Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojans, Exploits, Backdoors, DDoSs, TrojanDownloaders, & PWSs,..


  • This topic is locked This topic is locked

#1
eagleericb

eagleericb

    Member

  • Member
  • PipPip
  • 12 posts
Hello. I ran into a plethora of Trojans, Exploits, Backdoors,DDoSs, TrojanDownloaders, and a PWS picked up by MS Security Essentials (MS SE),.. all listed as "serious" threats. My son was playing music on http://dilandau.eu/. He ignored the warnings and continued working. He could not explain exactly what he clicked other than he said when the computer told him to restart, he chose to click on "restart later". The following is the list of Detected items, Date, Action Taken by MS SE and Items (and locations). I also Posted the latest Malwarebytes Logs, OTL "Run Scan" logs and OTL "Quick Scan" log (in that order below)... This looks like a Black Hole!!! Please help?! Thank You! Eric

MS SE History Info:
Trojan:WinNT/Simda.gen!A.. 1/12/2012 9:00PM.. Allowed file:C:\WINDOWS\system32\drivers\acpi.sys

Exploit:SWF /Blacole.R.. 1/12/2012 9:00PM.. Allowed file:C:\Documents and Settings\Eric Britz\Local Settings\Temporary Internet Files\Content.IE5\GFE6JOOI\field[1].swf->(SWC)

Trojan:JS /BlacoleRef.V.. 1/12/2012 9:00PM.. Allowed file:C:\Documents and Settings\Eric Britz\Local Settings\Temporary Internet Files\Content.IE5\GFE6JOOI\lolo_hak_su[1].txt

Trojan:Win32/EyeStye.C!cfg.. 1/12/2012 9:00PM.. Allowed file:C:\Fonts\CAF4F8C0FF3BBC7

Exploit:JS/Pdfjsc.AD.. 1/12/2012 9:00PM.. Allowed file:C:\Documents and Settings\Eric Britz\Local Settings\Temporary Internet Files\Content.IE5\GFE6JOOI\a4342[1].pdf
file:C:\Documents and Settings\Eric Britz\Local Settings\Temporary Internet Files\Content.IE5\Y83AJ6TW\a60f5[1].pdf

Trojan:Win32/EyeStye.C!cfg.. 1/12/2012 9:23PM.. Removed file:C:\Fonts\CAF4F8C0FF3BBC7
Backdoor:Win32/Cycbot.B... 1/12/2012 9:23PM.. Quarantined process:pid:1712
process:pid:248
process:pid:2604

The above all happened before I knew anything. The computer was left on and when I go on, Sat Morning, and saw the computer was SSSLLLLOOOOOWWWWW, I ran MS SE and Malwarebytes Multiple times. From MS SE, I received:

DDoS:Win32/Fareit.. 1/14/2012 9:38AM.. Removed file:C:\Program Files\LP\5A4B\7E9.exe
process:pid:188
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\7E9.exe
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\7E9.exe

TrojanDownloader:Win32/Dofoil.D... 1/14/2012 9:39AM.. Removed containerfile:C:\Documents and Settings\Eric Britz\Start Menu\Programs\Startup\dxdiag.exe
file:C:\Documents and Settings\Eric Britz\Start Menu\Programs\Startup\dxdiag.exe->(UPX)
startup:c:\documents and settings\eric britz\Start Menu\Programs\Startup\dxdiag.exe

Backdoor:Win32/Cycbot.G... 1/14/2012 9:41AM.. Removed containerfile:C:\Documents and Settings\Eric Britz\Application Data\B4DD9\E7E5A.exe
file:C:\Documents and Settings\Eric Britz\Application Data\B4DD9\E7E5A.exe->(UPX)
file:C:\Documents and Settings\Eric Britz\Application Data\B4DD9\E7E5A.exe->[Obfuscator.JM]->(UPX)
file:C:\Program Files\D935D\lvvm.exe->[Obfuscator.JM]->(UPX)
process:pid:1704
winlogonshell:[email protected]\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:C:\Documents and Settings\Eric Britz\Application Data\B4DD9\E7E5A.exe

Exploit:JS/Pdfjsc.AD.. 1/14/2010 9:50AM.. Removed file:C:\Documents and Settings\Eric Britz\Local Settings\Temp\Acr1D.tmp

TrojanDownloader:Win32/Waledac.C.. 1/14/2012 9:50AM.. Removed file:C:\Documents and Settings\Eric Britz\Local Settings\Temp\wpbt0.dll

DDoS:Win32/Fareit.. " " " file:C:\Documents and Settings\Eric Britz\Local Settings\Temp\wpbt1.dll

TrojanDownloader:Win32/Dofoil.D " " " containerfile:C:\Documents and Settings\Eric Britz\Local Settings\Temp\wpbt3.dll
file:C:\Documents and Settings\Eric Britz\Local Settings\Temp\wpbt3.dll->(UPX)

Exploit:Java/CVE-2011-3544.Q... " 1:25PM " containerfile:C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\20\568d6d4-72a094bf
file:C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\20\568d6d4-72a094bf->GMail.class

Trojan:Win32/EyeStye.N... " " " file:C:\Fonts\6DFBBA77337.exe

PWS:Win32/Fareit.gen!C " " " file:C:\Program Files\LP\5A4B\26.tmp

Backdoor:Win32/Cycbot.G... " " " containerfile:C:\Program Files\LP\5A4B\27.exe
containerfile:C:\System Volume Information\_restore{C6331472-59FD-491D-9012-F4EB22ED6D69}\RP2496\A0269472.exe
file:C:\Program Files\LP\5A4B\27.exe->(UPX)
file:C:\Program Files\LP\5A4B\27.exe->[Obfuscator.JM]->(UPX)
file:C:\System Volume Information\_restore{C6331472-59FD-491D-9012-F4EB22ED6D69}\RP2496\A0269472.exe->(UPX)
file:C:\System Volume Information\_restore{C6331472-59FD-491D-9012-F4EB22ED6D69}\RP2496\A0269472.exe->[Obfuscator.JM]->(UPX)




THE FOLLOWING IS MY FIRST MALWAREBYTES LOG COMPLETED SHORTLY AFTER THE ABOVE NOTED TROJANDOWNLOADER WAS ALLOWED:
Database version: v2012.01.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18372
Eric Britz :: HOME-COMPUTER [limited]

Protection: Enabled

1/14/2012 2:24:53 PM
mbam-log-2012-01-14 (14-24-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319146
Time elapsed: 3 hour(s), 35 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Heuristics.Shuriken) -> Data: C:\Documents and Settings\Eric Britz\86bffab2-5689.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:57495 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Eric Britz\Local Settings\Temp\1c06622e-5689.tmp (Heuristics.Shuriken) -> Delete on reboot.
C:\Documents and Settings\Eric Britz\Local Settings\Temp\d53f7852-5689.tmp (Heuristics.Shuriken) -> Delete on reboot.
C:\Documents and Settings\Eric Britz\86bffab2-5689.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Documents and Settings\Eric Britz\Local Settings\Temp\143339ae-5689.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Britz\Local Settings\Temp\88cd3106-5689.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.

(end)




THE NEXT DAY, I WENT AT IT AGAIN WITH THE BOTH MS SE AND MALWAREBYTES. I BELIEVE THIS IS WHEN I TRIED TO RUN IT IN SAFE MODE. I ALSO BELIEVE THAT, AT THIS TIME, I HAD TO DESELECT "USE A PROXY SERVER FOR YOUR LAN" IN THE INTERNET SETTINGS SO THAT I COULD UPDATE MALWARBYTES (OR MS SE..NOT SURE), BUT I DID UPDATE BOTH. I ALSO RAN THE ATF CLEANER (WHICH I PICKED UP THRU THIS WEBSITE A WHILE BACK.

MS SE HISTORY DATA:

TrojanDownloader:Win32/Agent.YP 1/15/2012 2:19AM.. Allowed file:C:\Documents and Settings\Eric Britz\86bffab2-5689.exe

TrojanDownloader:Win32/Agent.YP 1/15/2012 5:35AM.. Removed file:C:\System Volume Information\_restore{C6331472-59FD-491D-9012-F4EB22ED6D69}\RP2493\A0269448.exe
file:C:\System Volume Information\_restore{C6331472-59FD-491D-9012-F4EB22ED6D69}\RP2496\A0271519.exe
file:C:\System Volume Information\_restore{C6331472-59FD-491D-9012-F4EB22ED6D69}\RP2497\A0271534.exe
file:C:\System Volume Information\_restore{C6331472-59FD-491D-9012-F4EB22ED6D69}\RP2497\A0271537.exe




MALWAREBYTES LOG #2
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18372
Eric Britz :: HOME-COMPUTER [limited]

Protection: Enabled

1/15/2012 12:52:49 PM
mbam-log-2012-01-15 (12-52-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 317430
Time elapsed: 6 hour(s), 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:57495 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



LAST SAVED MBAM LOG:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18372
Eric Britz :: HOME-COMPUTER [limited]

Protection: Enabled

1/15/2012 10:05:55 PM
mbam-log-2012-01-15 (22-05-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 317695
Time elapsed: 3 hour(s), 12 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\documents and settings\eric britz\local settings\temp:winupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)




THIS MORNING, I SAW THAT MS SE "ALLOWED" A TROJANDOWNLOADER. I WAS KIND OF BENT THAT IT ALLOWED THESE THRU SO I CHANGED THE MS SE ALERT ACTION SETTING FROM "RECOMMENDED ACTION" TO "QUARANTINE" AND RAN IT AGAIN THIS MORNING.

MS SE HISTORY DATA FROM THIS MORNING:

Trojan:Win32/Alureon.TL 1/16/2012 6:48AM Quarantined Items:
file:C:\Documents and Settings\Eric Britz\Local Settings\Temp:winupd.exe->(UPX)->[Obfuscator.QG]

Backdoor:Win32/Cycbot.G 1/16/2012 7:34AM Quarantined containerfile:C:\Program Files\D935D\lvvm.exe
containerfile:C:\Program Files\LP\5A4B\6.exe
file:C:\Program Files\D935D\lvvm.exe->(UPX)
file:C:\Program Files\D935D\lvvm.exe->[Obfuscator.JM]->(UPX)
file:C:\Program Files\LP\5A4B\6.exe->(UPX)
file:C:\Program Files\LP\5A4B\6.exe->[Obfuscator.JM]->(UPX)

Trojan:Win32/Alureon.TL 1/16/2012 7:34AM Quarantined containerfile:C:\Documents and Settings\Eric Britz\Local Settings\Temp:winupd.exe
file:C:\Documents and Settings\Eric Britz\Local Settings\Temp:winupd.exe->(UPX)->[Obfuscator.QG]






UNFORTUNATELY, NO LOG WAS SAVED FOR MBAM THIS MORNING FROM THIS MORNING'S RUN. MY SON GOT TO THE COMPUTER AGAIN AND NOT SURE WHAT HE DID. I SEARCHED A BIT ON THE FORUM HERE AT GEEKSTOGO HOWEVER EVERYTHING SEEMED PRETTY SPECIFIC. I MISTAKINGLY HIT THE "RUN SCAN" ON THE OTL PROGRAM SO HERE ARE THE LOGS THAT CAME OUT FOLLOWED BY A "QUICK SCAN" LOG.

OTL log:
OTL logfile created on: 1/16/2012 6:48:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eric Britz\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 300.56 Mb Available Physical Memory | 29.38% Memory free
1.65 Gb Paging File | 0.98 Gb Available in Paging File | 59.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 23.24 Gb Free Space | 20.79% Space Free | Partition Type: NTFS

Computer Name: HOME-COMPUTER | User Name: Eric Britz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 18:45:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Britz\My Documents\Downloads\OTL.exe
PRC - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/11/13 00:24:58 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes1\iTunesHelper.exe
PRC - [2011/10/12 15:55:37 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 03:29:42 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
MOD - [2012/01/07 03:27:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/07 03:22:24 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
MOD - [2012/01/07 03:20:55 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
MOD - [2012/01/07 03:08:31 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/10/13 02:22:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 02:22:36 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 02:22:33 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2011/10/13 02:20:41 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:20:31 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
MOD - [2011/10/13 02:19:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
MOD - [2011/10/13 02:17:30 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:17:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:16:55 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:16:27 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/13 02:14:27 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/13 02:13:34 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:13:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/26 01:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\DLEEPMON.DLL
MOD - [2009/11/26 01:07:23 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell V715w\ipcmt.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dleedrpp.dll
MOD - [2009/01/13 08:15:15 | 005,709,824 | ---- | M] () -- C:\WINDOWS\system32\DLEEoem.dll
MOD - [2003/05/15 00:22:22 | 001,421,312 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 15:55:37 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/02 16:06:45 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/07 15:19:13 | 000,598,696 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\dleecoms.exe -- (dlee_device)
SRV - [2010/01/07 15:19:08 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe -- (dleeCATSCustConnectService)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2012/01/16 18:41:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/16 10:06:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38C1E582-9F66-4515-8F17-4D4A6C5EFC0A}\MpKsl45b71a4f.sys -- (MpKsl45b71a4f)
DRV - [2012/01/12 20:34:24 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/05 09:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/03/04 14:44:12 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2011/03/04 14:44:12 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/11/27 08:23:00 | 000,071,424 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubloxusb.sys -- (ubloxusb)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/07/03 17:09:02 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/10/11 10:29:00 | 000,207,936 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsVid.sys -- (EMATCORE)
DRV - [2002/10/11 10:29:00 | 000,025,600 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsAud.sys -- (AtlsAud)
DRV - [2002/10/02 17:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 17:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 17:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 17:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 17:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57495
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes1\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@SceneCaster.com/SceneCaster: C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll (SceneCaster)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/04/02 00:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric Britz\Application Data\Mozilla\Extensions
[2009/03/29 15:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric Britz\Application Data\Mozilla\Extensions\[email protected]
[2011/04/02 00:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2011/04/02 00:10:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: SceneCaster (Enabled) = C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes1\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/12 20:36:50 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes1\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://sw.bohlereng.net/XTSAC.cab (XTSAC Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.geni.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1225150693234 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://sw.bohlereng.net/msrdp.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab36107.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab35645.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hga.webex.co...bex/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://pro.realquest...r/mapviewer.cab (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} Reg Error: Value error. (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4239292-5254-413A-BF88-D5037EAA65A0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\GIDLogonXP: DllName - (GIDLogonXP.dll) - C:\WINDOWS\System32\GIDLogonXP.dll (StrikeForce Technologies Inc)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (2)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (.)
O34 - HKLM BootExecute: (ↄ׀)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Eric Britz\Application Data\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 18:41:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/14 10:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/14 10:49:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/14 10:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/12 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\D935D
[2012/01/12 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Britz\Application Data\B4DD9
[2012/01/12 20:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012/01/12 20:34:24 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/12 20:34:23 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/01/12 20:34:23 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/01/29 19:12:53 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoin.dll
[2010/01/29 19:08:01 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEEhcp.dll
[2010/01/29 19:08:00 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeserv.dll
[2010/01/29 19:08:00 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeusb1.dll
[2010/01/29 19:08:00 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleepmui.dll
[2010/01/29 19:08:00 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dleelmpm.dll
[2010/01/29 19:08:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeinpa.dll
[2010/01/29 19:08:00 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeiesc.dll
[2010/01/29 19:07:59 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleehbn3.dll
[2010/01/29 19:07:59 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeih.exe
[2010/01/29 19:07:58 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoms.exe
[2010/01/29 19:07:58 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomm.dll
[2010/01/29 19:07:57 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomc.dll
[2010/01/29 19:07:57 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecfg.exe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 19:44:19 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004UA.job
[2012/01/16 19:40:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job
[2012/01/16 19:40:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
[2012/01/16 19:00:47 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 18:41:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/16 12:00:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 10:11:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/16 10:08:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 10:07:57 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/16 10:05:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 10:05:44 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 09:59:41 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/15 22:44:04 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004Core.job
[2012/01/14 10:49:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 10:42:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/13 18:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/12 20:36:50 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/12 20:34:24 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/01/12 20:34:24 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/12 20:34:23 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/01/07 03:09:51 | 000,500,956 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/07 03:09:51 | 000,088,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/06 23:47:06 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 23:47:05 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Desktop\Google Chrome.lnk
[2012/01/06 11:51:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2012/01/06 11:51:16 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2012/01/06 11:29:06 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2011/12/21 00:54:23 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 19:29:59 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/19 19:29:55 | 000,038,501 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft Access.ADR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 12:44:22 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/14 10:49:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/14 18:29:29 | 000,038,501 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft Access.ADR
[2011/08/25 18:02:27 | 000,498,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/15 02:23:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/22 08:08:42 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/05/22 06:12:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\ftdiun2k.ini
[2010/05/22 06:12:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftcun2k.ini
[2010/05/22 06:12:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\ftcun2k.ini
[2010/05/22 06:12:51 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/01/29 19:12:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleevs.dll
[2010/01/29 19:12:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleecuir.dll
[2010/01/29 19:12:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleegcfg.dll
[2010/01/29 19:12:42 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleecui.dll
[2010/01/29 19:10:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DLEEPMON.DLL
[2010/01/29 19:10:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLEEFXPU.DLL
[2010/01/29 19:09:55 | 005,709,824 | ---- | C] () -- C:\WINDOWS\System32\DLEEoem.dll
[2010/01/29 19:09:31 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.exe
[2010/01/29 19:09:30 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.dll
[2010/01/29 19:08:01 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\DLEEinst.dll
[2010/01/29 19:07:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleeins.dll
[2010/01/29 19:07:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleeinsb.dll
[2010/01/29 19:07:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleegrd.dll
[2010/01/29 19:07:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleeinsr.dll
[2010/01/29 19:07:59 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleecub.dll
[2010/01/29 19:07:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleejswr.dll
[2010/01/29 19:07:58 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleecu.dll
[2010/01/29 19:07:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleecur.dll
[2010/01/29 19:07:57 | 000,086,183 | ---- | C] () -- C:\WINDOWS\System32\DLEEcfg.dll
[2010/01/29 19:03:10 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEEsm.dll
[2010/01/29 19:03:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEsmr.dll
[2009/11/25 20:40:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/01 12:40:37 | 000,061,016 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/12 15:32:16 | 000,104,456 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2009/05/28 17:04:30 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\mcs.rma
[2009/05/28 17:04:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\E8B2ED
[2009/04/27 21:00:14 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2009/04/27 21:00:14 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2009/04/24 11:56:08 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/04/24 11:56:05 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/04/24 11:54:32 | 000,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2009/04/24 11:54:09 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2009/04/24 11:54:07 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/04/24 11:53:48 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000002.dat
[2009/04/24 11:53:17 | 000,277,200 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/12/30 23:09:35 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008/10/24 21:54:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/02/22 07:45:07 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/05 13:44:28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\$_hpcst$.hpc
[2007/12/31 18:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/09/09 02:42:44 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/02/07 01:05:43 | 000,000,379 | ---- | C] () -- C:\WINDOWS\Title.INI
[2007/02/07 01:01:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/01/30 19:31:46 | 000,002,373 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/12/24 10:42:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/10/16 20:19:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/16 20:18:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/06/09 00:26:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/04/14 10:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/04/08 19:34:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/01/07 12:32:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2006/01/07 12:30:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/01/07 01:12:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/07 01:12:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/07 01:12:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/07 01:12:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/07 01:12:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/07 01:12:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/28 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/12/28 01:18:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2005/09/10 08:05:37 | 000,000,871 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/09/06 18:05:26 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/28 21:12:05 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/23 10:02:31 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BHCDGJKK.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/06/11 23:34:03 | 026,166,613 | ---- | C] () -- C:\Program Files\NAV05ENG.exe
[2005/06/10 07:41:01 | 000,010,052 | ---- | C] () -- C:\WINDOWS\System32\WinStat12.dat
[2005/04/25 14:51:07 | 000,000,437 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/04/25 14:51:04 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2005/04/05 16:04:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2005/03/25 19:20:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/12 10:53:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/02/01 17:32:11 | 000,006,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/12/24 08:09:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe
[2004/12/22 17:40:46 | 000,001,460 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/12/08 19:18:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/07 23:11:04 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/12/07 21:29:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/12/07 20:44:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/06 23:47:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2004/12/06 23:45:52 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/12/06 22:23:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/06 22:19:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/06 17:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/06 17:03:35 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/03 18:18:18 | 002,974,071 | ---- | C] () -- C:\WINDOWS\System32\bgd.dll
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,500,956 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,088,376 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/10/12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >





OTL EXTRAS LOG

OTL Extras logfile created on: 1/16/2012 6:48:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eric Britz\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 300.56 Mb Available Physical Memory | 29.38% Memory free
1.65 Gb Paging File | 0.98 Gb Available in Paging File | 59.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 23.24 Gb Free Space | 20.79% Space Free | Partition Type: NTFS

Computer Name: HOME-COMPUTER | User Name: Eric Britz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56071:TCP" = 56071:TCP:*:Enabled:Pando Media Booster
"56071:UDP" = 56071:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Disabled:Blizzard Downloader
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56071:TCP" = 56071:TCP:*:Enabled:Pando Media Booster
"56071:UDP" = 56071:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1149972845\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1149972845\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
"C:\Program Files\Common Files\AOL\1149972845\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1149972845\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1149972845\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1149972845\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1149972845\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1149972845\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\MSN Games\Wheel of Fortune Deluxe\Wheel of Fortune Deluxe.exe" = C:\Program Files\MSN Games\Wheel of Fortune Deluxe\Wheel of Fortune Deluxe.exe:*:Disabled:Wheel of Fortune Deluxe
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Disabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.5.0_12\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_12\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dleecoms.exe" = C:\WINDOWS\system32\dleecoms.exe:*:Enabled:V715w Server -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader
"C:\Program Files\HandsFree\Client\cust.exe" = C:\Program Files\HandsFree\Client\cust.exe:*:Enabled:Client Executable
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes1\iTunes.exe" = C:\Program Files\iTunes1\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Superstar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 22
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{44E75850-B838-43D2-8F37-84D3FB71FF6E}" = VGA Dual-Mode Camera
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C41DF54-F78D-404E-9E71-29EF5A00F1E9}" = MotionDV STUDIO 6.0E LE for DV
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = Quick Movie Magic 1.0E
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch
"{B4096A70-AB6D-4dc9-8382-DB2213F861AE}" = Now Playing: A Windows Media Player Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE20E413-E690-49C3-8D0E-C4DECE30DF62}" = ArcSoft VideoImpression 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7062BD-BE6F-4153-9654-3D72D0C1CC17}" = Zoo Tycoon 2 - African Adventure
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"Backyard Football 2002" = Backyard Football 2002
"Bejeweled 2 Deluxe®" = Bejeweled 2 Deluxe®
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Corpscon" = Corpscon 6.0.1
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell V715w" = Dell V715w
"Disney's Toontown Online" = Disney's Toontown Online
"DVD Photo Slideshow Professional_is1" = DVD Photo Slideshow Professional 8.00
"DVD Shrink_is1" = DVD Shrink 3.2
"Ease Audio Converter_is1" = Ease Audio Converter 4.80
"ERUNT_is1" = ERUNT 1.1j
"EZ Guitar Tabs" = EZ Guitar Tabs
"GoToAssist" = GoToAssist Corporate
"ID Vault" = Constant Guard Protection Suite
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{CE7062BD-BE6F-4153-9654-3D72D0C1CC17}" = Zoo Tycoon 2 - African Adventure
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"marketamerica Toolbar" = marketamerica Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monopoly" = Monopoly
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Musicnotes Player_is1" = Musicnotes Player V1.23.2 and Viewer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"Past-Track" = LAS Tracking Key / 3100 Programs
"PhoTagsExpress" = PhoTags Express
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"SceneCaster" = SceneCaster
"SkillJam SecurePlayer" = Secure Game Player
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"TurboTax Premier 2005" = TurboTax Premier 2005
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cognitive Tutor" = Cognitive Tutor
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >






OTL QUICK SCAN LOG:

OTL logfile created on: 1/16/2012 9:07:09 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eric Britz\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 296.42 Mb Available Physical Memory | 28.98% Memory free
1.65 Gb Paging File | 0.97 Gb Available in Paging File | 58.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 23.23 Gb Free Space | 20.79% Space Free | Partition Type: NTFS

Computer Name: HOME-COMPUTER | User Name: Eric Britz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 18:45:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Britz\My Documents\Downloads\OTL.exe
PRC - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/11/13 00:24:58 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes1\iTunesHelper.exe
PRC - [2011/10/12 15:55:37 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 03:29:42 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
MOD - [2012/01/07 03:27:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/07 03:22:24 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
MOD - [2012/01/07 03:20:55 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
MOD - [2012/01/07 03:08:31 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2011/10/13 02:22:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 02:22:36 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 02:22:33 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2011/10/13 02:20:41 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:20:31 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
MOD - [2011/10/13 02:19:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
MOD - [2011/10/13 02:17:30 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:17:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:16:55 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:16:27 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/13 02:14:27 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/13 02:13:34 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:13:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/26 03:50:24 | 000,086,183 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLEEcfg.dll
MOD - [2009/11/26 01:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\DLEEPMON.DLL
MOD - [2009/11/26 01:07:23 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell V715w\ipcmt.dll
MOD - [2009/11/09 03:06:45 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleeprpr.dll
MOD - [2009/11/04 08:14:38 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleedrui.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dleedrpp.dll
MOD - [2009/11/04 08:14:06 | 000,236,032 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleedr.dll
MOD - [2009/05/18 08:29:08 | 000,819,200 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleeptpc.dll
MOD - [2009/01/13 08:15:15 | 005,709,824 | ---- | M] () -- C:\WINDOWS\system32\DLEEoem.dll
MOD - [2004/09/21 08:48:05 | 000,352,256 | ---- | M] () -- C:\Program Files\PhoTags Express\PWSSearchHandler.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 15:55:37 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/02 16:06:45 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/07 15:19:13 | 000,598,696 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\dleecoms.exe -- (dlee_device)
SRV - [2010/01/07 15:19:08 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe -- (dleeCATSCustConnectService)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2012/01/16 20:56:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/16 10:06:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38C1E582-9F66-4515-8F17-4D4A6C5EFC0A}\MpKsl45b71a4f.sys -- (MpKsl45b71a4f)
DRV - [2012/01/12 20:34:24 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/05 09:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/03/04 14:44:12 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2011/03/04 14:44:12 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/11/27 08:23:00 | 000,071,424 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubloxusb.sys -- (ubloxusb)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/07/03 17:09:02 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/10/11 10:29:00 | 000,207,936 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsVid.sys -- (EMATCORE)
DRV - [2002/10/11 10:29:00 | 000,025,600 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsAud.sys -- (AtlsAud)
DRV - [2002/10/02 17:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 17:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 17:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 17:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 17:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57495
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes1\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@SceneCaster.com/SceneCaster: C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll (SceneCaster)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/04/02 00:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric Britz\Application Data\Mozilla\Extensions
[2009/03/29 15:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric Britz\Application Data\Mozilla\Extensions\[email protected]
[2011/04/02 00:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2011/04/02 00:10:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: SceneCaster (Enabled) = C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes1\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/12 20:36:50 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes1\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://sw.bohlereng.net/XTSAC.cab (XTSAC Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.geni.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1225150693234 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://sw.bohlereng.net/msrdp.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab36107.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab35645.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hga.webex.co...bex/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://pro.realquest...r/mapviewer.cab (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} Reg Error: Value error. (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4239292-5254-413A-BF88-D5037EAA65A0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\GIDLogonXP: DllName - (GIDLogonXP.dll) - C:\WINDOWS\System32\GIDLogonXP.dll (StrikeForce Technologies Inc)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (2)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (.)
O34 - HKLM BootExecute: (ↄ׀)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Eric Britz\Application Data\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 18:41:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/14 10:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/14 10:49:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/14 10:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/12 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\D935D
[2012/01/12 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Britz\Application Data\B4DD9
[2012/01/12 20:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012/01/12 20:34:24 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/12 20:34:23 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/01/12 20:34:23 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/01/29 19:12:53 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoin.dll
[2010/01/29 19:08:01 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEEhcp.dll
[2010/01/29 19:08:00 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeserv.dll
[2010/01/29 19:08:00 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeusb1.dll
[2010/01/29 19:08:00 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleepmui.dll
[2010/01/29 19:08:00 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dleelmpm.dll
[2010/01/29 19:08:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeinpa.dll
[2010/01/29 19:08:00 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeiesc.dll
[2010/01/29 19:07:59 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleehbn3.dll
[2010/01/29 19:07:59 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeih.exe
[2010/01/29 19:07:58 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoms.exe
[2010/01/29 19:07:58 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomm.dll
[2010/01/29 19:07:57 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomc.dll
[2010/01/29 19:07:57 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecfg.exe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 21:55:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job
[2012/01/16 21:55:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
[2012/01/16 21:44:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004UA.job
[2012/01/16 21:01:08 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 20:56:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/16 12:00:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 10:11:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/16 10:08:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 10:07:57 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/16 10:05:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 10:05:44 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 09:59:41 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/16 09:59:41 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/15 22:44:04 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004Core.job
[2012/01/14 10:49:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 10:42:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/13 18:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/12 20:36:50 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/12 20:34:24 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/01/12 20:34:24 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/12 20:34:23 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/01/07 03:09:51 | 000,500,956 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/07 03:09:51 | 000,088,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/06 23:47:06 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 23:47:05 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Desktop\Google Chrome.lnk
[2012/01/06 11:51:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2012/01/06 11:51:16 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2012/01/06 11:29:06 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2011/12/21 00:54:23 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 19:29:59 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/19 19:29:55 | 000,038,501 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft Access.ADR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 12:44:22 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/14 10:49:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/14 18:29:29 | 000,038,501 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft Access.ADR
[2011/08/25 18:02:27 | 000,498,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/15 02:23:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/22 08:08:42 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/05/22 06:12:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\ftdiun2k.ini
[2010/05/22 06:12:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftcun2k.ini
[2010/05/22 06:12:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\ftcun2k.ini
[2010/05/22 06:12:51 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/01/29 19:12:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleevs.dll
[2010/01/29 19:12:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleecuir.dll
[2010/01/29 19:12:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleegcfg.dll
[2010/01/29 19:12:42 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleecui.dll
[2010/01/29 19:10:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DLEEPMON.DLL
[2010/01/29 19:10:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLEEFXPU.DLL
[2010/01/29 19:09:55 | 005,709,824 | ---- | C] () -- C:\WINDOWS\System32\DLEEoem.dll
[2010/01/29 19:09:31 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.exe
[2010/01/29 19:09:30 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.dll
[2010/01/29 19:08:01 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\DLEEinst.dll
[2010/01/29 19:07:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleeins.dll
[2010/01/29 19:07:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleeinsb.dll
[2010/01/29 19:07:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleegrd.dll
[2010/01/29 19:07:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleeinsr.dll
[2010/01/29 19:07:59 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleecub.dll
[2010/01/29 19:07:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleejswr.dll
[2010/01/29 19:07:58 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleecu.dll
[2010/01/29 19:07:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleecur.dll
[2010/01/29 19:07:57 | 000,086,183 | ---- | C] () -- C:\WINDOWS\System32\DLEEcfg.dll
[2010/01/29 19:03:10 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEEsm.dll
[2010/01/29 19:03:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEsmr.dll
[2009/11/25 20:40:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/01 12:40:37 | 000,061,016 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/12 15:32:16 | 000,104,456 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2009/05/28 17:04:30 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\mcs.rma
[2009/05/28 17:04:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\E8B2ED
[2009/04/27 21:00:14 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2009/04/27 21:00:14 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2009/04/24 11:56:08 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/04/24 11:56:05 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/04/24 11:54:32 | 000,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2009/04/24 11:54:09 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2009/04/24 11:54:07 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/04/24 11:53:48 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000002.dat
[2009/04/24 11:53:17 | 000,277,200 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/12/30 23:09:35 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008/10/24 21:54:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/02/22 07:45:07 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/05 13:44:28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\$_hpcst$.hpc
[2007/12/31 18:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/09/09 02:42:44 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/02/07 01:05:43 | 000,000,379 | ---- | C] () -- C:\WINDOWS\Title.INI
[2007/02/07 01:01:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/01/30 19:31:46 | 000,002,373 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/12/24 10:42:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/10/16 20:19:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/16 20:18:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/06/09 00:26:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/04/14 10:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/04/08 19:34:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/01/07 12:32:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2006/01/07 12:30:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/01/07 01:12:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/07 01:12:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/07 01:12:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/07 01:12:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/07 01:12:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/07 01:12:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/28 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/12/28 01:18:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2005/09/10 08:05:37 | 000,000,871 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/09/06 18:05:26 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/28 21:12:05 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/23 10:02:31 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BHCDGJKK.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/06/11 23:34:03 | 026,166,613 | ---- | C] () -- C:\Program Files\NAV05ENG.exe
[2005/06/10 07:41:01 | 000,010,052 | ---- | C] () -- C:\WINDOWS\System32\WinStat12.dat
[2005/04/25 14:51:07 | 000,000,437 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/04/25 14:51:04 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2005/04/05 16:04:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2005/03/25 19:20:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/12 10:53:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/02/01 17:32:11 | 000,006,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/12/24 08:09:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe
[2004/12/22 17:40:46 | 000,001,460 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/12/08 19:18:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/07 23:11:04 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/12/07 21:29:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/12/07 20:44:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/06 23:47:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2004/12/06 23:45:52 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/12/06 22:23:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/06 22:19:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/06 17:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/06 17:03:35 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/03 18:18:18 | 002,974,071 | ---- | C] () -- C:\WINDOWS\System32\bgd.dll
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,500,956 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,088,376 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/10/12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/02/21 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/29 19:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/11 12:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/12/30 21:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2012/01/14 10:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/25 17:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2005/12/03 17:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/12/11 21:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/09/13 19:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2007/02/07 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2005/07/14 21:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2009/09/13 19:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2004/12/13 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/04/14 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2006/07/03 17:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2010/06/26 09:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2009/07/09 18:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/29 19:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V715w
[2009/02/21 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/08/25 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/07/14 22:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 11:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 12:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2011/12/08 19:31:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2006/10/16 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\acccore
[2006/06/10 15:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Aim
[2011/08/27 00:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Atari
[2012/01/14 09:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\B4DD9
[2005/03/15 18:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\funkitron
[2008/12/30 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\GlobalSCAPE
[2011/11/26 15:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\ID Vault
[2007/02/02 21:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\iMesh
[2006/08/26 00:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\IMVU
[2010/05/22 11:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\iolo
[2005/12/25 12:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Leadertech
[2006/06/19 20:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\PlayFirst
[2006/02/01 23:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\TDS
[2005/02/12 19:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\The Labyrinth Plus! Edition
[2011/08/27 19:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Tific
[2010/01/30 17:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\V715w
[2007/02/28 17:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Viewpoint
[2008/05/19 20:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\WeatherBug
[2010/01/25 15:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\webex
[2006/04/08 21:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Wildfire
[2012/01/16 10:11:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/16 21:55:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
[2012/01/16 21:55:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



I hope I didn't post too much but wanted to give you as much info as possible..

Regards, best of luck, and Thank You in Advance.

Eric
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello eagleericb,


One or more of the identified infections is a backdoor trojan/rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do.
  • 0

#3
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Wow! That is not good. I would like to try and clean it if I can. What is the best way to proceed?
  • 0

#4
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Wow! Not good. I would like to try and clean it out if possible. How do I do that?
  • 0

#5
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
We will begin with Combofix.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#6
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
When it restarted, an older security package, Infinity Constant Guard popped up. I thought I had deleted it. Norton was removed and MS SE was installed. Can I run both?.. as well as Malwarebytes?

I also had to reboot again as my keyboard got unplugged.. don't ask..
Upon reboot, Constant Guard did not pop up this time but reboot was ssssllllooooooooowwww!

Update 1/20 - 9am: Just to clarify, The Infinity Constant Guard is a McAfee program that had been installed from Comcast along with Norton. I had removed Norton and replaced it with MS SE. I thought I had removed Constant Guard at the same time.

I ran another round of scans last night with Malwarebytes and MS SE - nothing was found. When I rebooted this morning after the scans, I received a warnign that the firewall was down but it activated after I clicked on the notification bubble. Since is was still running slow, I then ran Dell's Iolo System Mechanic to try to speed things up. It picked up 74 registry problems that it repaired. I shut it down for now and will be back tonight to clean things up.

Anyway, here is the log....


ComboFix 12-01-19.02 - Eric Britz 01/19/2012 22:24:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.468 [GMT -5:00]
Running from: c:\documents and settings\Eric Britz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Eric Britz\GoToAssistDownloadHelper.exe
c:\program files\LP
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_SVCPROC
-------\Legacy_ZESOFT
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 03:37 . 2012-01-20 03:37 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{489B0709-4A9D-43D7-AF99-4042B1D7C196}\offreg.dll
2012-01-20 02:54 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{489B0709-4A9D-43D7-AF99-4042B1D7C196}\mpengine.dll
2012-01-15 10:43 . 2012-01-15 10:43 -------- dc----w- c:\documents and settings\Administrator\Application Data\iolo
2012-01-15 07:20 . 2012-01-15 07:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-14 15:49 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 15:49 . 2012-01-14 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 01:36 . 2012-01-16 12:34 -------- d-----w- c:\program files\D935D
2012-01-13 01:35 . 2012-01-14 14:41 -------- d-----w- c:\documents and settings\Eric Britz\Application Data\B4DD9
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 16:51 . 2011-08-28 17:14 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 16:51 . 2011-08-28 17:14 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 16:29 . 2011-08-28 17:14 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-01-06 04:19 . 2011-11-19 05:48 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-25 21:57 . 2002-09-03 17:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-09-03 17:11 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-09-03 16:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 02:56 . 2011-06-23 12:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2002-09-03 16:53 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2002-09-03 16:53 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2005-01-14 05:33 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-09-03 16:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2002-09-03 16:50 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2005-06-12 04:34 . 2005-06-12 04:34 26166613 -c--a-w- c:\program files\NAV05ENG.exe
2002-09-03 17:07 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
2008-04-14 00:12 57344 -csh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes1\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 14:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-04-02 21:06 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\02\0,\0autocheck autochk *\0.\0??\0autocheck smrgdf c:\documents and settings\Eric Britz\Application Data\iolo\
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Constant Guard.lnk]
backup=c:\windows\pss\Constant Guard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Eric Britz^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Eric Britz^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIDDesktop]
2011-07-05 14:24 395528 ----a-w- c:\program files\SFT\GuardedID\GIDD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes1\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 19:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre1.5.0_12\\bin\\javaw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dleecoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes1\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56071:TCP"= 56071:TCP:Pando Media Booster
"56071:UDP"= 56071:UDP:Pando Media Booster
.
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [8/25/2011 5:55 PM 25232]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [10/12/2011 3:53 PM 63048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [8/28/2011 12:14 PM 722616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/14/2012 10:49 AM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/14/2012 10:49 AM 20464]
S0 lchr;lchr;c:\windows\system32\drivers\ljbhxj.sys --> c:\windows\system32\drivers\ljbhxj.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 5:33 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 5:33 PM 136176]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [5/22/2010 6:12 AM 71424]
S4 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
S4 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [1/29/2010 7:12 PM 98984]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/21/2009 3:42 PM 24652]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 22:33]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 22:33]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004Core.job
- c:\documents and settings\Eric Britz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-17 15:54]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004UA.job
- c:\documents and settings\Eric Britz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-17 15:54]
.
2012-01-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-01-20 c:\windows\Tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:01]
.
2012-01-20 c:\windows\Tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.searchqu.com/406
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C}
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://pro.realquest.com/mapviewer/mapviewer.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-dimsntfy - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,b7,de,91,42,18,73,4c,8a,bd,bc,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,b7,de,91,42,18,73,4c,8a,bd,bc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\GIDLogonXP.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
.
- - - - - - - > 'explorer.exe'(2912)
c:\program files\iTunes1\iTunesMiniPlayer.dll
c:\program files\iTunes1\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes1\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Constant Guard Protection Suite\IDVault.exe
.
**************************************************************************
.
Completion time: 2012-01-19 22:38:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 03:38
.
Pre-Run: 24,517,713,920 bytes free
Post-Run: 24,620,044,288 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - 58B3E34D8101BF352C561623E7C44BAE

Edited by eagleericb, 20 January 2012 - 08:12 AM.

  • 0

#7
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Please do not run any other tools or install any updates unless I instructed you to do so, this may hinder the cleaning process.

Norton was removed and MS SE was installed. Can I run both?.. as well as Malwarebytes?

No, it's not recommended to have two AV products installed and running at the same time. You can use Malwarebytes with one AV of your choice.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.



It picked up 74 registry problems that it repaired.

We do not recommend the usage of registry cleaners / tools due to the following facts:

*Registry tools can cause irreparable damage to your Operating System
*Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Cleaning the registry won't really improve system performance, even though there a lot of orphaned keys.
IMHO, if registry cleaning was required, then Microsoft would have added this option. So you use registry at you own risk. After all, a corrupted registry is a corrupted Windows.

Registry Cleaners and System Tweaking Tools



===============================================


Before we proceed, please make sure to uninstall the following:

  • Windows iLivid Toolbar
  • Viewpoint Media Player
  • Constant Guard Protection Suite


===============================================


We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

File::
c:\windows\system32\drivers\ljbhxj.sys

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

Driver::
lchr

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  • 0

#8
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OK. Sorry about that...

I did exactly what you said. A few extra steps occurred:

- When I first tried to uninstall Constant Guard Protection Suite, the computer stalled for nearly an hr. I rebooted and tried again. It worked the 2nd time.

- The first time I dragged the "CF Script.txt" file into Combofix, a few things happened:

1. I had forgotten to turn off MS SE. I realized this just after Combofix began to run and thus disabled MS SE as it was running. Combofix still recognized that MS SE was running and asked me to shut it down. By that point MSSE was already disabled so I clicked OK.

2. Combofix noted that there is a newer version of Combofix and asked if I wanted to run the newer version (I did't write down the exact txt here but that was the essense.) I clicked OK.

3. A window popped up entitled "CFScript Name Error" which said "Were you trying to run CFScript? The name CFScript appears to be incorrectly spelt." I clicked OK and the program closed. After a few mins, I dragged "CF Script.txt" into combofix again adn received the same error. I clicked OK, renamed the txt file to "CFScript.txt" (removing the space) and tried it again. This time, the program seemed to work.

4. While combofix was running, a window came up entitled:
"SWReg.3xe - Application Error" which stated "The instruction at "0x7c910cce" referend memory at "0x00200044". The memory could not be "read". Click on OK to terminate the program." I saw that combofix was still running so I didn't touch it. However, I recall that the first time you had me run combofix, the same (or very similar message) came up and I did click OK that time. In both cases, (then and now), combofix continued to run, restarted the computer and produced a log file. Here is the latest log file:


ComboFix 12-01-21.01 - Eric Britz 01/21/2012 12:25:12.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.522 [GMT -5:00]
Running from: c:\documents and settings\Eric Britz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric Britz\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\ljbhxj.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_lchr
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 17:39 . 2012-01-21 17:39 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412E8626-0DF9-4186-81F0-66FBFB102A98}\offreg.dll
2012-01-21 16:22 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412E8626-0DF9-4186-81F0-66FBFB102A98}\mpengine.dll
2012-01-15 10:43 . 2012-01-15 10:43 -------- dc----w- c:\documents and settings\Administrator\Application Data\iolo
2012-01-15 07:20 . 2012-01-15 07:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-14 15:49 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 15:49 . 2012-01-14 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 01:36 . 2012-01-16 12:34 -------- d-----w- c:\program files\D935D
2012-01-13 01:35 . 2012-01-14 14:41 -------- d-----w- c:\documents and settings\Eric Britz\Application Data\B4DD9
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 16:51 . 2011-08-28 17:14 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 16:51 . 2011-08-28 17:14 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 16:29 . 2011-08-28 17:14 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-01-06 04:19 . 2011-11-19 05:48 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-25 21:57 . 2002-09-03 17:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-09-03 17:11 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-09-03 16:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 02:56 . 2011-06-23 12:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2002-09-03 16:53 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2002-09-03 16:53 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2005-01-14 05:33 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-09-03 16:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2002-09-03 16:50 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2005-06-12 04:34 . 2005-06-12 04:34 26166613 -c--a-w- c:\program files\NAV05ENG.exe
2002-09-03 17:07 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
2008-04-14 00:12 57344 -csh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes1\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-04-02 21:06 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\02\0,\0autocheck autochk *\0.\0??\0autocheck smrgdf c:\documents and settings\Eric Britz\Application Data\iolo\
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Constant Guard.lnk]
backup=c:\windows\pss\Constant Guard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Eric Britz^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Eric Britz^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes1\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 19:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre1.5.0_12\\bin\\javaw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dleecoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes1\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56071:TCP"= 56071:TCP:Pando Media Booster
"56071:UDP"= 56071:UDP:Pando Media Booster
.
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [8/28/2011 12:14 PM 722616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/14/2012 10:49 AM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/14/2012 10:49 AM 20464]
S1 MpKsl1f5c47d0;MpKsl1f5c47d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412E8626-0DF9-4186-81F0-66FBFB102A98}\MpKsl1f5c47d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412E8626-0DF9-4186-81F0-66FBFB102A98}\MpKsl1f5c47d0.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 5:33 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2011 5:33 PM 136176]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [5/22/2010 6:12 AM 71424]
S4 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
S4 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [1/29/2010 7:12 PM 98984]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 22:33]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 22:33]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004Core.job
- c:\documents and settings\Eric Britz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-17 15:54]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004UA.job
- c:\documents and settings\Eric Britz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-17 15:54]
.
2012-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-01-21 c:\windows\Tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:01]
.
2012-01-21 c:\windows\Tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.searchqu.com/406
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C}
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://pro.realquest.com/mapviewer/mapviewer.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-GIDDesktop - c:\program files\SFT\GuardedID\gidd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 12:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\ieframe.dll
c:\program files\iTunes1\iTunesMiniPlayer.dll
c:\program files\iTunes1\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes1\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-21 12:46:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 17:46
ComboFix2.txt 2012-01-20 03:38
.
Pre-Run: 24,998,060,032 bytes free
Post-Run: 24,960,921,600 bytes free
.
- - End Of File - - 235AE26B3B52F4A66DCA3AD699B92D9B

Thank You much for all your help!
Regards,
Eric
  • 0

#9
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi Eric,

How's the computer running nw?


1. Please run OTL and click the "Quick Scan" button, post the new report for my review.


2. ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#10
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry for the delay. I was away from the computer for a few days.. back on now. Will run the OTL tonight and step 2 tomorrow. When I booted up today, it took about 5 mins to get thru the boot and be able to open google chrome. For step 2, can I use Google Chrome or just firefox or MS Internet Expl? Is firefox better than Chrome?
  • 0

Advertisements


#11
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

For step 2, can I use Google Chrome or just firefox or MS Internet Expl? Is firefox better than Chrome?

I am not sure if it will work with Chrome, it's the browser that I haven't tried using. I can't also tell if its better that Firefox.
  • 0

#12
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I started the OTL program and went to sleep last night. I woke to a blue screen. I tried to reboot again and the computer went thru a chk disk run. The chk disk completed its run and then upon trying to boot, went back to a blue screen. The blue screen message at the bottom of the script was: "*** STOP: 0X0000007E (0XC0000005, 0X87361F54, 0XEF50F8AC, 0XEF50F5A8)". This happened 2 times and then I tried to start it in safe mode with networking. During that startup, there was a full screen of lines that paused with the bottom line being "...WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS. I waited about 10 mins and the computer finally booted but not in safe mode - just normal boot....

I found the OTL log from last night's run: Moving onto step 2..


OTL logfile created on: 1/25/2012 10:19:25 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eric Britz\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 393.72 Mb Available Physical Memory | 38.49% Memory free
1.65 Gb Paging File | 1.14 Gb Available in Paging File | 68.91% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 21.78 Gb Free Space | 19.49% Space Free | Partition Type: NTFS

Computer Name: HOME-COMPUTER | User Name: Eric Britz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 18:45:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Britz\My Documents\Downloads\OTL.exe
PRC - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/13 00:24:58 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes1\iTunesHelper.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/26 01:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\DLEEPMON.DLL
MOD - [2009/11/26 01:07:23 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell V715w\ipcmt.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dleedrpp.dll
MOD - [2009/01/13 08:15:15 | 005,709,824 | ---- | M] () -- C:\WINDOWS\system32\DLEEoem.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/02 16:06:45 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/07 15:19:13 | 000,598,696 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\dleecoms.exe -- (dlee_device)
SRV - [2010/01/07 15:19:08 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe -- (dleeCATSCustConnectService)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/04 14:44:12 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2011/03/04 14:44:12 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/11/27 08:23:00 | 000,071,424 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubloxusb.sys -- (ubloxusb)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/07/03 17:09:02 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/10/11 10:29:00 | 000,207,936 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsVid.sys -- (EMATCORE)
DRV - [2002/10/11 10:29:00 | 000,025,600 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsAud.sys -- (AtlsAud)
DRV - [2002/10/02 17:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 17:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 17:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 17:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 17:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57495
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes1\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@SceneCaster.com/SceneCaster: C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll (SceneCaster)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/04/02 00:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric Britz\Application Data\Mozilla\Extensions
[2009/03/29 15:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric Britz\Application Data\Mozilla\Extensions\[email protected]
[2011/04/02 00:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2011/04/02 00:10:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: SceneCaster (Enabled) = C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes1\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/21 12:39:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes1\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://sw.bohlereng.net/XTSAC.cab (XTSAC Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.geni.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1225150693234 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://sw.bohlereng.net/msrdp.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab36107.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab35645.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hga.webex.co...bex/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://pro.realquest...r/mapviewer.cab (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} Reg Error: Value error. (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4239292-5254-413A-BF88-D5037EAA65A0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric Britz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (2)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (.)
O34 - HKLM BootExecute: (ↄ׀)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Eric Britz\Application Data\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 22:05:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/21 14:25:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/21 12:23:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/19 22:20:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/19 22:18:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/19 22:18:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/19 22:18:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/19 22:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 22:16:00 | 004,388,507 | R--- | C] (Swearware) -- C:\Documents and Settings\Eric Britz\Desktop\ComboFix.exe
[2012/01/14 10:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/14 10:49:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/14 10:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/12 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\D935D
[2012/01/12 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Britz\Application Data\B4DD9
[2010/01/29 19:12:53 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoin.dll
[2010/01/29 19:08:01 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEEhcp.dll
[2010/01/29 19:08:00 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeserv.dll
[2010/01/29 19:08:00 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeusb1.dll
[2010/01/29 19:08:00 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleepmui.dll
[2010/01/29 19:08:00 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dleelmpm.dll
[2010/01/29 19:08:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeinpa.dll
[2010/01/29 19:08:00 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeiesc.dll
[2010/01/29 19:07:59 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleehbn3.dll
[2010/01/29 19:07:59 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeih.exe
[2010/01/29 19:07:58 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoms.exe
[2010/01/29 19:07:58 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomm.dll
[2010/01/29 19:07:57 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomc.dll
[2010/01/29 19:07:57 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecfg.exe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 23:10:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job
[2012/01/25 23:10:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
[2012/01/25 23:00:21 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 22:49:36 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004UA.job
[2012/01/25 22:49:29 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/25 22:49:28 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Desktop\Google Chrome.lnk
[2012/01/25 22:44:13 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1957994488-682003330-1004Core.job
[2012/01/25 22:05:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/25 22:02:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 22:01:51 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/25 22:00:26 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 22:00:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/25 21:59:57 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/21 16:52:53 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/21 16:52:53 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/21 16:52:53 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/21 16:52:53 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/21 16:52:53 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/01/21 12:39:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/21 12:18:05 | 004,388,507 | R--- | M] (Swearware) -- C:\Documents and Settings\Eric Britz\Desktop\ComboFix.exe
[2012/01/20 18:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/19 22:20:26 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2012/01/14 10:49:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 10:42:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/07 03:09:51 | 000,500,956 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/07 03:09:51 | 000,088,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/06 11:51:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2012/01/06 11:51:16 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2012/01/06 11:29:06 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 22:20:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/19 22:18:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/19 22:18:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/19 22:18:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/19 22:18:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/19 22:18:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/15 12:44:22 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/14 10:49:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/14 18:29:29 | 000,038,501 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\Microsoft Access.ADR
[2011/08/25 18:02:27 | 000,498,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/15 02:23:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/22 08:08:42 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/05/22 06:12:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\ftdiun2k.ini
[2010/05/22 06:12:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftcun2k.ini
[2010/05/22 06:12:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\ftcun2k.ini
[2010/05/22 06:12:51 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/01/29 19:12:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleevs.dll
[2010/01/29 19:12:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleecuir.dll
[2010/01/29 19:12:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleegcfg.dll
[2010/01/29 19:12:42 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleecui.dll
[2010/01/29 19:10:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DLEEPMON.DLL
[2010/01/29 19:10:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLEEFXPU.DLL
[2010/01/29 19:09:55 | 005,709,824 | ---- | C] () -- C:\WINDOWS\System32\DLEEoem.dll
[2010/01/29 19:09:31 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.exe
[2010/01/29 19:09:30 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.dll
[2010/01/29 19:08:01 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\DLEEinst.dll
[2010/01/29 19:07:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleeins.dll
[2010/01/29 19:07:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleeinsb.dll
[2010/01/29 19:07:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleegrd.dll
[2010/01/29 19:07:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleeinsr.dll
[2010/01/29 19:07:59 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleecub.dll
[2010/01/29 19:07:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleejswr.dll
[2010/01/29 19:07:58 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleecu.dll
[2010/01/29 19:07:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleecur.dll
[2010/01/29 19:07:57 | 000,086,183 | ---- | C] () -- C:\WINDOWS\System32\DLEEcfg.dll
[2010/01/29 19:03:10 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEEsm.dll
[2010/01/29 19:03:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEsmr.dll
[2009/11/25 20:40:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/01 12:40:37 | 000,061,016 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/28 17:04:30 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\mcs.rma
[2009/05/28 17:04:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\E8B2ED
[2009/04/27 21:00:14 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2009/04/27 21:00:14 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2009/04/24 11:56:08 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/04/24 11:56:05 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/04/24 11:54:32 | 000,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2009/04/24 11:54:09 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2009/04/24 11:54:07 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/04/24 11:53:48 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000002.dat
[2009/04/24 11:53:17 | 000,277,200 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/12/30 23:09:35 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008/10/24 21:54:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/02/22 07:45:07 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/05 13:44:28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Application Data\$_hpcst$.hpc
[2007/12/31 18:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/09/09 02:42:44 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/02/07 01:05:43 | 000,000,379 | ---- | C] () -- C:\WINDOWS\Title.INI
[2007/02/07 01:01:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/01/30 19:31:46 | 000,002,373 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/12/24 10:42:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/10/16 20:19:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/16 20:18:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/06/09 00:26:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/04/14 10:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/04/08 19:34:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/01/07 12:32:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2006/01/07 12:30:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/01/07 01:12:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/07 01:12:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/07 01:12:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/07 01:12:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/07 01:12:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/07 01:12:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/28 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/12/28 01:18:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2005/09/10 08:05:37 | 000,000,871 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/09/06 18:05:26 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/28 21:12:05 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Eric Britz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/23 10:02:31 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BHCDGJKK.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/06/11 23:34:03 | 026,166,613 | ---- | C] () -- C:\Program Files\NAV05ENG.exe
[2005/06/10 07:41:01 | 000,010,052 | ---- | C] () -- C:\WINDOWS\System32\WinStat12.dat
[2005/04/25 14:51:07 | 000,000,437 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/04/25 14:51:04 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2005/04/05 16:04:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2005/03/25 19:20:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/12 10:53:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/02/01 17:32:11 | 000,006,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/12/24 08:09:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe
[2004/12/22 17:40:46 | 000,001,460 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/12/08 19:18:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/07 23:11:04 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/12/07 21:29:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/12/07 20:44:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/06 23:47:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2004/12/06 23:45:52 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/12/06 22:23:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/06 22:19:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/06 17:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/06 17:03:35 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/03 18:18:18 | 002,974,071 | ---- | C] () -- C:\WINDOWS\System32\bgd.dll
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,500,956 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,088,376 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/10/12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/02/21 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/29 19:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/11 12:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/12/30 21:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2012/01/14 10:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/25 17:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2005/12/03 17:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/12/11 21:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/09/13 19:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2007/02/07 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2005/07/14 21:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2009/09/13 19:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2004/12/13 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/04/14 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2006/07/03 17:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2010/06/26 09:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/01/29 19:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V715w
[2009/02/21 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/08/25 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/07/14 22:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 11:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 12:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2011/12/08 19:31:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2006/10/16 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\acccore
[2006/06/10 15:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Aim
[2011/08/27 00:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Atari
[2012/01/14 09:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\B4DD9
[2005/03/15 18:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\funkitron
[2008/12/30 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\GlobalSCAPE
[2012/01/21 11:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\ID Vault
[2007/02/02 21:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\iMesh
[2006/08/26 00:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\IMVU
[2010/05/22 11:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\iolo
[2005/12/25 12:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Leadertech
[2006/06/19 20:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\PlayFirst
[2006/02/01 23:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\TDS
[2005/02/12 19:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\The Labyrinth Plus! Edition
[2011/08/27 19:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Tific
[2010/01/30 17:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\V715w
[2012/01/21 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Viewpoint
[2008/05/19 20:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\WeatherBug
[2010/01/25 15:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\webex
[2006/04/08 21:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Wildfire
[2012/01/25 22:05:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/25 23:10:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
[2012/01/25 23:10:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job

========== Purity Check ==========



< End of report >
  • 0

#13
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The following is the list of threats found, using the ESET scanner. The log is posted following the list below. Thank you much for all your help with this...

C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\61\3240fdbd-405d0fdc a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\7\10396087-4ef606bd a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\Eric Britz\My Documents\My Music\Daddy\better together (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
F:\My Documents\My Music\Daddy\better together (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\My Music\Daddy\better together (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan


Here is the log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0e8ca2e964365045aa2d0efebb48fb1d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-26 07:55:32
# local_time=2012-01-26 02:55:32 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 48678071 48678071 0 0
# compatibility_mode=5891 16776869 42 87 0 23577042 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=206251
# found=10
# cleaned=0
# scan_time=7654
C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\61\3240fdbd-405d0fdc a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\7\10396087-4ef606bd a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Eric Britz\My Documents\My Music\Daddy\better together (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
F:\My Documents\My Music\Daddy\better together (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
F:\My Music\Daddy\better together (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#14
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 57495
    FF - prefs.js..network.proxy.type: 1
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
    [2012/01/25 23:10:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B47C626E-708E-437E-88D5-BB191993E508}.job
    [2012/01/25 23:10:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{71BF5131-0D7E-4911-8FC1-A5E3DCCA2D56}.job
    [2009/02/21 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2012/01/21 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric Britz\Application Data\Viewpoint
    C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\61\3240fdbd-405d0fdc  
    C:\Documents and Settings\Eric Britz\Application Data\Sun\Java\Deployment\cache\6.0\7\10396087-4ef606bd 
    C:\Documents and Settings\Eric Britz\My Documents\My Music\Daddy\better together (unplugged version).mp3 
    F:\My Documents\My Music\Daddy\better together (unplugged version).mp3 
    F:\My Music\Daddy\better together (unplugged version).mp3
    
    :Files
    C:\Program Files\Windows iLivid Toolbar
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0

#15
eagleericb

eagleericb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Will do.

In the mean time, I ran Malwarebytes and got the following log. It picked up 2 'broken-open' registry items...


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18372
Eric Britz :: HOME-COMPUTER [administrator]

Protection: Enabled

1/26/2012 9:58:41 PM
mbam-log-2012-01-27 (08-50-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 319584
Time elapsed: 3 hour(s), 11 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP