Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware.180Solutions, PUP.FunWebProducts, and Malware.Trace

Started by queendom , Oct 07 2012 01:13 AM

  • Please log in to reply

#1
queendom
Posted 07 October 2012 - 01:13 AM

queendom

    Member

  • Member
  • PipPip
  • 75 posts
My desktop is running slowly, and Malwarebytes located three items. These items included Adware.180Solutions (registry key), PUP.FunWebProducts (file), and Malware.Trace (registry key). I opted to have Malwarebytes remove them all, but I'm not confident that the computer is totally clean because it's still running slowly. In advance, thanks so much for your help!





OTL logfile created on: 10/7/2012 2:38:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Queen Alexis\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 31.34% Memory free
1.71 Gb Paging File | 0.87 Gb Available in Paging File | 50.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 43.11 Gb Free Space | 60.72% Space Free | Partition Type: NTFS

Computer Name: QA | User Name: Queen Alexis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 02:35:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Queen Alexis\My Documents\Downloads\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/31 10:02:03 | 007,553,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/31 10:02:03 | 002,282,920 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/08/31 09:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/06/15 22:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Queen Alexis\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/02 23:05:43 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/19 08:42:52 | 000,147,456 | ---- | M] (NeoEdge Networks) -- C:\Program Files\MostFun\Bin\MostFun.exe
PRC - [2006/08/28 23:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/10/05 05:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2012/10/07 01:52:01 | 000,024,576 | ---- | M] () -- c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\a5bba783\237e00c6\huzcpkb9.dll
MOD - [2012/04/01 18:57:46 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_65357735\mscorlib.dll
MOD - [2012/04/01 18:57:35 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_eaa7c6b0\system.xml.dll
MOD - [2012/04/01 18:57:21 | 000,061,440 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\custommarshalers\1.0.5000.0__b03f5f7f11d50a3a_eebd21b9\custommarshalers.dll
MOD - [2012/04/01 18:57:18 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_37ba78ca\system.dll
MOD - [2012/04/01 18:57:05 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/04/01 18:57:05 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/04/01 18:57:03 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2005/10/05 05:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/08/10 15:11:12 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2004/08/10 15:11:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/10 15:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/10 15:11:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2004/08/10 15:11:10 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll
MOD - [2004/08/10 15:11:08 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2004/08/10 15:11:08 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\system.web.regularexpressions\1.0.5000.0__b03f5f7f11d50a3a\system.web.regularexpressions.dll
MOD - [2004/08/10 15:11:06 | 000,819,200 | ---- | M] () -- c:\windows\assembly\gac\system.web.mobile\1.0.5000.0__b03f5f7f11d50a3a\system.web.mobile.dll
MOD - [2004/08/10 15:09:42 | 000,033,792 | ---- | M] () -- c:\windows\assembly\gac\custommarshalers\1.0.5000.0__b03f5f7f11d50a3a\custommarshalers.dll
MOD - [2004/08/10 15:09:42 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2003/01/02 05:43:01 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/15 22:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe -- (N360)
SRV - [2012/01/31 21:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/04 17:32:02 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121006.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/04 17:32:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/10/04 17:32:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/04 17:32:02 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121006.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/04 16:49:16 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/03 16:16:40 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121005.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/09/28 01:02:52 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/05 22:17:58 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0603000.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 22:17:58 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0603000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 00:43:44 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0603000.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 21:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0603000.00E\symefa.sys -- (SymEFA)
DRV - [2012/01/31 21:30:34 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/11/16 23:38:00 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0603000.00E\symtdi.sys -- (SYMTDI)
DRV - [2011/11/16 23:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0603000.00E\ironx86.sys -- (SymIRON)
DRV - [2011/08/16 02:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0603000.00E\symds.sys -- (SymDS)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/12/28 12:25:37 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/08/15 04:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 08:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061228
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061228
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061228
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.2.0
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Queen Alexis\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/02 23:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/10/04 16:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/10/07 01:53:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/06 22:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/04 16:48:19 | 000,000,000 | ---D | M]

[2008/09/28 20:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Extensions
[2012/10/04 17:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Firefox\Profiles\8xqpg2bl.default\extensions
[2009/03/21 07:57:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Firefox\Profiles\8xqpg2bl.default\extensions\[email protected]
[2008/09/29 02:01:22 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Firefox\Profiles\8xqpg2bl.default\extensions\[email protected]
[2012/10/04 17:27:41 | 000,344,774 | ---- | M] () (No name found) -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Firefox\Profiles\8xqpg2bl.default\extensions\[email protected]
[2012/10/04 17:27:21 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Firefox\Profiles\8xqpg2bl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/10/04 17:27:53 | 000,341,143 | ---- | M] () (No name found) -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Firefox\Profiles\8xqpg2bl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2009/03/08 23:49:32 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Queen Alexis\Application Data\Mozilla\Firefox\Profiles\8xqpg2bl.default\searchplugins\dictionarycom.xml
[2012/10/04 18:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/04 18:02:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/04 16:51:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPLGN
[2012/10/04 18:00:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Queen Alexis\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Queen Alexis\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Queen Alexis\Start Menu\Programs\Startup\MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe (NeoEdge Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Capture Links - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCaptureLinks.js ()
O8 - Extra context menu item: Capture Page - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCapturePage.js ()
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1349388937250 (MUWebControl Class)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.gamehouse...eddingDash2.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{433BCB9D-9CA6-4B2E-B777-E017D1A66AF4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\iwd {EA5F5649-A6C7-11D4-9E3C-0020AF0FFB56} - C:\Program Files\Insight Development\Net Knowledge Tools\common\IwdProtocol.dll (Insight Development Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Queen Alexis\My Documents\My Pictures\Black Art\Love and Marriage\Kickin' It - D. D. Ike.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Queen Alexis\My Documents\My Pictures\Black Art\Love and Marriage\Kickin' It - D. D. Ike.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a57581d-c64a-11db-82dd-00038a000015}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell - "" = AutoRun
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell\1\Command - "" = I:\.\tmp.exe
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\tmp.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 02:37:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Queen Alexis\Recent
[2012/10/06 23:10:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Queen Alexis\IETldCache
[2012/10/06 20:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/10/06 20:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/10/06 19:46:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/10/06 19:40:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/10/06 19:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/10/06 19:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/10/06 19:03:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/06 18:58:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2012/10/06 18:58:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/10/06 18:58:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2012/10/06 18:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Queen Alexis\Application Data\Windows Desktop Search
[2012/10/06 18:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/10/06 18:56:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/10/04 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/10/04 18:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/10/04 17:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/10/04 17:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Queen Alexis\Local Settings\Application Data\VS Revo Group
[2012/10/04 17:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/10/04 17:56:04 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/10/04 17:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/10/04 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/04 17:29:30 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symtdiv.sys
[2012/10/04 17:29:29 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symtdi.sys
[2012/10/04 17:29:27 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symnets.sys
[2012/10/04 17:29:24 | 000,924,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symefa.sys
[2012/10/04 17:29:22 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symds.sys
[2012/10/04 17:29:20 | 000,032,928 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\srtspx.sys
[2012/10/04 17:29:18 | 000,574,112 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\srtsp.sys
[2012/10/04 17:29:17 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\ironx86.sys
[2012/10/04 17:29:16 | 000,132,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0603000.00E\ccsetx86.sys
[2012/10/04 17:24:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0603000.00E
[2012/10/04 16:49:17 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/10/04 16:49:16 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/10/04 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/10/04 16:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/04 16:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/04 16:48:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2012/10/04 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/10/04 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2012/10/04 16:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
[2012/10/04 16:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/10/04 16:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/10/04 16:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/10/04 16:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2007/02/13 16:20:38 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Queen Alexis\My Documents\*.tmp files -> C:\Documents and Settings\Queen Alexis\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 02:40:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/10/07 01:51:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/07 01:50:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-94618412-2933292107-2335530195-1006.job
[2012/10/07 01:49:56 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/07 01:49:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/07 01:49:35 | 1273,483,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 00:07:01 | 000,656,237 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\Cat.DB
[2012/10/06 23:11:32 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Queen Alexis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/06 22:15:55 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/10/06 19:58:48 | 000,504,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/06 19:58:48 | 000,087,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/06 19:41:03 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Queen Alexis.job
[2012/10/06 18:57:18 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/10/06 16:22:41 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Queen Alexis.job
[2012/10/04 19:25:34 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\Queen Alexis\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/04 19:24:45 | 000,001,047 | ---- | M] () -- C:\Documents and Settings\Queen Alexis\Desktop\Dropbox.lnk
[2012/10/04 19:06:38 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Queen Alexis\My Documents\My Sharing Folders.lnk
[2012/10/04 19:05:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2012/10/04 19:05:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2012/10/04 18:58:13 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/10/04 18:57:12 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/04 18:54:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2012/10/04 18:54:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2012/10/04 17:56:06 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/10/04 17:39:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/04 17:32:07 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\VT20121002.018
[2012/10/04 17:02:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2012/10/04 17:02:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2012/10/04 16:49:16 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/10/04 16:49:16 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/10/04 16:49:16 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/10/04 16:49:16 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/10/04 16:48:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/04 16:47:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Queen Alexis\My Documents\*.tmp files -> C:\Documents and Settings\Queen Alexis\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\wubuvutu
[2012/10/06 18:57:18 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/10/06 18:57:17 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/10/06 18:53:20 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/10/04 20:40:04 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Queen Alexis.job
[2012/10/04 20:40:03 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Queen Alexis.job
[2012/10/04 18:56:36 | 000,656,237 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\Cat.DB
[2012/10/04 17:56:05 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/10/04 17:39:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/04 17:35:15 | 000,009,103 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\VT20121002.018
[2012/10/04 17:29:29 | 000,001,469 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symnetv.inf
[2012/10/04 17:29:28 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symnetv.cat
[2012/10/04 17:29:26 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symnet.cat
[2012/10/04 17:29:26 | 000,001,441 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symnet.inf
[2012/10/04 17:29:23 | 000,007,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symefa.cat
[2012/10/04 17:29:23 | 000,003,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symefa.inf
[2012/10/04 17:29:21 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symds.cat
[2012/10/04 17:29:21 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\symds.inf
[2012/10/04 17:29:19 | 000,007,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\srtspx.cat
[2012/10/04 17:29:19 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\srtspx.inf
[2012/10/04 17:29:17 | 000,007,380 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\srtsp.cat
[2012/10/04 17:29:17 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\srtsp.inf
[2012/10/04 17:29:16 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\iron.cat
[2012/10/04 17:29:16 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\iron.inf
[2012/10/04 17:29:15 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\ccsetx86.inf
[2012/10/04 17:29:14 | 000,007,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\ccsetx86.cat
[2012/10/04 17:24:05 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0603000.00E\isolate.ini
[2012/10/04 16:49:06 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/10/04 16:48:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/01 17:33:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/04/02 16:34:01 | 000,009,334 | ---- | C] () -- C:\Program Files\SysRestorePoint_v13.zip
[2009/03/18 20:09:04 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Queen Alexis\g2mdlhlpx.exe
[2009/01/04 04:52:59 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Queen Alexis\Application Data\dvd.bmk
[2007/07/17 12:29:58 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
[2007/07/16 23:24:19 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Queen Alexis\Local Settings\Application Data\fusioncache.dat
[2007/01/27 00:34:19 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Queen Alexis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/06 01:55:25 | 000,022,900 | ---- | C] () -- C:\Documents and Settings\Queen Alexis\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2004/08/10 15:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/01/06 02:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2012/10/04 18:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/07/16 23:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MostFun
[2008/10/04 15:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/04/24 17:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games
[2008/09/29 19:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/12/01 01:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/28 12:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/27 01:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/13 13:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Amazon
[2008/09/29 01:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Auslogics
[2012/10/07 01:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Dropbox
[2007/02/28 15:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Gaijin Ent
[2008/10/26 06:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\GetRightToGo
[2008/09/29 00:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\GlarySoft
[2009/02/22 04:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Home Sweet Home 2
[2007/01/11 00:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\MSNInstaller
[2007/07/13 23:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\My Games
[2007/11/14 01:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\pixelStorm
[2008/10/04 15:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\PlayFirst
[2007/07/14 02:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Sandlot Games
[2007/01/06 02:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Simple Star
[2012/10/04 16:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\TeamViewer
[2007/01/10 21:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Template
[2012/10/06 18:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queen Alexis\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:435657D8
@Alternate Data Stream - 880 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 878 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:047BC9DD
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F15D632
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD0EDAD4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C1C493B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A41FEAA2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0971B5CA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2792EE7C
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567D3254
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3D0CDFE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78CC8F21

< End of report >
  • 0

Advertisements

#2
Amlak
Posted 07 October 2012 - 02:45 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, queendom. Welcome to GTG. Let's help you out with your malware issue.

Please do the following:

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Also, double-click MalwareBytes' AntiMalware, click on the Logs tab, and select the log in which those infections you stated were mentioned. And copy/paste its contents here.
  • 0

#3
queendom
Posted 07 October 2012 - 04:07 PM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Thanks for the quick response! Here are the results...


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 17:38:05
-----------------------------
17:38:05.500 OS Version: Windows 5.1.2600 Service Pack 3
17:38:05.500 Number of processors: 1 586 0x5F02
17:38:05.500 ComputerName: Queen Alexis UserName: Queen Alexis
17:38:06.578 Initialize success
17:41:15.703 AVAST engine defs: 12100702
17:42:57.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:42:57.468 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
17:42:57.500 Disk 0 MBR read successfully
17:42:57.500 Disk 0 MBR scan
17:42:57.578 Disk 0 unknown MBR code
17:42:57.578 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:42:57.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72708 MB offset 80325
17:42:57.671 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3537 MB offset 148986810
17:42:57.703 Disk 0 scanning sectors +156232125
17:42:57.796 Disk 0 scanning C:\WINDOWS\system32\drivers
17:43:18.687 Service scanning
17:43:44.890 Modules scanning
17:43:56.250 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:43:59.671 Disk 0 trace - called modules:
17:43:59.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:43:59.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88cd2ab8]
17:43:59.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x88d0f2a0]
17:43:59.734 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x88d1c940]
17:44:00.421 AVAST engine scan C:\WINDOWS
17:44:07.968 AVAST engine scan C:\WINDOWS\system32
17:49:03.843 AVAST engine scan C:\WINDOWS\system32\drivers
17:49:32.500 AVAST engine scan C:\Documents and Settings\Queen Alexis
17:54:08.437 AVAST engine scan C:\Documents and Settings\All Users
17:56:06.515 Scan finished successfully
17:59:18.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Queen Alexis\Desktop\MBR.dat"
17:59:18.687 The log file has been saved successfully to "C:\Documents and Settings\Queen Alexis\Desktop\aswMBR.txt"



Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Queen Alexis :: PRINCESSLEXIS [administrator]

Protection: Enabled

10/6/2012 8:29:08 PM
mbam-log-2012-10-06 (20-29-08).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287948
Time elapsed: 1 hour(s), 11 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\RECYCLER\S-1-5-21-94618412-2933292107-2335530195-1006\Dc1\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)
  • 0

#4
Amlak
Posted 08 October 2012 - 08:19 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
If MalwareBytes' AntiMalware is running in the background, please disable its protection for the duration of this post's fix and do the following:

Warning This fix is only relevant for this system and no other, using it on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
O33 - MountPoints2\{0a57581d-c64a-11db-82dd-00038a000015}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell - "" = AutoRun
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell\1\Command - "" = I:\.\tmp.exe
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE
[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\wubuvutu 

:Commands
[EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log it produces in your next reply.

*********
NEXT
*********


  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window
  • Click Details to generate a scan results report

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

  • 0

#5
queendom
Posted 09 October 2012 - 07:45 AM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
I started the Kaspersky scan 10 hours ago, and it is now on 50%. Is this normal? Threats were found after about 2% of the scan was completed by the way.

I will continue to allow the scan to run but just wanted to ask.
  • 0

#6
Amlak
Posted 09 October 2012 - 07:51 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
No, it's not normal. Is it making progress, though? If so, just let it keep going if you don't mind.
  • 0

#7
queendom
Posted 09 October 2012 - 07:54 AM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Yes, it is making progress. Thanks for letting me know! Also, is it okay to use the computer while the scan is running?
  • 0

#8
Amlak
Posted 09 October 2012 - 07:56 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
I would suggest you don't, but if it's necessary, then let me consult with an expert to see what's the best way to go about it.
  • 0

#9
Amlak
Posted 09 October 2012 - 08:12 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, queendom. If you need to use the computer for now, you can stop the scan and see if you can upload the needed report as mentioned in my last set of instructions.

Please don't forget to post the resultant log of the OTL fix. And also please let me know how the computer is behaving now.
  • 0

#10
queendom
Posted 09 October 2012 - 01:23 PM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Oh,okay. I avoided using the computer during the scan. Here are the logs! :cool:



All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a57581d-c64a-11db-82dd-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a57581d-c64a-11db-82dd-00038a000015}\ not found.
File I:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315ce7b4-0d99-11dd-830a-00188b771a21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315ce7b4-0d99-11dd-830a-00188b771a21}\ not found.
File I:\.\tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315ce7b4-0d99-11dd-830a-00188b771a21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315ce7b4-0d99-11dd-830a-00188b771a21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315ce7b4-0d99-11dd-830a-00188b771a21}\ not found.
C:\WINDOWS\system32\rundll32.exe moved successfully.
C:\WINDOWS\system32\wubuvutu moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13129229 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Queen Alexis
->Temp folder emptied: 70850262 bytes
->Temporary Internet Files folder emptied: 85748092 bytes
->Java cache emptied: 180482 bytes
->FireFox cache emptied: 54868333 bytes
->Flash cache emptied: 2699814 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 27461649 bytes
%systemroot%\System32\dllcache .tmp files removed: 1469184 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82584 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 160121090 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 397.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10082012_221612

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_318.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_918.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Attached Files


  • 0

Advertisements

#11
queendom
Posted 09 October 2012 - 01:39 PM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Windows Update indicates that I have six high-priority updates (attaching a screenshot). Would you prefer that I proceed with the updates or wait until we have completed this process?

Attached Thumbnails

  • Windows Updates SS.JPG

  • 0

#12
Amlak
Posted 10 October 2012 - 07:12 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Yeah, install those updates now if you please. How's the computer behaving by the way? Still running slow?

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Files
C:\WINDOWS\system32\rundll32.exe|C:\_OTL\MovedFiles\10082012_221612\C_WINDOWS\system32\rundll32.exe /replace
  • Then click the Run Fix button at the top.
  • Post the log it produces in your next reply.

  • 0

#13
queendom
Posted 10 October 2012 - 03:48 PM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Oddly, it is still running slowly. Does it appear clean to you? Also, may I uninstall Kaspersky? Thanks again for all of your help. :thumbsup: :thumbsup: :thumbsup:


:Files
C:\WINDOWS\system32\rundll32.exe|C:\_OTL\MovedFiles\10082012_221612\C_WINDOWS\system32\rundll32.exe /replace

Edited by queendom, 10 October 2012 - 03:49 PM.

  • 0

#14
Amlak
Posted 10 October 2012 - 07:56 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
I'm guessing it may be Norton, but I'm not really sure yet.

Just one thing first, is that what the resultant log showed exactly?

Did you click on the Run Fix button? Or the Run Scan button?
  • 0

#15
Amlak
Posted 10 October 2012 - 07:56 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Yes, feel free to uninstall Kaspersky.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP