Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ISP warning me of possible BOT [Closed]


  • This topic is locked This topic is locked

#1
jethro517

jethro517

    New Member

  • Member
  • Pip
  • 1 posts
Hello, and thanks for being here!

My ISP has sent me multiple warnings of a possible BOT on my computer. I also received an online "DNS switching" alert while visiting a frequented and trusted site.
hijack this gave me a message saying that it could not access host files, therefore, a hijacked DNS would not be fixable. Hijackthis then asked me to run as administrator as a workaround, however, this option is not visible regardless of where I attempt to launch the program. This brought me here...my OTL log follows. Thanks for any assistance when you have a chance! Cheers.

OTL logfile created on: 1/27/2012 3:47:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Media
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 38.58% Memory free
3.99 Gb Paging File | 1.93 Gb Available in Paging File | 48.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.61 Gb Total Space | 70.65 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 1.35 Gb Free Space | 13.27% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: Main | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 15:46:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Media\OTL.exe
PRC - [2012/01/27 15:33:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Media\HijackThis.exe
PRC - [2012/01/09 12:20:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/12/17 12:15:12 | 004,689,992 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2011/08/17 14:39:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/05 09:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files\SFT\GuardedID\GIDD.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/20 07:57:27 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\f5efcf0f-4259-4393-8747-e56eea616980.com
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/05 09:39:54 | 000,336,896 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/01/05 09:39:52 | 000,052,224 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008/11/28 10:27:11 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 14:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/03 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/02 15:24:32 | 000,184,320 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/27 07:58:48 | 000,052,736 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/20 22:00:30 | 000,063,488 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/20 22:00:28 | 000,052,224 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/20 22:00:26 | 000,117,760 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/11 09:03:08 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\10119412ef1e74d19dd37d159f3e9def\System.WorkflowServices.ni.dll
MOD - [2012/01/11 09:02:50 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e67932bb74fcd05c8a8705c9a706b2e5\System.ServiceModel.Web.ni.dll
MOD - [2012/01/11 09:01:27 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
MOD - [2012/01/11 09:01:24 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
MOD - [2012/01/11 09:00:06 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll
MOD - [2012/01/11 09:00:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/09 12:20:35 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/17 12:15:16 | 000,091,720 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2011/10/13 05:55:29 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
MOD - [2011/10/13 05:55:27 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
MOD - [2011/10/13 05:54:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/13 05:54:32 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\22e853d2fe1435baa459685dee7ce7b7\WindowsFormsIntegration.ni.dll
MOD - [2011/10/13 05:54:23 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011/10/13 05:54:22 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/13 05:54:04 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011/10/13 05:53:29 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll
MOD - [2011/10/13 05:53:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 05:51:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 05:51:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 05:51:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 05:51:11 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011/10/13 05:51:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 05:50:59 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 05:50:44 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 05:50:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 05:50:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 05:49:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/09/13 09:40:16 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/06/12 14:32:16 | 000,104,456 | ---- | M] () -- C:\WINDOWS\System32\EasyHook32.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/11/26 14:47:34 | 000,038,216 | ---- | M] () -- C:\Program Files\Webroot\Washer\Languages\English.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/08/17 14:39:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 15:09:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/05 09:39:52 | 000,052,224 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2008/11/28 10:27:11 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/07/06 16:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2006/12/14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006/11/02 15:24:32 | 000,184,320 | ---- | M] (VoyagerSoft, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool)


========== Driver Services (SafeList) ==========

DRV - [2011/12/15 18:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120126.003\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 08:09:43 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 08:09:42 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/05 07:00:09 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/05 07:00:09 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/04 05:34:32 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120127.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 05:34:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120127.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/05 09:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/07/03 15:05:51 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
DRV - [2009/06/19 16:02:54 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/03/15 05:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/01/05 09:39:52 | 000,103,936 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/24 20:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/05/22 20:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/25 14:02:04 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/21 03:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/07/12 05:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2001/04/13 19:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01)
DRV - [2000/03/17 09:07:42 | 000,011,136 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Softlok.sys -- (SOFTLOK)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://producer.col...ome/default.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...rchSource=3&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.washingto...ports/redskins"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.4
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.9rc4
FF - prefs.js..extensions.enabledItems: [email protected]:0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/27 07:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/27 07:55:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 12:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 16:24:55 | 000,000,000 | ---D | M]

[2008/10/02 11:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Extensions
[2012/01/27 10:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions
[2011/08/25 08:51:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/03 16:20:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/24 08:21:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/14 07:16:05 | 000,000,000 | ---D | M] (Plain Text to Link) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21}
[2009/10/31 07:30:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/15 14:12:24 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2011/12/12 18:07:16 | 000,000,000 | ---D | M] (PhZilla) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2010/06/13 10:21:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2011/10/22 07:57:37 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="Matthew David Kesack" em:description="Upload images from the web directly to your Photobucket account." em:homepageURL="http://www.photobucket.com/" em:iconURL="chrome://photobucket/content/images/pb-logo.png" em:id="[email protected]" em:name="Photobucket Uploader" em:version="1.3.3">) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2010/07/15 14:26:29 | 000,000,000 | ---D | M] (Selection Links) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2009/08/01 07:43:29 | 000,002,164 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\bing.xml
[2008/11/24 14:50:50 | 000,000,838 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\conduit.xml
[2009/06/19 16:06:12 | 000,002,399 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\daemon-search.xml
[2009/05/11 14:49:02 | 000,000,961 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\shareminercom.xml
[2012/01/09 12:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/15 12:56:38 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2012/01/27 07:55:50 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_4_3
() (No name found) -- C:\USERS\MAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PT9FY38.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\MAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PT9FY38.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
() (No name found) -- C:\USERS\MAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PT9FY38.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/09 12:20:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/08/09 05:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2009/03/04 09:10:01 | 000,002,151 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{9709A281-0F0B-0EA7-178C-03DEC4FC736B}] C:\Users\Main\AppData\Roaming\firefox.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [Java™ Platform SE 6 U7] C:\Users\Main\AppData\Roaming\firefox.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\f5efcf0f-4259-4393-8747-e56eea616980.com (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: coloniallife.com ([clamail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coloniallife.com ([producer] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coloniallife.com ([services2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coloniallife.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: litorders.com ([colonial] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA76CB46-2C32-4956-B29B-876E2B444942}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7d12c0e3-2dcd-11de-8e19-001e903de10c}\Shell - "" = AutoRun
O33 - MountPoints2\{7d12c0e3-2dcd-11de-8e19-001e903de10c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{ff400a83-5485-11de-8c55-001e903de10c}\Shell - "" = AutoRun
O33 - MountPoints2\{ff400a83-5485-11de-8c55-001e903de10c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 15:36:37 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/27 15:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/11 08:34:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 08:34:37 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 08:34:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 08:34:31 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 08:34:31 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/06/13 10:12:18 | 008,042,120 | ---- | C] (White Sky, Inc.) -- C:\Program Files\constantguard.exe
[2009/02/22 09:56:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Main\AppData\Roaming\pcouffin.sys
[2007/07/13 13:36:22 | 000,220,184 | ---- | C] ( ) -- C:\Users\Main\AppData\Local\Interop.Microsoft.Office.Core.dll
[2005/12/13 16:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Main\AppData\Local\stdole.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 15:36:37 | 000,001,946 | ---- | M] () -- C:\Users\Main\Desktop\HiJackThis.lnk
[2012/01/27 13:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 13:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 10:27:07 | 000,167,936 | ---- | M] () -- C:\Users\Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/27 07:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 07:55:20 | 2011,615,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 16:57:28 | 000,062,787 | ---- | M] () -- C:\Users\Main\Desktop\lincoln-stretch-limo.jpg
[2012/01/26 08:12:55 | 000,009,768 | ---- | M] () -- C:\Users\Main\Desktop\JWA Logan Dec.pdf
[2012/01/26 08:12:25 | 000,009,584 | ---- | M] () -- C:\Users\Main\Desktop\JWA Jenkins Dec.pdf
[2012/01/26 08:11:54 | 000,009,620 | ---- | M] () -- C:\Users\Main\Desktop\JWA Rogers Dec.pdf
[2012/01/23 13:14:08 | 000,305,017 | ---- | M] () -- C:\Users\Main\Desktop\JWA Donald Rogers.pdf
[2012/01/23 13:13:20 | 000,303,186 | ---- | M] () -- C:\Users\Main\Desktop\JWA Anthony Jenkins.pdf
[2012/01/22 14:37:53 | 000,001,176 | ---- | M] () -- C:\Users\Main\AppData\Roaming\vso_ts_preview.xml
[2012/01/11 08:12:06 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/11 08:12:06 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/06 16:02:44 | 008,345,469 | ---- | M] () -- C:\Users\Main\Desktop\Good Rats - Tasty (probably the Best Song in the world....)-1.flv
[2012/01/06 10:27:54 | 018,598,280 | ---- | M] () -- C:\Users\Main\Desktop\Steve Goodman - Momma Don_t Allow It.flv
[2011/12/29 07:07:58 | 000,000,936 | ---- | M] () -- C:\Users\Main\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 15:36:37 | 000,001,946 | ---- | C] () -- C:\Users\Main\Desktop\HiJackThis.lnk
[2012/01/26 16:57:38 | 000,062,787 | ---- | C] () -- C:\Users\Main\Desktop\lincoln-stretch-limo.jpg
[2012/01/26 08:12:55 | 000,009,768 | ---- | C] () -- C:\Users\Main\Desktop\JWA Logan Dec.pdf
[2012/01/26 08:12:25 | 000,009,584 | ---- | C] () -- C:\Users\Main\Desktop\JWA Jenkins Dec.pdf
[2012/01/26 08:11:54 | 000,009,620 | ---- | C] () -- C:\Users\Main\Desktop\JWA Rogers Dec.pdf
[2012/01/23 13:14:08 | 000,305,017 | ---- | C] () -- C:\Users\Main\Desktop\JWA Donald Rogers.pdf
[2012/01/23 13:13:20 | 000,303,186 | ---- | C] () -- C:\Users\Main\Desktop\JWA Anthony Jenkins.pdf
[2012/01/06 16:02:01 | 008,345,469 | ---- | C] () -- C:\Users\Main\Desktop\Good Rats - Tasty (probably the Best Song in the world....)-1.flv
[2012/01/06 10:24:45 | 018,598,280 | ---- | C] () -- C:\Users\Main\Desktop\Steve Goodman - Momma Don_t Allow It.flv
[2011/12/29 07:07:57 | 000,000,936 | ---- | C] () -- C:\Users\Main\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/06/21 14:07:42 | 000,065,536 | ---- | C] () -- C:\Program Files\ice_jniregistry.dll
[2011/05/18 18:43:17 | 000,001,940 | ---- | C] () -- C:\Users\Main\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/14 07:09:56 | 000,001,860 | ---- | C] () -- C:\Program Files\Recipe Keeper Plus 8.2.lnk
[2011/01/24 15:43:06 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2010/07/25 11:50:28 | 000,000,120 | ---- | C] () -- C:\Users\Main\AppData\Roaming\FixVTS.ini
[2010/03/01 10:41:08 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/01/02 14:23:51 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/09/24 17:35:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 17:35:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 09:49:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/09/15 08:36:59 | 000,023,888 | ---- | C] () -- C:\Users\Main\AppData\Roaming\UserTile.png
[2009/09/15 07:42:08 | 000,191,488 | ---- | C] () -- C:\Windows\System32\ProfMan.dll
[2009/09/08 06:01:51 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 14:37:56 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/06/12 14:32:16 | 000,104,456 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2009/03/27 15:09:02 | 000,001,652 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009/03/27 13:40:18 | 000,000,148 | ---- | C] () -- C:\Users\Main\AppData\Roaming\default.rss
[2009/03/23 17:10:10 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/23 17:10:05 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/03/23 17:10:04 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/23 17:01:54 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/23 17:01:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/23 15:50:20 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/03/16 15:38:25 | 000,000,062 | ---- | C] () -- C:\Windows\MyProg.ini
[2009/03/11 21:23:14 | 000,000,477 | ---- | C] () -- C:\Program Files\outdated.dat
[2009/03/11 21:23:12 | 001,079,403 | ---- | C] () -- C:\Program Files\JDownloader.jar
[2009/03/11 21:23:12 | 000,034,816 | ---- | C] () -- C:\Program Files\JDownloader.exe
[2009/03/07 10:50:28 | 000,011,136 | ---- | C] () -- C:\Windows\System32\drivers\Softlok.sys
[2009/02/22 09:57:39 | 000,001,176 | ---- | C] () -- C:\Users\Main\AppData\Roaming\vso_ts_preview.xml
[2009/02/22 09:56:30 | 000,087,608 | ---- | C] () -- C:\Users\Main\AppData\Roaming\inst.exe
[2009/02/22 09:56:30 | 000,007,887 | ---- | C] () -- C:\Users\Main\AppData\Roaming\pcouffin.cat
[2009/02/22 09:56:30 | 000,001,144 | ---- | C] () -- C:\Users\Main\AppData\Roaming\pcouffin.inf
[2009/02/22 07:39:47 | 000,212,992 | ---- | C] () -- C:\Windows\ALCHUNIN.EXE
[2009/02/20 10:00:46 | 000,000,173 | ---- | C] () -- C:\Windows\SQ.INI
[2009/02/08 14:08:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2009/01/29 08:36:07 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/01/13 15:00:26 | 000,000,310 | ---- | C] () -- C:\Users\Main\AppData\Roaming\wklnhst.dat
[2008/11/05 16:13:10 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI
[2008/11/04 14:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\MusicStudio.INI
[2008/11/04 14:22:23 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008/11/04 14:21:28 | 000,005,817 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/10/19 07:36:21 | 000,000,022 | ---- | C] () -- C:\Users\Main\AppData\Local\kodakpcd.ini
[2008/10/09 15:21:45 | 000,037,166 | ---- | C] () -- C:\Users\Main\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/10/07 16:25:45 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/10/03 13:12:03 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/10/02 17:49:16 | 000,167,936 | ---- | C] () -- C:\Users\Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 15:50:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/02 11:50:31 | 000,000,680 | ---- | C] () -- C:\Users\Main\AppData\Local\d3d9caps.dat
[2008/10/02 11:30:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/05 12:46:06 | 000,691,481 | ---- | C] () -- C:\Windows\unins000.exe
[2008/05/05 12:46:06 | 000,001,446 | ---- | C] () -- C:\Windows\unins000.dat
[2008/05/05 12:30:59 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/05/05 12:30:59 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006/12/05 03:27:04 | 000,184,320 | ---- | C] () -- C:\Windows\System32\SatSrv.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,438,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/03 00:00:00 | 000,000,202 | ---- | C] () -- C:\Program Files\attr_example.lst
[2001/02/26 13:01:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\msasf.exe
[2000/07/14 23:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997/10/06 20:22:28 | 000,033,024 | ---- | C] () -- C:\Program Files\JOIN16.EXE
[1997/10/06 20:15:48 | 000,045,056 | ---- | C] () -- C:\Program Files\Join32.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:5FE21F898D476741
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:C647387D
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:0295CBF7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:526199B2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6971CCC5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BFE23423
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B3D74A13

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello jethro517, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

Sorry for the delay in getting back to you.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator priviledges.
  • If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

I need some new scans. Please perform the steps in the order given and post the logs in the order requested.


Step-1

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
%SYSTEMDRIVE%\*.exe
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the Scan all users box
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the Use Safe List button.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open 2 files, OTL.Txt and Extras.txt. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Things I need in your next reply:
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP