Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Restore Problem caused by Spyware

Started by snickers , Dec 19 2009 02:04 PM

  • This topic is locked This topic is locked

#1
snickers
Posted 19 December 2009 - 02:04 PM

snickers

    Member

  • Member
  • PipPipPip
  • 127 posts
I can not do system restore and get error that disk OS C: has errors, and that "Windows has detected file system corruption on OS C:. You must check disk for errors before it can be restored"
But the system will not do check disk upon restart.
I have posted this original topic in Operating Systems: Windows Vista & Windows 7 Forum, but since issue was not resolved, the moderater instructed me to post the problem here and make sure I have a clean bill of health from spyware and viruses, before the moderator can see if he can help further. Here is the original posting:
http://www.geekstogo...rs-t261751.html
I followed all of the steps in the Malware/Spyware Cleaning Guide. I ran into some errors with some of the applications. I ran the TFC, the ERUNT, and Malwarebytes (I already have the full version purchased on my computer). For TFC, I got errors about TFC.exe corrupt files. One error was: "the file or directory C:\Users\My Name\AppData\Local Low\Sun\Java\Deployment\Cache\60\40\1f1c29a8-6e851f1b.idx is corrupt and unreadable. Run chkdsk. I also got errors in TFC for macromedia\flashplayer and windows\cookies\low and \my user nam,e gigya (2).
I ran into problems with the GMER Rookit Scanner; I was able to do partial scan, but then my system would shut down (windows error with memory dump or gre file error). I tried several times, but kept system kept shutting down. I was able to run OTL, but did get one OTL.exe error: something about flash player being corrupt. I have attached logs for malwarebytes and OTL.

Attached Files


Edited by snickers, 20 December 2009 - 04:51 PM.

  • 0

Advertisements

#2
andrewuk
Posted 28 December 2009 - 01:18 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello snickers

welcome to geekstogo :) and sorry to keep you waiting

lets get some uptodate logs for me to analyse.


====STEP 1====
go to http://www.geekstogo...uide-t2852.html and run GMER Rootkit Scanner in Step Four: Rootkit Detection



====STEP 2====
from the same page, go to Step Five: Post an OTL Log and run the OTL log, include the custom scan as explained on that page.



In your next reply could i see:
1. the GMER log
2. the OTL log (it may only have one log this time)


The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#3
snickers
Posted 28 December 2009 - 08:07 PM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
I had problems running the GMER program. It would start to scan and then I would get error that GMER has encountered a problem and needs to close. If I would try to rerun again right away my computer would freeze. I tried after restarting computer and had the same problem. I tried about 4 times with no success.

I did run the OTL program and have attached the log. I did get an error while it was scanning about the macromedia flash player being corrupt.

Attached Files

  • Attached File  OTL.Txt   107.57KB   274 downloads

  • 0

#4
andrewuk
Posted 28 December 2009 - 09:06 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
from here on in, could you copy and paste the logs, dont attach them unless i ask for that.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


also:

We will run OTL , but go for a shortened log.
  • Close all windows and open it by double clicking on the icon
  • we are targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
    • tick both the boxes marked Purity check and Lop check
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTL.txt. Please post that log here in reply.
  • You may need to use two posts to get it all on the forum
andrewuk
  • 0

#5
snickers
Posted 28 December 2009 - 10:23 PM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
ComboFix 09-12-27.04 - MICHELLE 12/28/2009 22:54:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1099 [GMT -5:00]
Running from: c:\users\MICHELLE\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\unins000.dat
c:\windows\unins000.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.
2009-12-29 04:05 . 2009-12-29 04:06 -------- d-----w- c:\users\MICHELLE\AppData\Local\temp
2009-12-29 04:05 . 2009-12-29 04:05 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-12-29 04:05 . 2009-12-29 04:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 04:05 . 2009-12-29 04:05 -------- d-----w- c:\users\ALEX\AppData\Local\temp
2009-12-29 04:05 . 2009-12-29 04:05 -------- d-----w- c:\users\ADAM\AppData\Local\temp
2009-12-29 03:52 . 2009-12-29 03:53 -------- d-----w- C:\32788R22FWJFW
2009-12-24 22:58 . 2009-12-24 22:58 -------- d-----w- c:\program files\Bonjour
2009-12-19 18:43 . 2009-12-19 18:43 93056 ----a-w- C:\uwlcqkow.sys
2009-12-19 16:39 . 2009-12-19 16:40 -------- d-----w- c:\program files\ERUNT
2009-12-16 02:21 . 2009-12-16 02:21 -------- d-----w- c:\program files\Seagate
2009-12-09 08:06 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 08:06 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 08:06 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 00:07 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 17:16 . 2009-12-06 17:16 -------- d-----w- c:\users\MICHELLE\AppData\Local\AOL
2009-12-06 14:32 . 2009-12-06 14:32 -------- d-----w- c:\users\MICHELLE\AppData\Local\Microsoft Corporation
2009-12-04 06:00 . 2009-12-04 06:00 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 02:49 . 2009-12-04 23:30 -------- d-----w- c:\users\MICHELLE\AppData\Local\GameTuts
2009-12-03 22:40 . 2009-12-03 22:40 -------- d-----w- c:\users\ADAM\AppData\Roaming\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 03:51 . 2009-03-13 01:23 -------- d-----w- c:\programdata\Lx_cats
2009-12-29 01:27 . 2007-03-24 11:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-12-29 01:27 . 2007-03-23 01:19 56680 ----a-w- c:\windows\system32\Rpcnet.dll
2009-12-29 01:27 . 2007-03-24 11:30 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-12-29 00:23 . 2009-12-29 00:23 20940 ----a-w- c:\programdata\SPL6CF5.tmp
2009-12-28 05:40 . 2008-06-15 11:08 -------- d-----w- c:\programdata\Google Updater
2009-12-24 23:05 . 2007-04-06 10:36 -------- d-----w- c:\program files\iTunes
2009-12-24 23:04 . 2007-07-01 19:53 -------- d-----w- c:\program files\Common Files\Apple
2009-12-24 23:04 . 2007-04-06 10:36 -------- d-----w- c:\program files\iPod
2009-12-23 12:04 . 2009-12-23 12:04 189042 ----a-w- c:\programdata\SPLD96E.tmp
2009-12-23 12:00 . 2009-12-23 12:00 78012 ----a-w- c:\programdata\SPLA4D6.tmp
2009-12-23 04:13 . 2009-12-23 04:13 78012 ----a-w- c:\programdata\SPL7916.tmp
2009-12-23 04:08 . 2009-12-23 04:08 251703 ----a-w- c:\programdata\SPLB634.tmp
2009-12-23 02:42 . 2009-05-31 03:07 -------- d-----w- c:\users\MICHELLE\AppData\Roaming\ComcastToolbar
2009-12-23 01:26 . 2009-12-23 01:26 251703 ----a-w- c:\programdata\SPLB359.tmp
2009-12-23 01:18 . 2009-12-23 01:18 78012 ----a-w- c:\programdata\SPL1150.tmp
2009-12-23 01:16 . 2009-12-23 01:16 78012 ----a-w- c:\programdata\SPLEC0.tmp
2009-12-19 04:01 . 2007-04-07 15:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-16 23:31 . 2009-12-16 23:31 181826 ----a-w- c:\programdata\SPL5A32.tmp
2009-12-16 23:30 . 2009-12-16 23:30 176129 ----a-w- c:\programdata\SPLC0A2.tmp
2009-12-16 23:28 . 2009-12-16 23:28 176129 ----a-w- c:\programdata\SPL3F74.tmp
2009-12-14 03:17 . 2009-12-14 03:17 2225599 ----a-w- c:\programdata\SPLDE68.tmp
2009-12-13 13:17 . 2009-12-13 13:17 2290566 ----a-w- c:\programdata\SPL1E1E.tmp
2009-12-10 00:14 . 2009-09-28 17:52 143976 ----a-w- c:\users\MICHELLE\AppData\Roaming\Move Networks\uninstall.exe
2009-12-10 00:14 . 2009-10-15 00:50 5642688 ----a-w- c:\users\MICHELLE\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
2009-12-10 00:14 . 2007-10-09 01:47 -------- d-----w- c:\users\MICHELLE\AppData\Roaming\Move Networks
2009-12-09 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 08:06 . 2007-03-16 00:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-07 22:48 . 2007-03-16 00:14 -------- d-----w- c:\program files\Google
2009-12-06 17:29 . 2007-03-25 16:59 -------- d-----w- c:\program files\Canon
2009-12-06 17:17 . 2008-10-10 00:15 -------- d-----w- c:\program files\Common Files\AOL
2009-12-06 17:15 . 2009-04-11 09:13 -------- d-----w- c:\programdata\Lavasoft
2009-12-06 17:15 . 2007-04-07 15:13 -------- d-----w- c:\program files\Lavasoft
2009-12-06 17:07 . 2007-03-15 23:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 17:05 . 2007-03-16 00:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-12-06 16:43 . 2009-08-04 11:21 -------- d-----w- c:\program files\Roxio
2009-12-06 16:34 . 2009-06-05 10:24 -------- d-----w- c:\program files\PCPitstop
2009-12-06 16:34 . 2009-06-05 10:24 -------- d-----w- c:\programdata\PCPitstop
2009-12-06 16:27 . 2009-05-29 02:40 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-06 16:26 . 2009-05-29 02:40 -------- d-----w- c:\program files\ArcSoft
2009-12-06 16:23 . 2009-09-20 22:38 -------- d-----w- c:\program files\SpywareGuard
2009-12-05 14:12 . 2009-09-20 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 03:12 . 2007-07-03 10:38 -------- d-----w- c:\program files\Coupons
2009-12-04 02:41 . 2008-12-24 00:55 -------- d-----w- c:\users\MICHELLE\AppData\Roaming\Datel
2009-12-03 21:14 . 2009-09-20 01:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-09-20 01:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 14:16 . 2009-11-29 14:16 120542 ----a-w- c:\programdata\SPL4FE2.tmp
2009-11-28 22:16 . 2009-11-28 22:15 -------- d-----w- c:\program files\QuickTime
2009-11-27 16:00 . 2009-06-06 19:56 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-11-27 00:33 . 2008-11-30 15:23 -------- d-----w- c:\program files\Safari
2009-11-27 00:30 . 2009-11-27 00:30 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-22 02:24 . 2007-04-06 21:59 8268 ----a-w- c:\users\MICHELLE\AppData\Local\d3d9caps.dat
2009-11-22 00:06 . 2009-11-22 00:06 109565 ----a-w- c:\programdata\SPLE033.tmp
2009-11-21 13:28 . 2009-11-21 13:28 338688 ----a-w- c:\programdata\SPL8881.tmp
2009-11-21 13:12 . 2009-11-21 13:12 1169746 ----a-w- c:\programdata\SPL490B.tmp
2009-11-21 06:40 . 2009-12-09 00:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 00:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 00:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 00:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 22:49 . 2009-05-14 11:22 -------- d-----w- c:\program files\McAfee
2009-11-19 17:27 . 2009-11-19 17:27 56844 ----a-w- c:\programdata\SPLADEA.tmp
2009-11-19 10:36 . 2009-11-19 10:36 56844 ----a-w- c:\programdata\SPL31F1.tmp
2009-11-13 01:10 . 2009-11-13 01:10 149949 ----a-w- c:\programdata\SPL795B.tmp
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-10 11:44 . 2009-11-10 11:41 -------- d--h--w- c:\programdata\esClient
2009-11-10 11:41 . 2009-11-10 11:41 -------- d-----w- c:\program files\echospin
2009-11-10 02:02 . 2007-03-15 23:56 -------- d-----w- c:\program files\Java
2009-11-05 01:46 . 2009-11-05 01:46 -------- d-----w- c:\program files\Microsoft
2009-11-03 01:42 . 2009-10-02 18:11 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 11:42 . 2009-10-31 11:42 1430407 ----a-w- c:\programdata\SPL98F5.tmp
2009-10-31 11:35 . 2009-10-31 11:35 7016923 ----a-w- c:\programdata\SPL5DF8.tmp
2009-10-31 11:33 . 2009-10-31 11:33 7016923 ----a-w- c:\programdata\SPL9630.tmp
2009-10-29 09:17 . 2009-11-25 00:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 02:19 . 2009-10-29 02:19 1245440 ----a-w- c:\programdata\SPL6C23.tmp
2009-10-29 02:14 . 2009-10-29 02:14 1275318 ----a-w- c:\programdata\SPL2D67.tmp
2009-10-28 11:06 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-21 16:45 . 2008-01-22 01:43 33792 ----a-w- c:\windows\system32\identprv.dll
2009-10-16 02:32 . 2009-10-16 02:32 409600 ----a-w- c:\windows\system32\lxdrcoin.dll
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\users\MICHELLE\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-13 00:06 . 2009-10-13 00:06 275890 ----a-w- c:\programdata\SPL551.tmp
2009-10-11 09:17 . 2008-12-25 14:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-10-28 09:40 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-10-28 09:40 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-10-28 09:40 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-05 09:41 . 2009-10-05 09:41 877048 ----a-w- c:\programdata\SPLEB58.tmp
2009-10-05 09:38 . 2009-10-05 09:38 1117784 ----a-w- c:\programdata\SPLBBF6.tmp
2009-10-03 12:06 . 2009-05-31 02:45 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-10-01 01:02 . 2009-10-28 09:42 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-28 09:43 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-28 09:42 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-28 09:42 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-28 09:43 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-28 09:42 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-28 09:42 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-28 09:43 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-28 09:42 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-28 09:42 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-28 09:42 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-28 09:43 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-28 09:42 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2007-09-03 19:41 . 2007-09-03 19:41 8 --sha-r- c:\windows\System32\DB460FB393.sys
2007-09-03 19:41 . 2007-09-03 19:41 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-03-16 07:39 . 2007-03-16 07:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-24 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"Yapta Tracker"="c:\program files\Yapta\YaptaClient.exe" [2009-07-27 345392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-09-10 676520]
"lxdramon"="c:\program files\Lexmark 4900 Series\lxdramon.exe" [2008-09-10 16040]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\users\MICHELLE\Desktop\SetPoint\SetPoint.exe [2009-1-21 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^MICHELLE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MICHELLE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNNAlerter.lnk]
path=c:\users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNNAlerter.lnk
backup=c:\windows\pss\CNNAlerter.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^MICHELLE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-07-11 22:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:19 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-10-12 07:42 36864 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
2008-09-03 15:11 4345856 ----a-w- c:\program files\TuneClone\TuneClone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,2e,a9,b6,93,52,ca,01

R0 tclondrv;tclondrv;c:\windows\System32\drivers\tclondrv.sys [10/1/2008 7:50 AM 20352]
R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [7/15/2009 6:33 PM 20376]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/19/2009 8:48 PM 276816]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 11:40 AM 148768]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/7/2007 11:06 PM 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/9/2008 7:16 PM 24652]
R2 WebGuideTranscode;WebGuideTranscode;c:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [8/8/2007 6:28 PM 40960]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [9/19/2009 8:48 PM 19160]
R3 NETw5v32;Intel® WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [1/17/2008 1:53 PM 4788736]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdrserv.exe [5/16/2008 10:39 AM 94208]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [9/19/2008 11:03 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe
IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - c:\program files\Yapta\YaptaSidebar.dll
Trusted Zone: comcastsupport.com\www
Trusted Zone: gameinformer.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: msgtag.com\www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - hxxp://echospin.com/wizard/files/esWizard.cab
FF - ProfilePath - c:\users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\echospin\npesProxy.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\MICHELLE\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-GoToAssist - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1 - c:\windows\unins000.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 23:06
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
[0] 0x312CC483
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\MICHELLE\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-28 23:10:31
ComboFix-quarantined-files.txt 2009-12-29 04:10
ComboFix2.txt 2009-09-20 01:41
Pre-Run: 28,613,087,232 bytes free
Post-Run: 28,408,889,344 bytes free
- - End Of File - - E901E44BF6CD69863FDC727754B18C4A
  • 0

#6
snickers
Posted 28 December 2009 - 10:24 PM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
OTL logfile created on: 12/28/2009 11:15:37 PM - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\MICHELLE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 26.51 Gb Free Space | 26.58% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.38 Gb Free Space | 43.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE-PC
Current User Name: MICHELLE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2009/12/28 20:38:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/16 15:49:48 | 00,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV - [2009/10/03 07:06:31 | 00,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/19 13:47:28 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdrcoms.exe -- (lxdr_device)
SRV - [2009/07/15 18:33:15 | 00,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/07 16:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/02 11:40:34 | 00,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 11:40:34 | 00,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - [2008/03/20 21:58:24 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 18:28:42 | 00,040,960 | ---- | M] (WebGuide LLC) [Auto | Running] -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe -- (WebGuideTranscode)
SRV - [2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/02/07 23:06:10 | 00,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...ff50ie7&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://search.aol.co...h=yesab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/03/22 05:16:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 05:39:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 05:39:21 | 00,000,000 | ---D | M]

[2008/12/18 05:05:50 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Extensions
[2009/12/24 09:47:02 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions
[2009/12/21 06:12:27 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/11/18 20:05:19 | 00,000,000 | ---D | M] (No name found) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/11/15 08:25:15 | 00,000,000 | ---D | M] (WOT) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/10/17 16:09:23 | 00,001,901 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\aimsearch.xml
[2009/12/20 07:06:41 | 00,001,218 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\comcast.xml
[2009/11/09 21:02:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/18 05:05:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/10/09 19:16:49 | 00,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2008/12/01 11:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: (810 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdramon] C:\Program Files\Lexmark 4900 Series\lxdramon.exe ()
O4 - HKLM..\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: comcastsupport.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gameinformer.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: gameinformer.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: msgtag.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} http://echospin.com/...es/esWizard.cab (esProxy.GeneralHandler)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== LOP Check ==========

[2007/08/03 23:40:28 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\aignes
[2009/05/30 21:26:14 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CallingID
[2007/10/15 16:30:26 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CNN
[2008/12/19 23:01:54 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/09 20:25:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Comcast
[2009/12/22 21:42:29 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\ComcastToolbar
[2008/11/15 22:10:18 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CVS
[2009/12/03 21:41:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Datel
[2009/06/19 04:29:35 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GARMIN
[2009/09/19 18:53:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GetRightToGo
[2007/12/22 17:53:59 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Image Zone Express
[2009/09/20 13:17:42 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\KeePass
[2009/03/23 18:26:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Lexmark Productivity Studio
[2008/10/26 04:53:34 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Morpheus Software
[2009/06/18 20:14:55 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Panasonic
[2007/04/08 15:39:38 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Sammsoft
[2008/10/09 19:41:04 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Simple Star
[2009/03/18 21:47:40 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Temp
[2009/03/15 13:01:09 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Thinstall
[2009/07/29 22:35:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Vso
[2008/04/10 19:20:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\W Photo Studio Viewer
[2009/07/17 18:28:44 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WebGuide
[2009/07/28 19:07:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WinFF
[2008/02/15 05:18:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Yapta
[2009/12/27 23:34:00 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/12/15 01:00:02 | 00,000,346 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/12/01 01:00:29 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/12/28 19:11:02 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/28 23:15:07 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{43A518E6-C34F-4385-927F-75DDE5105BDE}.job
[2009/12/28 23:11:00 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4EF27C85-EE55-495F-80F8-3060E4B8A57A}.job
[2009/12/28 23:15:00 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5F21486F-FCF4-4E72-B917-B2262D5A96A6}.job

========== Purity Check ==========


< End of report >
  • 0

#7
snickers
Posted 28 December 2009 - 10:40 PM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
I also want to add - thanks for helping me.

Edited by snickers, 29 December 2009 - 08:09 AM.

  • 0

#8
andrewuk
Posted 29 December 2009 - 01:21 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
====STEP 1====
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page (you may have to use the browse button):

    • C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdrserv.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. . . . . if the copy function does not work then copy the url link in your reply.
  • Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links).
Could you do the same for the following files:
  • C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
  • C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
  • C:\uwlcqkow.sys

====STEP 2====

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :comment
Make sure you copy *all* the text in this codebox.

:dir
c:\users\MICHELLE\AppData\Local\GameTuts
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



====STEP 3====
you have several sites in your Trusted Domains - this will mean that when you surf on those sites you have minimal security.

i would advise moving the following out of your Trusted Domains:
gameinformer.com
internet
msgtag.com
real.com

you can do this by opening a browser window, then:

1. TOOLS >>> INTERNET OPTIONS

2. select the SECURITY tab

3. click on TRUSTED SITES

4. click the SITES button and this will bring up a list of sites in Trusted Domains

5. highlight and press REMOVE for the selected sites to remove, and any other sites you want to remove also



====STEP 4====
We will again run OTL , but go for a shortened log.
  • Close all windows and open it by double clicking on the icon
  • we are targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
    • tick both the boxes marked Purity check and Lop check
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTL.txt. Please post that log here in reply.
  • You may need to use two posts to get it all on the forum


In your next reply could i see:
1. the four Virscan links or logs
2. the SystemLook.txt log
3. the new OTL log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#9
snickers
Posted 29 December 2009 - 10:33 PM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
I have a couple of questions.
For the VirSCAN.org, I can't copy the path into the suspicious files to scan box. And if I use browse button, where can the path that I am supposed to copy be found? Do I have to copy the path and save it somewhere?

For the System Look, I just want to make sure that it is this entire content that I copy into the codebox:
":comment
Make sure you copy *all* the text in this codebox.
:dir
c:\users\MICHELLE\AppData\Local\GameTuts"

I am supposed to include everything in the codebox, including the comment: make sure you copy *all* the text in this codebox, ?

Edited by snickers, 29 December 2009 - 10:38 PM.

  • 0

#10
andrewuk
Posted 30 December 2009 - 05:42 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

For the VirSCAN.org, I can't copy the path into the suspicious files to scan box. And if I use browse button, where can the path that I am supposed to copy be found? Do I have to copy the path and save it somewhere?

looks like you will need to go via the browse button method.

so, for example, for the C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdrserv.exe

1. press the browse button on the virscan webpage - the standard file explorer window will pop up
2. on the left hand side, click "My Computer"
3. double click on C:
4. double click on windows
5. double click on system32
6. double click on spool
7. double click on DRIVERS
8. double click on W32X86
9. double click on 3
10. double click on lxdrserv.exe . . . . that should put it in the "suspicious file to scan box" on the web page
11. then press "Upload"


For the System Look, I just want to make sure that it is this entire content that I copy into the codebox:
":comment
Make sure you copy *all* the text in this codebox.
:dir
c:\users\MICHELLE\AppData\Local\GameTuts"

I am supposed to include everything in the codebox, including the comment: make sure you copy *all* the text in this codebox, ?

yes, it will produce a list of what is in that folder. i dont recognise it.
  • 0

Advertisements

#11
snickers
Posted 30 December 2009 - 09:51 AM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Virscan log#1 for C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdrserv.exe:
VirSCAN.org Scanned Report :
Scanned time : 2009/12/30 09:18:44 (EST)
Scanner results: Scanners did not find malware!
File Name : lxdrserv.exe
File Size : 94208 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4a0b6533f035d74729942ee1d19c35c5
SHA1 : 8b48a3fc021d596d8013ccd7a587c6a471a23a7e
Online report : http://virscan.org/r...537929c8ca.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091230221032 2009-12-30 5.76 -
AhnLab V3 2009.12.30.00 2009.12.30 2009-12-30 1.86 -
AntiVir 8.2.1.122 7.10.2.105 2009-12-30 0.39 -
Antiy 2.0.18 20091230.3548483 2009-12-30 0.12 -
Arcavir 2009 200912291927 2009-12-29 0.05 -
Authentium 5.1.1 200912300143 2009-12-30 1.44 -
AVAST! 4.7.4 091230-0 2009-12-30 0.01 -
AVG 8.5.288 270.14.123/2594 2009-12-30 0.35 -
BitDefender 7.81008.4798454 7.29672 2009-12-30 4.13 -
CA (VET) 35.1.0 7205 2009-12-29 16.36 -
ClamAV 0.95.2 10239 2009-12-30 0.03 -
Comodo 3.13.579 3409 2009-12-30 1.07 -
CP Secure 1.3.0.5 2009.12.30 2009-12-30 0.06 -
Dr.Web 4.44.0.9170 2009.12.29 2009-12-29 8.31 -
F-Prot 4.4.4.56 20091229 2009-12-29 1.76 -
F-Secure 7.02.73807 2009.12.30.07 2009-12-30 5.68 -
Fortinet 11.324- 11.324 2009-12-30 0.92 -
GData 19.9618/19.651 20091230 2009-12-30 11.04 -
ViRobot 20091230 2009.12.30 2009-12-30 0.86 -
Ikarus T3.1.01.79 2009.12.30.74859 2009-12-30 4.38 -
JiangMin 13.0.900 2009.12.30 2009-12-30 35.29 -
Kaspersky 5.5.10 2009.12.30 2009-12-30 0.11 -
KingSoft 2009.2.5.15 2009.12.30.19 2009-12-30 0.59 -
McAfee 5.3.00 5846 2009-12-29 3.39 -
Microsoft 1.5302 2009.12.30 2009-12-30 9.06 -
Norman 6.01.09 6.01.00 2009-12-29 4.01 -
Panda 9.05.01 2009.12.29 2009-12-29 2.10 -
Trend Micro 9.000-1003 6.732.03 2009-12-30 0.03 -
Quick Heal 10.00 2009.12.30 2009-12-30 1.64 -
Rising 20.0 22.28.02.04 2009-12-30 1.12 -
Sophos 3.03.0 4.49 2009-12-30 2.86 -
Sunbelt 3.9.2388.2 5588 2009-12-29 2.58 -
Symantec 1.3.0.24 20091229.052 2009-12-29 0.06 -
nProtect 20091230.01 6747377 2009-12-30 4.32 -
The Hacker 6.5.0.3 v00121 2009-12-30 1.08 -
VBA32 3.12.12.1 20091229.2225 2009-12-29 2.76 -
VirusBuster 4.5.11.10 10.118.13/2009741 2009-12-29 2.45 -

Viruscan Log#2 for C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
VirSCAN.org Scanned Report :
Scanned time : 2009/12/30 09:49:26 (EST)
Scanner results: Scanners did not find malware!
File Name : WebGuideTranscodeService.exe.config
File Size : 1406 byte
File Type : UTF-8 Unicode English text, with CRLF line terminators
MD5 : 24e3d077f51cfa0fe54f0fb50674656a
SHA1 : 7a209f52552a3d08042ee5dee10c708e2389cef0
Online report : http://virscan.org/r...93294b0997.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091230221032 2009-12-30 40.13 -
AhnLab V3 2009.12.30.00 2009.12.30 2009-12-30 40.12 -
AntiVir 8.2.1.122 7.10.2.105 2009-12-30 0.08 -
Antiy 2.0.18 20091230.3548483 2009-12-30 0.12 -
Arcavir 2009 200912291927 2009-12-29 0.02 -
Authentium 5.1.1 200912300143 2009-12-30 1.23 -
AVAST! 4.7.4 091230-0 2009-12-30 0.00 -
AVG 8.5.288 270.14.123/2594 2009-12-30 0.30 -
BitDefender 7.81008.4798454 7.29672 2009-12-30 4.11 -
CA (VET) 35.1.0 7205 2009-12-29 40.13 -
ClamAV 0.95.2 10239 2009-12-30 0.00 -
Comodo 3.13.579 3409 2009-12-30 40.13 -
CP Secure 1.3.0.5 2009.12.30 2009-12-30 0.01 -
Dr.Web 4.44.0.9170 2009.12.29 2009-12-29 8.13 -
F-Prot 4.4.4.56 20091229 2009-12-29 1.24 -
F-Secure 7.02.73807 2009.12.30.07 2009-12-30 13.01 -
Fortinet 11.324- 11.324 2009-12-30 40.13 -
GData 19.9618/19.651 20091230 2009-12-30 40.13 -
ViRobot 20091230 2009.12.30 2009-12-30 40.13 -
Ikarus T3.1.01.79 2009.12.30.74859 2009-12-30 4.15 -
JiangMin 13.0.900 2009.12.30 2009-12-30 40.13 -
Kaspersky 5.5.10 2009.12.30 2009-12-30 0.03 -
KingSoft 2009.2.5.15 2009.12.30.19 2009-12-30 40.13 -
McAfee 5.3.00 5846 2009-12-29 3.29 -
Microsoft 1.5302 2009.12.30 2009-12-30 40.12 -
Norman 6.01.09 6.01.00 2009-12-29 4.01 -
Panda 9.05.01 2009.12.30 2009-12-30 40.12 -
Trend Micro 9.000-1003 6.732.03 2009-12-30 0.02 -
Quick Heal 10.00 2009.12.30 2009-12-30 40.13 -
Rising 20.0 22.28.02.04 2009-12-30 40.12 -
Sophos 3.03.0 4.49 2009-12-30 2.78 -
Sunbelt 3.9.2388.2 5588 2009-12-29 40.13 -
Symantec 1.3.0.24 20091229.052 2009-12-29 0.04 -
nProtect 20091230.01 6747377 2009-12-30 40.13 -
The Hacker 6.5.0.3 v00121 2009-12-30 40.14 -
VBA32 3.12.12.1 20091229.2225 2009-12-29 2.28 -
VirusBuster 4.5.11.10 10.118.13/2009741 2009-12-29 2.33 -

Viruscan Log#3 for C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
VirSCAN.org Scanned Report :
Scanned time : 2009/12/30 10:06:25 (EST)
Scanner results: Scanners did not find malware!
File Name : UltiDevCassinWebServer2a.exe.config
File Size : 167 byte
File Type : XML 1.0 document text
MD5 : aadf7a0d5bfa2f9f4a455986684b27a6
SHA1 : 29d8c792db80dc5127e5a53b69e8620145b68967
Online report : http://virscan.org/r...3f78283805.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091230221032 2009-12-30 40.13 -
AhnLab V3 2009.12.30.00 2009.12.30 2009-12-30 40.12 -
AntiVir 8.2.1.122 7.10.2.105 2009-12-30 0.51 -
Antiy 2.0.18 20091230.3548483 2009-12-30 0.12 -
Arcavir 2009 200912291927 2009-12-29 0.02 -
Authentium 5.1.1 200912300143 2009-12-30 1.23 -
AVAST! 4.7.4 091230-0 2009-12-30 0.00 -
AVG 8.5.288 270.14.123/2594 2009-12-30 0.30 -
BitDefender 7.81008.4798454 7.29672 2009-12-30 4.11 -
CA (VET) 35.1.0 7205 2009-12-29 40.13 -
ClamAV 0.95.2 10239 2009-12-30 0.00 -
Comodo 3.13.579 3409 2009-12-30 40.13 -
CP Secure 1.3.0.5 2009.12.30 2009-12-30 0.01 -
Dr.Web 4.44.0.9170 2009.12.29 2009-12-29 8.59 -
F-Prot 4.4.4.56 20091229 2009-12-29 1.25 -
F-Secure 7.02.73807 2009.12.30.07 2009-12-30 0.06 -
Fortinet 11.324- 11.324 2009-12-30 40.12 -
GData 19.9618/19.651 20091230 2009-12-30 40.13 -
ViRobot 20091230 2009.12.30 2009-12-30 40.13 -
Ikarus T3.1.01.79 2009.12.30.74859 2009-12-30 4.13 -
JiangMin 13.0.900 2009.12.30 2009-12-30 40.14 -
Kaspersky 5.5.10 2009.12.30 2009-12-30 0.03 -
KingSoft 2009.2.5.15 2009.12.30.19 2009-12-30 40.13 -
McAfee 5.3.00 5846 2009-12-29 3.35 -
Microsoft 1.5302 2009.12.30 2009-12-30 40.13 -
Norman 6.01.09 6.01.00 2009-12-29 4.01 -
Panda 9.05.01 2009.12.30 2009-12-30 40.13 -
Trend Micro 9.000-1003 6.732.04 2009-12-30 0.02 -
Quick Heal 10.00 2009.12.30 2009-12-30 40.14 -
Rising 20.0 22.28.02.04 2009-12-30 40.12 -
Sophos 3.03.0 4.49 2009-12-30 2.78 -
Sunbelt 3.9.2388.2 5588 2009-12-29 40.12 -
Symantec 1.3.0.24 20091229.052 2009-12-29 0.24 -
nProtect 20091230.01 6747377 2009-12-30 40.13 -
The Hacker 6.5.0.3 v00121 2009-12-30 40.12 -
VBA32 3.12.12.1 20091229.2225 2009-12-29 2.28 -
VirusBuster 4.5.11.10 10.118.13/2009741 2009-12-29 2.35 -

Viruscan Log#4 for C:\uwlcqkow.sys
VirSCAN.org Scanned Report :
Scanned time : 2009/12/30 10:20:29 (EST)
Scanner results: Scanners did not find malware!
File Name : uwlcqkow.sys
File Size : 93056 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 54754317755d9e6a635d4f77483c6192
SHA1 : cfbfe041eb2a62ec64072cf8ccf5f2509068d4f6
Online report : http://virscan.org/r...2f0a79e75e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091230221032 2009-12-30 40.12 -
AhnLab V3 2009.12.30.00 2009.12.30 2009-12-30 40.13 -
AntiVir 8.2.1.122 7.10.2.106 2009-12-30 0.18 -
Antiy 2.0.18 20091230.3548483 2009-12-30 0.12 -
Arcavir 2009 200912291927 2009-12-29 0.04 -
Authentium 5.1.1 200912300143 2009-12-30 1.85 -
AVAST! 4.7.4 091230-0 2009-12-30 0.01 -
AVG 8.5.288 270.14.123/2594 2009-12-30 0.34 -
BitDefender 7.81008.4798454 7.29672 2009-12-30 4.10 -
CA (VET) 35.1.0 7205 2009-12-29 40.13 -
ClamAV 0.95.2 10239 2009-12-30 0.02 -
Comodo 3.13.579 3409 2009-12-30 40.13 -
CP Secure 1.3.0.5 2009.12.30 2009-12-30 0.07 -
Dr.Web 4.44.0.9170 2009.12.29 2009-12-29 8.13 -
F-Prot 4.4.4.56 20091229 2009-12-29 1.84 -
F-Secure 7.02.73807 2009.12.30.07 2009-12-30 0.15 -
Fortinet 11.324- 11.324 2009-12-30 40.12 -
GData 19.9618/19.651 20091230 2009-12-30 40.12 -
ViRobot 20091230 2009.12.30 2009-12-30 40.13 -
Ikarus T3.1.01.79 2009.12.30.74859 2009-12-30 4.20 -
JiangMin 13.0.900 2009.12.30 2009-12-30 40.12 -
Kaspersky 5.5.10 2009.12.30 2009-12-30 0.12 -
KingSoft 2009.2.5.15 2009.12.30.19 2009-12-30 40.12 -
McAfee 5.3.00 5846 2009-12-29 3.56 -
Microsoft 1.5302 2009.12.30 2009-12-30 40.13 -
Norman 6.01.09 6.01.00 2009-12-29 6.01 -
Panda 9.05.01 2009.12.30 2009-12-30 40.12 -
Trend Micro 9.000-1003 6.732.04 2009-12-30 0.03 -
Quick Heal 10.00 2009.12.30 2009-12-30 40.13 -
Rising 20.0 22.28.02.04 2009-12-30 40.13 -
Sophos 3.03.0 4.49 2009-12-30 2.84 -
Sunbelt 3.9.2388.2 5588 2009-12-29 40.12 -
Symantec 1.3.0.24 20091229.052 2009-12-29 0.19 -
nProtect 20091230.01 6747377 2009-12-30 40.12 -
The Hacker 6.5.0.3 v00121 2009-12-30 40.13 -
VBA32 3.12.12.1 20091229.2225 2009-12-29 2.30 -
VirusBuster 4.5.11.10 10.118.13/2009741 2009-12-29 2.40 -

I will add the results for System Look and OTL each in separate subsequent posts.
  • 0

#12
snickers
Posted 30 December 2009 - 09:53 AM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
System Look Results:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 10:34 on 30/12/2009 by MICHELLE (Administrator - Elevation successful)

========== dir ==========

c:\users\MICHELLE\AppData\Local\GameTuts - Parameters: "(none)"

---Files---
None found.

---Folders---
Modio.exe_StrongName_kpcudih1uaofcwa1lzx4k3qxeo43bmoy d----- [02:49 04/12/2009]
Modio.exe_StrongName_ye3bnzzjkqw0nvbmg3nwy0dskddhb1ri d----- [23:30 04/12/2009]

-=End Of File=-
  • 0

#13
snickers
Posted 30 December 2009 - 09:53 AM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
OTL Results:

OTL logfile created on: 12/30/2009 10:39:23 AM - Run 4
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\MICHELLE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 28.42 Gb Free Space | 28.50% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.41 Gb Free Space | 44.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE-PC
Current User Name: MICHELLE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2009/12/28 20:38:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/16 15:49:48 | 00,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV - [2009/10/03 07:06:31 | 00,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/19 13:47:28 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdrcoms.exe -- (lxdr_device)
SRV - [2009/07/15 18:33:15 | 00,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/07 16:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/02 11:40:34 | 00,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 11:40:34 | 00,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - [2008/03/20 21:58:24 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 18:28:42 | 00,040,960 | ---- | M] (WebGuide LLC) [Auto | Running] -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe -- (WebGuideTranscode)
SRV - [2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/02/07 23:06:10 | 00,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...ff50ie7&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://search.aol.co...h=yesab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/03/22 05:16:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 05:39:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 05:39:21 | 00,000,000 | ---D | M]

[2008/12/18 05:05:50 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Extensions
[2009/12/24 09:47:02 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions
[2009/12/21 06:12:27 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/11/18 20:05:19 | 00,000,000 | ---D | M] (No name found) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/11/15 08:25:15 | 00,000,000 | ---D | M] (WOT) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/10/17 16:09:23 | 00,001,901 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\aimsearch.xml
[2009/12/20 07:06:41 | 00,001,218 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\comcast.xml
[2009/11/09 21:02:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/18 05:05:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/10/09 19:16:49 | 00,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2008/12/01 11:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: (810 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdramon] C:\Program Files\Lexmark 4900 Series\lxdramon.exe ()
O4 - HKLM..\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: comcastsupport.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} http://echospin.com/...es/esWizard.cab (esProxy.GeneralHandler)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== LOP Check ==========

[2007/08/03 23:40:28 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\aignes
[2009/05/30 21:26:14 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CallingID
[2007/10/15 16:30:26 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CNN
[2008/12/19 23:01:54 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/09 20:25:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Comcast
[2009/12/29 09:49:44 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\ComcastToolbar
[2008/11/15 22:10:18 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CVS
[2009/12/03 21:41:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Datel
[2009/06/19 04:29:35 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GARMIN
[2009/09/19 18:53:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GetRightToGo
[2007/12/22 17:53:59 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Image Zone Express
[2009/09/20 13:17:42 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\KeePass
[2009/03/23 18:26:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Lexmark Productivity Studio
[2008/10/26 04:53:34 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Morpheus Software
[2009/06/18 20:14:55 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Panasonic
[2007/04/08 15:39:38 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Sammsoft
[2008/10/09 19:41:04 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Simple Star
[2009/03/18 21:47:40 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Temp
[2009/03/15 13:01:09 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Thinstall
[2009/07/29 22:35:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Vso
[2008/04/10 19:20:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\W Photo Studio Viewer
[2009/07/17 18:28:44 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WebGuide
[2009/07/28 19:07:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WinFF
[2008/02/15 05:18:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Yapta
[2009/12/28 23:34:00 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/12/15 01:00:02 | 00,000,346 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/12/01 01:00:29 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/12/29 10:18:50 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/30 10:35:02 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{43A518E6-C34F-4385-927F-75DDE5105BDE}.job
[2009/12/30 10:36:00 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4EF27C85-EE55-495F-80F8-3060E4B8A57A}.job
[2009/12/30 10:34:59 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5F21486F-FCF4-4E72-B917-B2262D5A96A6}.job

========== Purity Check ==========


< End of report >
  • 0

#14
andrewuk
Posted 30 December 2009 - 04:37 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
we will update and re-run your malwarebytes:

double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
====STEP 4====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java, if required:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u17-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the malwarebytes log
2. the superantispyware log
3. the kaspersky log
4. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#15
snickers
Posted 31 December 2009 - 04:30 PM

snickers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Malwarebytes log:
Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/30/2009 10:19:56 PM
mbam-log-2009-12-30 (22-19-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 304742
Time elapsed: 2 hour(s), 45 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Superantispyware log:
UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/31/2009 at 01:57 AM

Application Version : 4.32.1000

Core Rules Database Version : 4430
Trace Rules Database Version: 2256

Scan type : Complete Scan
Total Scan Time : 03:20:19

Memory items scanned : 434
Memory threats detected : 0
Registry items scanned : 7288
Registry threats detected : 1
File items scanned : 151506
File threats detected : 339

Rogue.GreenAntiVirus
HKU\S-1-5-21-2363420569-19101160-1035343276-1000\Software\GAV

Adware.Tracking Cookie
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\adam@2o7[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@247realmedia[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@2o7[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@adbrite[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@adecn[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@adinterax[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@adlegend[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@adrevolver[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@advertising[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@apmebf[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@atdmt[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@burstnet[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@casalemedia[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@chitika[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@clickaider[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@doubleclick[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@fastclick[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@gamestats[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@hitbox[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@hypertracker[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@imrworldwide[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@interclick[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@overture[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@partner2profit[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@precisionclick[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@pro-market[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@qnsr[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@questionmarket[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@realmedia[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@revenue[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@revsci[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@screensavers[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@serving-sys[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@specificclick[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@spylog[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@statcounter[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@trafficmp[1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@tribalfusion[2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ADAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@zedo[1].txt
.doubleclick.net [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.mediaplex.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.advertising.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.advertising.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.advertising.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.advertising.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.atdmt.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.livedealcom.112.2o7.net [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.meetupcom.122.2o7.net [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.offers.animaladnetwork.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.offers.animaladnetwork.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.offers.animaladnetwork.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.offers.animaladnetwork.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.offers.animaladnetwork.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.offers.animaladnetwork.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.questionmarket.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.questionmarket.com [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
.fastclick.net [ C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\1529zcnt.default\cookies.txt ]
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@247realmedia[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@adbrite[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@adinterax[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@advertising[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@atdmt[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@bfast[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@bizrate[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@casalemedia[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@clicksor[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@doubleclick[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@fastclick[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@hitbox[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@imrworldwide[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@insightexpressai[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@interclick[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@jocurisexy[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@kontera[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@linksynergy[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@mediaonenetwork[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@mediaplex[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@overture[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@partner2profit[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@questionmarket[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@realmedia[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@revenue[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@revsci[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@serving-sys[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@specificclick[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@specificmedia[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@tacoda[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@trafficmp[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@tribalfusion[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@xiti[1].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@yadro[2].txt
C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@zedo[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@247realmedia[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@247realmedia[3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@2o7[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@2o7[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@adbrite[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@adbureau[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@adcentriconline[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@adinterax[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@adlegend[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@adrevolver[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@advertising[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@advertising[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@advertising[3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@advertising[4].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@advertising[6].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@adxpose[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@apmebf[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@apmebf[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@atdmt[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@atwola[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@azjmp[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@backcountryoutlet[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@backcountry[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@bizrate[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@bluestreak[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@bluestreak[3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@burstbeacon[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@burstnet[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@burstnet[3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@buyfinders[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@casalemedia[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@centralmediaserver[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@chitika[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@chitika[3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@collective-media[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@crackle[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@dealtime[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@discountthemeparkvacations[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@dmtracker[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@dmtracker[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@doubleclick[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@eyewonder[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@eyewonder[3].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@fastclick[2].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@findaflushot[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\michelle@flightstats[1].txt
C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

Kaspersky log:
SPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 31, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, December 31, 2009 07:40:25
Records in database: 3418688
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\

Scan statistics:
Objects scanned: 154841
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 05:03:33

No threats found. Scanned area is clean.

Selected area has been scanned.

As far as how the computer is running, I am still having the same original problem. I still get the same error when I try to do system restore (Windows has detected file system corruption on OS C:. You must check disk for errors before it can be restored) But when I schedule chk dsk for next time computer starts, check disk doesn't run.

Edited by snickers, 31 December 2009 - 04:31 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP