:22:19 AM Deleted Trojan program Trojan.Win32.FakeAv.iquj C:\System Volume Information\_restore{36CAA484-21BC-42D4-98EE-7CA7C54F438B}\RP823\A0267388.exe//PE-Crypt.XorPE High
1/6/2012 12:22:20 AM Deleted Trojan program Trojan.Win32.FakeAV.jmuf C:\System Volume Information\_restore{36CAA484-21BC-42D4-98EE-7CA7C54F438B}\RP833\A0271820.exe High


Thanks!

Edited by krobin75, 06 January 2012 - 07:18 AM.

  • 0

#20
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:thumbsup:

Things do seem to be looking a lot better now. Kaspersky has found some Java exploit infections, but it looks to have dealt with them all. The other ones were the Fake AV, but they are in the System Restore points, which we'll flush later. Lets remove the Java cache and then update Java to it's latest version. We'll also give MBAM a run to see if this finds any leftovers :)



1)
Clear Java Cache

Please click here, and then follow the instructions on clearing your Java's cache.



2)
Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
If the Java icon is not visible in Control Panel, please go to here and click "Free Java Download" to get the latest version.



3)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




In your next reply
Please post the contents of...
MBAM log
  • 0

#21
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Complete...

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: USER-7086C1A3DC [administrator]

1/7/2012 4:43:58 PM
mbam-log-2012-01-07 (16-43-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179144
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\nxf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#22
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
MBAM log looks good. It just removed one registry entry, which was expected, due to the Fake AV which had been present earlier.

Is the PC still running well, does everything seem back to normal? Is the MotoHelper Service error still appearing?
  • 0

#23
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Everything seems fantastic! No errors, runs faster...You are a god!!!
  • 0

#24
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:lol:

Well as things are now running fine, I'll post my cleanup steps below, which will guide you through removing some of the tools we have used and provide you with a few tips on staying safe. If you have any other queries just let me know, otherwise you should be good to go :)



Thank you for following the procedures, your system now appears free from Malware. It's now time to remove the programs we have used throughout this cleanup and make sure important programs are updated to their latest versions. This all helps in the fight against being reinfected.

Please make sure you follow the steps below, as they are highly recommended.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR from the Desktop (if present)

2)
Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so



========== Anti Malware Protection ==========

Having a good Anti Virus program and an on-access Anti Malware program, is great in the battle against malware and various other forms of infections. You should aways make sure your Anti Virus is Enabled and has the latest defintions downloaded (Anti Virus software will nearly always update it's definitions automatically)

Here are some recommendations:

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. This is where a lot of people fall down, as there are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very worthwhile habit to get into.

Windows Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
Here's how to check to see if you are missing any updates. Just click your version of Windows below, to see how to check...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
    (If you don't see the Java icon - In XP, click Switch to Category View. In Vista, click Classic View. In Windows 7, click View By: in the top right and change it to Large Icons)
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Key Tips ==========

- Never be tempted to download software you didn't ask for
If for example you see a "Free Registry Booster" or "Get rid of all your malware problems or blue screens by using this software", don't be tempted to click on them. The software is often useless, could actually be harmful to your PC and they are generally just out to get your money. If you didn't ask for the software, don't download it ;)

- Run regular scans
Set yourself a date, approximately every 2, 3 or 4 weeks, whereby you run a Full Scan with your Anti Virus and a scan with any Anti Malware/Spyware program you may have installed, like Malwarebytes' Anti Malware.


Have fun and stay safe online ;)
BlackOxide

  • 0

#25
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP