Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Win32 Sirefef, Sirefef.AO, .AG and .AN


  • Please log in to reply

#16
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts

Ok here is the Eset log......Scan found threats didn't look so good to me :unsure: .....maybe I'm wrong.

Don't worry they are either items I quarantined earlier or in the restore points which I will deal with next

Please run this next - we're nearly sorted

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#17
mjlx

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry for the delay but I had to get some beach time in this weekend :)

Here are the OTL logs

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 49574030 bytes
->Temporary Internet Files folder emptied: 8884121 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54895881 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 607 bytes

User: NetworkService
->Temp folder emptied: 27806 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46247318 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 63115130 bytes

Total Files Cleaned = 213.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_154619

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






OTL logfile created on: 7/23/2012 3:55:23 PM - Run 6
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 75.51% Memory free
4.94 Gb Paging File | 4.22 Gb Available in Paging File | 85.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 29.84 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 223.53 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 46.65 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 17.20 Gb Free Space | 7.39% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-117087D | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2012/06/15 21:51:07 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 21:51:06 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 15:55:42 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll
MOD - [2012/02/16 15:55:37 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
MOD - [2012/02/16 15:47:42 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/16 15:47:42 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
MOD - [2012/02/16 15:47:27 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 15:47:25 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 15:47:25 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 15:47:24 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/16 15:42:51 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/16 15:42:45 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/16 15:42:45 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/16 15:42:42 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/16 15:42:38 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/02 19:45:36 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
MOD - [2011/11/02 19:24:44 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/10/13 19:19:35 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/15 21:51:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/10 20:47:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MtxVxd.sys -- (MtxVxd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/11 17:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 17:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/11 09:02:31 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rig3avs.sys -- (rig3avs)
DRV - [2011/04/11 09:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rig3usb.sys -- (rig3usb_svc)
DRV - [2011/03/08 01:00:54 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 17:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010/12/07 15:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/10/20 19:38:52 | 000,110,824 | ---- | M] (PolderbitS Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pbsaudrv.sys -- (PbsAuDrv)
DRV - [2010/09/07 22:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/09 17:41:18 | 000,061,424 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOutput.sys -- (mvkOutput)
DRV - [2010/03/09 17:41:18 | 000,054,256 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkTransfer.sys -- (mvkTransfer)
DRV - [2010/03/09 17:41:18 | 000,047,984 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkSystemClock.sys -- (mvkSystemClock)
DRV - [2010/03/09 17:41:16 | 006,627,184 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkBus.sys -- (mvkBus)
DRV - [2010/03/09 17:41:16 | 000,256,624 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOnBrdIOdsxle.sys -- (mvkOnBrdIOdsxle)
DRV - [2010/03/09 17:41:16 | 000,055,664 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMisc.sys -- (mvkMisc)
DRV - [2010/03/09 17:41:16 | 000,055,024 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkInput.sys -- (mvkInput)
DRV - [2010/03/09 17:41:16 | 000,047,600 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkLQScaler.sys -- (mvkLQScaler)
DRV - [2010/03/09 17:41:16 | 000,042,480 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMemManager.sys -- (mvkMemManager)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/18 10:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 10:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/01/01 04:02:44 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/11 03:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006/05/12 13:08:14 | 000,196,476 | ---- | M] (Canopus Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmkrnl.sys -- (stmkrnl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 8E 05 0F B4 66 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.mlb.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 20:58:47 | 000,000,000 | ---D | M]

[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\[email protected]
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions
[2011/10/16 00:00:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/18 23:33:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/07/27 11:46:34 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\conduit.xml
[2011/03/08 01:00:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\daemon-search.xml
[2012/03/18 15:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 21:51:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/19 15:17:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/15 21:51:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 21:51:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/07/16 19:59:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R220 Series on MICHAEL-F15FBBC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: matrox.com ([www] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F73A98-24E4-456F-A10B-8E84EE3B482D}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/17 20:29:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/11 01:50:28 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 22:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Media Player Classic
[2012/07/20 22:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/07/20 22:50:02 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2012/07/20 22:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/07/20 21:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\VLC Logs
[2012/07/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/20 08:44:11 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\tdsskiller.exe
[2012/07/20 08:29:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/17 17:01:59 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Michael\Desktop\junction.exe
[2012/07/17 17:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Junction
[2012/07/16 23:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Western_Digital
[2012/07/16 21:28:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/16 21:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2012/07/16 19:42:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/16 19:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 19:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 19:40:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 19:40:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 19:40:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 19:40:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
[2012/07/16 19:40:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/16 19:36:43 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/12 23:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 22:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/12 22:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/12 19:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/07/12 18:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/07/12 17:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/12 17:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/23 18:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/28 14:25:11 | 017,327,195 | ---- | C] (Mooii) -- C:\Program Files\PhotoScapeSetup_V3.5.exe
[2010/11/03 16:01:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Michael\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/23 15:58:58 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/23 15:48:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/22 19:33:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/20 22:53:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/20 21:58:20 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 21:15:28 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/20 08:44:20 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\tdsskiller.exe
[2012/07/19 17:10:28 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MS Word.lnk
[2012/07/18 22:23:22 | 000,001,573 | ---- | M] () -- C:\WINDOWS\CANOPUS.INI
[2012/07/18 22:23:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\StmVideo.INI
[2012/07/17 22:59:58 | 000,003,242 | ---- | M] () -- C:\WINDOWS\StmEdit.INI
[2012/07/17 17:01:40 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/16 21:17:54 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:59:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/16 19:42:24 | 000,000,343 | RHS- | M] () -- C:\boot.ini
[2012/07/16 19:36:51 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/07/15 16:08:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/12 23:59:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:45:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 23:34:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/11 17:30:10 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:24:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 14:00:00 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/07/10 23:17:34 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/07/07 15:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 19:26:01 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/07/20 22:50:06 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2012/07/20 22:50:05 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/07/20 22:50:05 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/07/20 22:50:02 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/07/20 22:49:58 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/07/20 21:15:27 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/17 17:01:39 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/16 21:17:54 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:42:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/16 19:40:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 19:40:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 19:40:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 19:40:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 19:40:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/15 16:08:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/12 23:59:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:44:40 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/12 23:34:41 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 17:53:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/25 21:14:50 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/16 13:35:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/09 21:32:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/29 17:35:02 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/07/29 17:31:08 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/29 17:52:52 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2011/06/29 17:52:52 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2011/06/29 17:52:49 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/06/01 16:39:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/06/01 16:39:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/06/01 16:39:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2011/04/20 18:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2011/03/07 16:20:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2011/03/07 15:13:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/01/25 02:10:53 | 001,187,350 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-1450960922-725345543-1003-0.dat
[2011/01/25 02:10:53 | 000,335,358 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/27 16:56:38 | 000,001,121 | ---- | C] () -- C:\WINDOWS\stmaudio.INI
[2010/11/03 16:01:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.cat
[2010/11/03 16:01:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.inf
[2010/10/27 14:56:33 | 000,001,393 | ---- | C] () -- C:\WINDOWS\StmVideo.INI
[2010/10/26 23:23:57 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/23 17:40:25 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 19:38:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat
[2010/10/19 21:51:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/10/18 23:52:30 | 000,127,743 | ---- | C] () -- C:\WINDOWS\hpgins24.dat
[2010/10/18 23:52:30 | 000,000,308 | ---- | C] () -- C:\WINDOWS\hpgmdl24.dat
[2010/10/18 19:15:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/18 19:15:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/18 19:15:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/18 00:22:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/17 21:51:17 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Michael\Adobe Encore_AME.pref
[2010/10/17 21:16:06 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/17 21:00:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/17 20:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/17 20:37:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2010/10/17 20:31:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 20:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/17 19:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2010/10/17 19:31:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/17 19:31:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/17 19:31:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/17 19:31:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/17 19:31:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/17 19:31:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/17 19:31:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/17 19:31:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/17 19:31:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/17 19:31:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/17 19:30:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/10/17 19:30:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2010/10/17 19:05:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\stmconf.INI
[2010/10/17 19:03:48 | 000,003,242 | ---- | C] () -- C:\WINDOWS\StmEdit.INI
[2010/10/17 18:42:33 | 000,001,573 | ---- | C] () -- C:\WINDOWS\CANOPUS.INI
[2010/10/17 13:21:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/17 13:20:19 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/09 21:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/03/17 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/28 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/03/08 01:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/06/01 16:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2012/01/21 16:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/01/10 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/03/30 21:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/07/16 21:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/10/17 23:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/21 17:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
[2011/03/03 14:40:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2011/03/03 14:43:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/03/03 14:40:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2012/01/21 16:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2012/02/23 18:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\.keys
[2011/03/09 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Ableton
[2011/08/01 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\avidemux
[2012/03/02 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\calibre
[2011/03/08 01:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
[2012/07/01 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio
[2011/01/25 00:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2012/02/03 20:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gtk-2.0
[2011/07/27 20:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Gui4Cli
[2011/07/27 17:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HandBrake
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Image Zone Express
[2011/03/15 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2010/10/17 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PACE Anti-Piracy
[2011/07/28 14:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PhotoScape
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Printer Info Cache
[2011/03/30 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Publish Providers
[2011/03/30 21:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sony
[2011/02/11 00:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SystemRequirementsLab
[2012/03/07 00:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\uTorrent
[2010/11/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Vso
[2011/07/29 17:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WhiteSmoke
[2010/10/18 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
[2012/02/23 16:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Xilisoft Corporation

========== Purity Check ==========



< End of report >
  • 0

#18
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts

Sorry for the delay but I had to get some beach time in this weekend :)


You've got your priorities right :)

» Finishing off «
It appears that you're all clean, but before we finish, there's some cleaning up to do.

It's important that you continue with this step as there are items left on your system that could be a threat!

:idea: » OTL Cleanup «
Run OTL and click Cleanup. This will remove most of the programs we've used throughout today's work, along with itself and any files we've quarantined.

:idea: » Remove ComboFix «
  • Click START then RUN
  • Now type ComboFix /Uninstall in the run box and click OK. Note the space between the ComboFix and the /U, it needs to be there.
    Posted Image
:idea: » Update Java «Posted Image
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Please download JavaRa to your desktop.
    • Click the Download button next to Windows Binary (.zip) Version 1.1.6. to download JavaRA and unzip it to its own folder.
  • Run JavaRa.exe
  • Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
    Posted Image
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

:idea: » Keeping Safe «
Lastly, we need to keep you safe (as much as we like you here, we don't want to see you back so soon! ;)).

Here are a few very important things to remember to stay away from computing trouble in the future:

1) Keep Windows up-to-date.
It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.

2) Keep your antivirus software up-to-date
Antivirus software is your safety net if all other protections fail chec it regularly to make sure that it is updating.

3) Keep your web browser plugins and other programs updated also.
Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and other such web-exposed items are vulnerable to attack, which can quickly lead to an infected system no matter what protection you currently have installed. These items are often exploited by hackers hoping to gain control over your machine. By updating these programs as necessary, you will greatly reduce your exposure to dangerous internet threats.

A good way to do this is to install the Filehippo Update Checker and run it regularly.

4) Consider a web browser other than Internet Explorer.
Internet Explorer is popular, and with popularity comes exploitation and vulnerability. Fortunately, you have a choice in what web browser to use. Although its popularity has swelled considerably over the past couple of years, my current pick is Google Chrome. It's free, quick, comparatively safe, and can be outfitted with plenty of helpful extensions. Chrome will automatically update itself so you don't have to worry about doing so, and it also bundles a few vulnerable plugins within the browser and keeps them up to date on your behalf. I recommend pairing it up with Chrome Adblock (which will block ads, including fake update notifications which can result in infection) and WOT - Web of Trust (which checks websites and ensures it doesn't know them to be dangerous before loading them). All of these things are free, and very helpful for your security!

5) Keep your firewall enabled.
In Windows Vista and Windows 7, the built-in firewall is perfectly sufficient. In Windows XP, we recommend a third-party alternative. I personally like Comodo Firewall for this purpose on XP machines. Be sure you keep it updated if it requires it!

6) And last of all, surf smart.
Don't forget that no matter how safe you fel behind your firewall and anti-virus, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

If you feel that we've helped you, please help me by clicking on the Posted Image at the bottom right of any post that you found useful.
:wave: Stay safe and thanks for visiting! :wave:
  • 1

#19
mjlx

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
All is done....I just have a couple of questions. First is, I think OTL cleanup removed Combofix because when I went to uninstall it it wasn't there, Is that possible? Also to remove Junction do I just need to simply Delete the files off my desktop? And should I do the same with JavaRa or should I keep that around for future Java updates?
  • 0

#20
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts

All is done....I just have a couple of questions. First is, I think OTL cleanup removed Combofix because when I went to uninstall it it wasn't there, Is that possible? Also to remove Junction do I just need to simply Delete the files off my desktop? And should I do the same with JavaRa or should I keep that around for future Java updates?

OTL should remove ComboFix, but I always like to check. Junction - just delete please. JavaRa is worth keeping as is MalwareBytes
  • 1

#21
mjlx

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok then that should be it....Thank you for all your help it is very much appreciated :thumbsup:
  • 0

#22
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
No problem - stay safe :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP