Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect after virus infection! [Closed] [Solved]

Started by Bigrob , Jun 18 2010 08:44 PM

  • This topic is locked This topic is locked

#1
Bigrob
Posted 18 June 2010 - 08:44 PM

Bigrob

    Member

  • Member
  • PipPip
  • 16 posts
In need of help from someone who understands computers. I had a virus called Generic 17 and was caught by Mcafee and AVG after infection. I.E. was destroyed and ATT Tech. helped restore internet connection. Problems now persist on the computer like redirects after search on any search engine. Redirects to News 11 Today and other sites. Computer slowes down till it freezes.
I have downloaded numerous addware killers/fixups but I think I just made things worse. Running Windows XP Home Edition on a Dell Computer.
Please help!
Ran Highjackthis and OTL

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:44 PM, on 6/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB04757 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6087.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e103dce45...ad/MsnPUpld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave...esPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9f6de450c1c6) (gupdate1c9f6de450c1c6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

--
End of file - 11033 bytes




OTL Scann

OTL Extras logfile created on: 6/18/2010 6:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Robert Salinas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 67.52 Gb Free Space | 62.18% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 17.16 Gb Free Space | 46.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DD2TDY91
Current User Name: Robert Salinas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{38BFF930-86E6-4061-8951-88E506760E78}" = The Fairly OddParents Demo
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{703DE3AE-513C-11D6-B2F9-0002A5E32BEF}" = Pinball Panic
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90}" = Finding Nemo: Nemo's Underwater World of Fun Special Edition
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{801D8B6D-8B1A-4796-8F3E-E1978BE0B24C}" = SpongeBob SquarePants - Battle for Bikini Bottom DEMO
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110206700}" = Bejeweled
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111547587}" = Rack em Up Road Trip
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111974123}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112583940}" = Burger Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112946753}" = Burger Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112965177}" = Bird Pirates
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113606753}" = Monopoly
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114831207}" = Doggie Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114918200}" = Build-a-Lot 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114940233}" = Pet Shop Hop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114964527}" = Cooking Academy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{88739060-F683-11D3-B761-00105AD153C1}" = Compaq A4000
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3EF1460-CCF9-11D4-B231-0050DACD394D}" = Disney's Winnie the Pooh Kindergarten
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}" = Wal-Mart Digital Photo Manager
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DDC2B636-4F9F-4241-9B15-4DF12C97CF4A}" = Studio 11
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FF4A64B8-1AA6-4AA9-9544-54A7ECF0CE22}" = muvee autoProducer 3.5 magicMoments
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Connectivity Services" = AOL Connectivity Services
"ATT-PRT22" = ATT-PRT22
"AVG9Uninstall" = AVG Free 9.0
"Buzz Lightyear 1st Grade" = Disney/Pixar's Buzz Lightyear 1st Grade
"Captain Keyboard" = Captain Keyboard
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Digital Images Manager" = Digital Images Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90}" = Finding Nemo: Nemo's Underwater World of Fun Special Edition
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"mysterypitmthevegasheist" = Mystery P.I.™ - The Vegas Heist
"MyWebSearch bar Uninstall" = My Web Search (Webfetti)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personalized Learning Center" = Personalized Learning Center
"PhoTagsExpress" = PhoTags Express
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"Reader Rabbit 1st Grade" = Reader Rabbit 1st Grade
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Ringling Bros. - Frankie Goes to the Circus" = Ringling Bros. - Frankie Goes to the Circus
"Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Suzuki Alstare Extreme Racing" = Suzuki Alstare Extreme Racing
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2010 2:36:58 PM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 5:23:59 PM | Computer Name = DD2TDY91 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.2.1.6, faulting module
quicktime.qts, version 7.62.14.0, fault address 0x00164d10.

Error - 3/27/2010 2:38:12 AM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 2:38:15 AM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 12:10:17 PM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 12:10:17 PM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 12:10:17 PM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 12:10:17 PM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 12:10:17 PM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 1:24:56 AM | Computer Name = DD2TDY91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/24/2010 3:30:54 PM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/25/2010 1:20:46 PM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/26/2010 11:28:16 AM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/27/2010 11:46:18 AM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/27/2010 5:42:16 PM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/28/2010 1:44:45 AM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/28/2010 11:25:48 AM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/29/2010 9:37:05 AM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/29/2010 9:56:34 AM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 3/29/2010 10:03:06 AM | Computer Name = DD2TDY91 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2


< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 18 June 2010 - 08:48 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Can you please post the contents of the OTL.txt file in your next post?

Edited by SweetTech, 18 June 2010 - 08:48 PM.

  • 0

#3
Bigrob
Posted 18 June 2010 - 09:50 PM

Bigrob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for your reply. I am a novice at this, and I will try my best. I hope this is what you asked for, if not please notify.

OTL logfile created on: 6/18/2010 6:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Robert Salinas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 67.52 Gb Free Space | 62.18% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 17.16 Gb Free Space | 46.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DD2TDY91
Current User Name: Robert Salinas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/18 18:00:02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Salinas\Desktop\OTL.exe
PRC - [2010/06/18 17:38:41 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010/06/02 13:53:15 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 13:53:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 13:53:07 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 13:52:06 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 13:52:02 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/15 12:53:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/20 12:27:18 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 18:19:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2001/03/20 15:01:55 | 000,241,664 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/06/18 18:00:02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Salinas\Desktop\OTL.exe
MOD - [2010/03/20 12:30:49 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2008/05/12 21:11:13 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/09/08 19:20:04 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
SRV - [2010/05/15 12:53:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/02/09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2004/10/20 09:40:04 | 000,010,328 | ---- | M] (America Online) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/08/04 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 13:53:11 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 13:53:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/15 12:55:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/14 11:27:32 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 13:41:21 | 000,026,112 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\memstpci.sys -- (MemStPCI) Sony Memory Stick controller (PCI)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/04 09:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/21 10:14:52 | 000,019,712 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/20 12:30:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe File not found
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...O/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-e103dce45...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://72.32.179.44/...ewer/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...-131_02-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/25 15:10:15 | 000,000,139 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/18 18:00:27 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert Salinas\Desktop\OTL.exe
[2010/06/18 17:37:44 | 000,186,946 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Robert Salinas\Desktop\AntiPuper.exe
[2010/06/18 17:29:41 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Robert Salinas\Desktop\ccsetup232.exe
[2010/06/18 17:28:08 | 000,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Robert Salinas\Desktop\KillBox.exe
[2010/06/18 17:25:34 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/06/18 17:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2010/06/18 17:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/18 17:17:32 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2010/06/18 15:12:35 | 000,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/06/18 14:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/06/18 14:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/06/18 14:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Salinas\Local Settings\Application Data\Downloaded Installations
[2010/06/17 12:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/17 12:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Salinas\Local Settings\Application Data\Threat Expert
[2010/06/17 09:53:37 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/17 09:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/14 21:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2010/06/13 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/10 19:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Salinas\.java
[2010/06/06 14:20:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/06 13:32:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/06 13:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Salinas\Local Settings\Application Data\Microsoft Corporation
[2010/06/06 13:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/05/22 18:23:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/19 18:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/19 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/15 12:56:10 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/15 12:56:06 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/15 12:55:56 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/15 12:55:52 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/15 12:55:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/15 12:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/15 11:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/05/15 11:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/05/15 11:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-PRT22-WISE
[2010/05/15 11:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2010/05/14 23:40:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/05/14 23:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/05/14 23:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/05/14 23:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/14 00:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/14 00:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/14 00:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Salinas\Local Settings\Application Data\wkacmjtmf
[2010/04/02 17:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Salinas\Tracing
[2010/04/02 17:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/02 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/04/02 17:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/04/02 17:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/02 17:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/31 22:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/03/28 00:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/03/28 00:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/03/27 23:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Robert Salinas\My Documents\*.tmp files -> C:\Documents and Settings\Robert Salinas\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/18 18:05:20 | 001,202,464 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/06/18 18:00:27 | 000,039,712 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/06/18 18:00:02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Salinas\Desktop\OTL.exe
[2010/06/18 17:43:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 17:38:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Robert Salinas\Desktop\HijackThis.lnk
[2010/06/18 17:37:44 | 000,186,946 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Robert Salinas\Desktop\AntiPuper.exe
[2010/06/18 17:29:41 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Robert Salinas\Desktop\ccsetup232.exe
[2010/06/18 17:28:08 | 000,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Robert Salinas\Desktop\KillBox.exe
[2010/06/18 17:17:32 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2010/06/18 16:40:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/18 16:40:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/18 16:40:32 | 803,262,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/18 16:39:48 | 000,015,992 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/06/18 16:39:48 | 000,004,436 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/06/18 16:39:23 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Robert Salinas\NTUSER.DAT
[2010/06/18 16:39:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Robert Salinas\ntuser.ini
[2010/06/18 15:24:26 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/06/18 15:18:08 | 000,004,724 | ---- | M] () -- C:\rollback.ini
[2010/06/18 12:40:54 | 061,169,358 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/18 12:35:17 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/06/17 23:16:28 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Robert Salinas\Desktop\iTunes.lnk
[2010/06/17 22:52:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Robert Salinas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 21:08:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0cf8dfec947c.job
[2010/06/13 15:42:40 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1010.job
[2010/06/13 15:42:40 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1010.job
[2010/06/13 09:44:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/12 21:11:30 | 001,580,410 | -H-- | M] () -- C:\Documents and Settings\Robert Salinas\Local Settings\Application Data\IconCache.db
[2010/06/12 21:11:21 | 000,000,070 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/06/09 22:53:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/06/02 13:53:11 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 13:53:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 21:22:16 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1009.job
[2010/06/01 21:22:16 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1009.job
[2010/05/29 11:08:43 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1006.job
[2010/05/29 11:08:43 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1006.job
[2010/05/21 22:02:07 | 000,002,448 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/05/21 20:01:34 | 000,000,268 | ---- | M] () -- C:\WINDOWS\System32\PDPCustomPaper.dat
[2010/05/16 16:49:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 12:56:13 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/05/15 12:56:12 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/15 12:55:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/15 12:55:52 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/14 23:26:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/28 19:30:56 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/28 19:30:56 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/28 19:30:55 | 000,525,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/19 17:33:27 | 000,000,721 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 12:20:53 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\CD UNINSTALL SOLUTION.job
[2010/04/03 18:55:35 | 000,006,686 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/03 18:55:32 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\D73B796550.sys
[2010/04/02 17:12:52 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Robert Salinas\My Documents\My Sharing Folders.lnk
[2010/04/02 13:40:26 | 000,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/02 13:40:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/29 17:23:56 | 000,127,440 | ---- | M] () -- C:\Documents and Settings\Robert Salinas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/29 00:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/28 00:43:35 | 000,440,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Robert Salinas\My Documents\*.tmp files -> C:\Documents and Settings\Robert Salinas\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/18 17:38:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Robert Salinas\Desktop\HijackThis.lnk
[2010/06/18 16:22:34 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Robert Salinas\LuResult.txt
[2010/06/18 15:24:26 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/06/18 15:18:33 | 001,191,712 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/06/18 15:18:33 | 000,039,712 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/06/18 15:18:33 | 000,015,992 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/06/18 15:18:33 | 000,004,436 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/06/18 15:18:05 | 000,004,724 | ---- | C] () -- C:\rollback.ini
[2010/06/17 09:53:38 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/15 21:08:55 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0cf8dfec947c.job
[2010/05/15 12:56:13 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/05/15 12:55:52 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/15 12:55:46 | 061,169,358 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/15 00:12:11 | 803,262,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/10 12:20:53 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\CD UNINSTALL SOLUTION.job
[2010/04/02 10:50:55 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1010.job
[2010/04/02 10:50:55 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1010.job
[2010/03/27 17:06:35 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1009.job
[2010/03/27 17:06:33 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1009.job
[2009/05/25 16:31:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/05/25 16:24:56 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2009/05/25 14:57:04 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2009/05/25 14:57:04 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2009/05/25 14:57:04 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2009/05/25 14:57:04 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2009/05/25 14:57:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2009/03/05 23:22:15 | 000,004,256 | R--- | C] () -- C:\WINDOWS\System32\CAStatus.ini
[2008/11/17 14:24:24 | 000,002,448 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/04 00:45:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/09/09 14:53:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/02/26 12:39:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nsprof.dll
[2006/10/30 22:33:30 | 000,000,168 | ---- | C] () -- C:\WINDOWS\Clipbook.INI
[2006/09/02 10:34:22 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/07/06 20:10:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/06 19:32:11 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/03 20:28:44 | 000,000,439 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2006/06/02 11:37:38 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5065793BD7.sys
[2006/05/14 10:33:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/05/14 10:17:00 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/14 10:17:00 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/14 10:17:00 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/05/14 10:16:07 | 000,001,732 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/05/10 13:55:03 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/10 13:55:03 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D73B796550.sys
[2006/05/08 13:57:25 | 000,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/05/08 13:55:55 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\CA_SUPPORT.INI
[2006/05/03 19:54:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/03 19:50:25 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/03 19:43:39 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/03 19:11:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/03 19:11:06 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/05/15 12:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/06/05 13:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/07/22 13:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2007/12/16 10:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/06/10 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2006/07/06 20:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/01/04 00:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/12/05 22:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/06/18 16:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/25 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/05/25 15:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/06/10 17:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/05 21:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/10/08 18:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/06/30 20:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/06/18 16:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/03 19:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/24 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2007/10/17 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/07/07 21:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/16 00:52:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/05/22 00:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/06/25 17:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\FunWebProducts
[2007/12/16 10:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Grisoft
[2006/08/16 09:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Leadertech
[2007/10/08 17:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\PlayFirst
[2009/05/25 16:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\proDAD
[2007/11/11 16:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Sandlot Games
[2009/05/15 21:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Smilebox
[2007/12/15 21:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\SpywareBot
[2010/05/22 19:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Ubzi
[2009/01/16 00:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Uniblue
[2007/09/12 11:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Viewpoint
[2010/05/19 19:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Viixe
[2008/07/24 20:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Wal-Mart
[2007/11/11 12:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Salinas\Application Data\Wal-Mart Digital Photo Manager
[2010/04/10 12:20:53 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\CD UNINSTALL SOLUTION.job
[2010/06/18 15:24:26 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/03/10 04:00:01 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B132D3E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E65BB25A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E54FA796
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DCBA856
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0971B5CA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CF23EC3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7ADAD10
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2430E4FC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221
< End of report >
  • 0

#4
SweetTech
Posted 18 June 2010 - 09:55 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe File not found
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Robert Salinas\My Documents\*.tmp files -> C:\Documents and Settings\Robert Salinas\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B132D3E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E65BB25A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E54FA796
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DCBA856
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0971B5CA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CF23EC3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7ADAD10
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2430E4FC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller


Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.


Download TDSSKiller from one of the links below:

Zipped Version or Executable (Not Zipped) Version


Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.


Please ensure that you save the TDSSKiller file to you desktop.


If TDSSKiller asks you to close all programs please allow it to do so.


If you see the following:
To finalize removal of infection and avoid loosing of data program will reboot your PC now.
Close all programs and choose Y to restart or N to continue.

Please enter Y and allow TDSSKiller to reboot your computer.


Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.


Please post the content of the TDSSKiller log.



NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running OTL Fix.
3. The log that is produced after running TDSSKiller.
4. The log that is produced after running the ComboFix scan.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#5
Bigrob
Posted 18 June 2010 - 10:16 PM

Bigrob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here you go Sweet Tech,

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B7D3E479-CC68-42B5-A338-938ECE35F419} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.0.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
c:\winnt\Downloaded Program Files\jinstall_1_3_1_02.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{394ed9e4-98e6-11de-97de-0016765b9b2f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{394ed9e4-98e6-11de-97de-0016765b9b2f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{394ed9e4-98e6-11de-97de-0016765b9b2f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{394ed9e4-98e6-11de-97de-0016765b9b2f}\ not found.
File F:\LaunchU3.exe not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Robert Salinas\My Documents\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\*.tmp not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B132D3E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:00C31200 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E65BB25A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E54FA796 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5DCBA856 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0971B5CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3CF23EC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D7ADAD10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2430E4FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Elsa Salinas

User: Jessica Salinas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9567726 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2782 bytes

User: Owner

User: Patricia Salinas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Robby Salinas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Robert Salinas
->Temp folder emptied: 99249 bytes
->Temporary Internet Files folder emptied: 17200951 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 635 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 12685 bytes

Total Files Cleaned = 26.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Elsa Salinas

User: Jessica Salinas
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: Patricia Salinas
->Flash cache emptied: 0 bytes

User: Robby Salinas
->Flash cache emptied: 0 bytes

User: Robert Salinas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06182010_230432

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RXY224VB\140153_21dating_1[1].flv moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RXY224VB\yume_swf_library[1].swf moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3UW1IFM\174957_83The%20Job%20Interview[1].flv moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\WUEEZOGO\Redirect-after-virus-infection-t279924[3].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\WNDI3FN4\bejeweledblitz[1].txt moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\WNDI3FN4\bj2[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\WNDI3FN4\login_status[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\WNDI3FN4\xd_receiver_v0.4[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\UAWSZ2UR\afr[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\UAWSZ2UR\banner[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\UAWSZ2UR\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\AHVOZ86T\10[2].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\AHVOZ86T\iframe[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\Content.IE5\AHVOZ86T\like[1].htm moved successfully.
C:\Documents and Settings\Robert Salinas\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#6
SweetTech
Posted 18 June 2010 - 10:17 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#7
Bigrob
Posted 18 June 2010 - 10:28 PM

Bigrob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
TDSSkiller Log:


23:19:23:750 2228 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
23:19:23:750 2228 ================================================================================
23:19:23:750 2228 SystemInfo:

23:19:23:750 2228 OS Version: 5.1.2600 ServicePack: 3.0
23:19:23:750 2228 Product type: Workstation
23:19:23:750 2228 ComputerName: DD2TDY91
23:19:23:750 2228 UserName: Robert Salinas
23:19:23:750 2228 Windows directory: C:\WINDOWS
23:19:23:750 2228 Processor architecture: Intel x86
23:19:23:750 2228 Number of processors: 1
23:19:23:750 2228 Page size: 0x1000
23:19:23:750 2228 Boot type: Normal boot
23:19:23:750 2228 ================================================================================
23:19:24:281 2228 Initialize success
23:19:24:281 2228
23:19:24:281 2228 Scanning Services ...
23:19:24:921 2228 Raw services enum returned 378 services
23:19:24:937 2228
23:19:24:937 2228 Scanning Drivers ...
23:19:25:765 2228 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:19:25:859 2228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:19:25:968 2228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:19:26:062 2228 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:19:26:140 2228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:19:26:281 2228 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:19:26:359 2228 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:19:26:437 2228 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:19:26:515 2228 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:19:26:578 2228 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:19:26:656 2228 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:19:26:734 2228 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:19:26:843 2228 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:19:26:921 2228 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:19:27:000 2228 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:19:27:125 2228 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:19:27:218 2228 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:19:27:281 2228 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:19:27:375 2228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:19:27:437 2228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:19:27:531 2228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:19:27:625 2228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:19:27:765 2228 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
23:19:27:843 2228 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
23:19:27:921 2228 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
23:19:28:015 2228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:19:28:093 2228 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:19:28:140 2228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:19:28:218 2228 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:19:28:343 2228 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:19:28:406 2228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:19:28:484 2228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:19:28:515 2228 Cdrom (45b3905cd77f38c36cffab1763999917) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:19:28:531 2228 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 45b3905cd77f38c36cffab1763999917, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
23:19:28:531 2228 File "C:\WINDOWS\system32\DRIVERS\cdrom.sys" infected by TDSS rootkit ... 23:19:30:531 2228 Backup copy found, using it..
23:19:30:578 2228 will be cured on next reboot
23:19:30:734 2228 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:19:30:812 2228 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:19:30:890 2228 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:19:30:984 2228 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:19:31:078 2228 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
23:19:31:250 2228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:19:31:328 2228 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
23:19:31:375 2228 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:19:31:406 2228 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
23:19:31:437 2228 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
23:19:31:453 2228 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
23:19:31:484 2228 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
23:19:31:515 2228 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
23:19:31:531 2228 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
23:19:31:609 2228 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
23:19:31:687 2228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:19:31:796 2228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:19:31:906 2228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:19:32:015 2228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:19:32:078 2228 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:19:32:125 2228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:19:32:218 2228 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:19:32:250 2228 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:19:32:390 2228 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:19:32:500 2228 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
23:19:32:625 2228 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:19:32:718 2228 emAudio (ffa45148a2d5d05dbb3c0997e579fc9c) C:\WINDOWS\system32\drivers\emAudio.sys
23:19:32:812 2228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:19:32:890 2228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:19:33:000 2228 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
23:19:33:062 2228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:19:33:140 2228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:19:33:218 2228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:19:33:296 2228 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:19:33:375 2228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:19:33:421 2228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:19:33:500 2228 GearAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:19:33:609 2228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:19:33:640 2228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:19:33:703 2228 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:19:33:828 2228 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:19:33:890 2228 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:19:34:015 2228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:19:34:078 2228 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:19:34:140 2228 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:19:34:250 2228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:19:34:312 2228 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:19:34:421 2228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:19:34:468 2228 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:19:34:609 2228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:19:34:640 2228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:19:34:703 2228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:19:34:812 2228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:19:34:906 2228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:19:34:968 2228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:19:35:046 2228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:19:35:093 2228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:19:35:156 2228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:19:35:250 2228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:19:35:312 2228 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:19:35:390 2228 KLIF (52b115b2be8987038d56b3b2aeb445f5) C:\WINDOWS\system32\DRIVERS\klif.sys
23:19:35:468 2228 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
23:19:35:531 2228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:19:36:203 2228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:19:36:968 2228 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
23:19:37:031 2228 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:19:37:093 2228 MemStPCI (f0f5c4c4bf6018414b066a3600799c77) C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
23:19:37:187 2228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:19:37:250 2228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:19:37:281 2228 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:19:37:312 2228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:19:37:390 2228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:19:37:453 2228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:19:37:531 2228 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
23:19:37:625 2228 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:19:37:734 2228 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:19:37:828 2228 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:19:37:953 2228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:19:38:078 2228 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:19:38:156 2228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:19:38:250 2228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:19:38:328 2228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:19:38:421 2228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:19:38:484 2228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:19:38:562 2228 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:19:38:609 2228 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:19:38:703 2228 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:19:38:828 2228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:19:38:937 2228 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:19:38:984 2228 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:19:39:031 2228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:19:39:062 2228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:19:39:093 2228 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:19:39:125 2228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:19:39:171 2228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:19:39:250 2228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:19:39:312 2228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:19:39:390 2228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:19:39:515 2228 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:19:39:671 2228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:19:39:734 2228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:19:39:796 2228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:19:39:890 2228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:19:40:000 2228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:19:40:062 2228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:19:40:140 2228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:19:40:218 2228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:19:40:421 2228 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:19:40:500 2228 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:19:40:625 2228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:19:40:671 2228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:19:40:703 2228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:19:40:765 2228 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:19:40:843 2228 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:19:40:921 2228 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:19:41:000 2228 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:19:41:078 2228 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:19:41:140 2228 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:19:41:203 2228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:19:41:265 2228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:19:41:312 2228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:19:41:359 2228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:19:41:390 2228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:19:41:437 2228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:19:41:500 2228 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:19:41:625 2228 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:19:41:812 2228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:19:41:906 2228 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
23:19:42:000 2228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:19:42:109 2228 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
23:19:42:250 2228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:19:42:296 2228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:19:42:312 2228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:19:42:421 2228 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:19:42:515 2228 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:19:42:609 2228 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
23:19:42:687 2228 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:19:42:796 2228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:19:42:843 2228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:19:42:906 2228 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
23:19:43:093 2228 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:19:43:187 2228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:19:43:265 2228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:19:43:328 2228 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:19:43:375 2228 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:19:43:437 2228 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:19:43:500 2228 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:19:43:531 2228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:19:43:671 2228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:19:43:796 2228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:19:43:890 2228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:19:43:953 2228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:19:44:015 2228 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:19:44:109 2228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:19:44:203 2228 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:19:44:281 2228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:19:44:390 2228 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:19:44:531 2228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:19:44:593 2228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:19:44:640 2228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:19:44:734 2228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:19:44:843 2228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:19:44:953 2228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:19:45:046 2228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:19:45:125 2228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:19:45:218 2228 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:19:45:312 2228 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:19:45:406 2228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:19:45:484 2228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:19:45:656 2228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:19:45:750 2228 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:19:45:843 2228 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:19:45:890 2228 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:19:45:968 2228 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:19:46:062 2228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:19:46:171 2228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:19:46:187 2228 Reboot required for cure complete..
23:19:46:703 2228 Cure on reboot scheduled successfully
23:19:46:703 2228
23:19:46:703 2228 Completed
23:19:46:703 2228
23:19:46:703 2228 Results:
23:19:46:703 2228 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:19:46:703 2228 File objects infected / cured / cured on reboot: 1 / 0 / 1
23:19:46:703 2228
23:19:46:703 2228 KLMD(ARK) unloaded successfully
  • 0

#8
SweetTech
Posted 19 June 2010 - 10:59 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#9
Bigrob
Posted 20 June 2010 - 09:02 AM

Bigrob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sweettech,

Thanks for all the help. Could not find the Combofix.txt file. Everything working fine. Thank you very much for your help.

Bigrob
  • 0

#10
SweetTech
Posted 20 June 2010 - 11:49 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Look for ComboFix.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.
  • 0

Advertisements

#11
Bigrob
Posted 20 June 2010 - 11:47 PM

Bigrob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry,

Did a complete search and can not find anything other than a Combofix file icon in the c drive but when I click on it the MY Computer users and drives are listed just as if you open my computer. Did a search with Search Files and nothing. I remember Combofix opening and downloading from Microsoft and finishing the program. But no file was created or I did something wrong.
Sorry, I just can't find it.

Rob
  • 0

#12
SweetTech
Posted 21 June 2010 - 10:11 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please re-run ComboFix. Please ensure that all security programs are disabled before running it.

Post the log that it produces after it runs.
  • 0

#13
Bigrob
Posted 23 June 2010 - 10:22 AM

Bigrob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ran Combofix with no problems. Here is the log.

ComboFix 10-06-22.03 - Robert Salinas 06/23/2010 10:54:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.224 [GMT -5:00]
Running from: c:\documents and settings\Robert Salinas\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-19 18:47 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-19 18:05 . 2010-06-19 18:05 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-19 18:04 . 2010-06-19 18:04 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-19 17:56 . 2010-06-19 17:56 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-19 05:38 . 2010-06-19 05:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-19 05:38 . 2010-06-19 05:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-19 05:38 . 2010-06-19 17:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-19 05:38 . 2010-06-23 15:49 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-19 05:33 . 2010-06-19 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-19 04:04 . 2010-06-19 04:04 -------- d-----w- C:\_OTL
2010-06-19 02:29 . 2010-06-19 02:29 388096 ----a-r- c:\documents and settings\Robert Salinas\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-18 22:25 . 2010-06-18 22:25 -------- d-----w- C:\!KillBox
2010-06-18 22:19 . 2010-06-18 22:19 -------- d-----w- c:\program files\Trend Micro
2010-06-18 22:17 . 2010-06-18 22:17 812344 ----a-w- c:\program files\HJTInstall.exe
2010-06-18 20:24 . 2010-06-18 20:24 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-06-18 20:18 . 2010-06-23 16:04 4150304 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-18 20:18 . 2010-06-23 16:04 114720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-18 19:56 . 2010-06-18 21:27 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-06-18 19:56 . 2010-06-18 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-06-18 19:44 . 2010-06-18 19:44 -------- d-----w- c:\documents and settings\Robert Salinas\Local Settings\Application Data\Downloaded Installations
2010-06-17 17:39 . 2010-06-17 17:39 -------- d-----w- c:\program files\ESET
2010-06-17 17:03 . 2010-06-17 17:03 -------- d-----w- c:\documents and settings\Robert Salinas\Local Settings\Application Data\Threat Expert
2010-06-17 14:33 . 2010-06-18 21:40 -------- d-----w- c:\program files\Spyware Doctor
2010-06-15 02:22 . 2010-06-15 02:22 -------- d-----w- c:\program files\KingsIsle Entertainment
2010-06-13 22:33 . 2010-06-13 22:54 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-11 00:20 . 2010-06-11 00:20 -------- d-----w- c:\documents and settings\Robert Salinas\.java
2010-06-06 19:20 . 2010-06-06 19:23 -------- dc-h--w- c:\windows\ie8
2010-06-06 18:32 . 2010-06-06 18:32 -------- d-----w- c:\windows\Performance
2010-06-06 18:30 . 2010-06-06 18:30 -------- d-----w- c:\documents and settings\Robert Salinas\Local Settings\Application Data\Microsoft Corporation
2010-06-06 18:27 . 2010-06-06 18:34 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 06:06 . 2010-06-18 20:18 53312 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-23 06:06 . 2010-06-18 20:18 11300 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-20 16:33 . 2006-05-19 03:09 268 ----a-w- c:\windows\system32\PDPCustomPaper.dat
2010-06-20 01:33 . 2010-04-02 22:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-19 04:20 . 2004-08-04 03:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-19 02:16 . 2008-03-12 23:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-18 21:32 . 2006-05-04 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-18 21:31 . 2007-09-03 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-18 18:40 . 2006-05-04 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-17 19:18 . 2006-05-09 22:43 -------- d-----w- c:\program files\MSN Messenger
2010-06-17 17:01 . 2007-12-27 05:35 -------- d-----w- c:\program files\PopCap Games
2010-06-17 16:59 . 2007-09-03 17:20 -------- d-----w- c:\program files\MSN Games
2010-06-13 02:11 . 2007-09-03 21:08 70 ----a-w- c:\windows\popcinfo.dat
2010-06-06 19:19 . 2007-11-24 03:18 -------- d-----w- c:\program files\Google
2010-05-23 00:24 . 2006-10-13 17:33 -------- d-----w- c:\documents and settings\Robert Salinas\Application Data\Ubzi
2010-05-22 17:06 . 2009-09-04 00:03 -------- d-----w- c:\documents and settings\Robert Salinas\Application Data\U3
2010-05-20 00:51 . 2008-07-03 18:59 -------- d-----w- c:\documents and settings\Robert Salinas\Application Data\Viixe
2010-05-15 17:51 . 2009-02-03 00:59 -------- d-----w- c:\program files\AVG
2010-05-15 16:07 . 2010-05-15 16:05 -------- d-----w- c:\program files\ATT-PRT22-WISE
2010-05-15 16:06 . 2010-05-15 16:05 -------- d-----w- c:\program files\Common Files\Motive
2010-05-15 16:05 . 2010-05-15 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-05-15 16:05 . 2010-05-15 16:05 -------- d-----w- c:\program files\ATT
2010-05-15 04:39 . 2010-05-15 04:38 -------- d-----w- c:\program files\Bing Bar Installer
2010-05-15 04:28 . 2010-05-15 04:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2010-05-15 04:26 . 2010-05-15 04:26 127440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-15 04:17 . 2010-05-15 04:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-03 23:55 . 2006-05-10 18:55 6686 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-03 23:55 . 2006-05-10 18:55 88 -csh--r- c:\windows\system32\D73B796550.sys
2010-03-29 22:23 . 2006-05-08 18:59 127440 -c--a-w- c:\documents and settings\Robert Salinas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-14 03:22 . 2007-04-14 03:22 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-07-04 01:45 . 2006-07-04 01:37 50748 -c--a-w- c:\program files\Pict0001.JPG
2006-07-04 01:45 . 2006-07-04 01:33 29885382 -c--a-w- c:\program files\Pict0002.BMP
2006-07-04 01:37 . 2006-07-04 01:37 3744 -c--a-w- c:\program files\Pict0002.JPG
2006-07-04 01:30 . 2006-07-04 01:30 1080054 -c--a-w- c:\program files\Pict0001.BMP
2010-01-16 06:48 . 2006-06-02 16:37 104 -csh--r- c:\windows\system32\5065793BD7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"ABBYY Community Agent"="c:\progra~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-03-20 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-20 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-19 2065248]

c:\documents and settings\Patricia Salinas\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-24 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-3 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-19 05:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq A4000 Settings Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq A4000 Settings Utility.lnk
backup=c:\windows\pss\Compaq A4000 Settings Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=c:\windows\pss\Forget Me Not.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEUSBTip
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SageCC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 14:40 34904 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-21 03:01 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAPDPSRV]
2001-09-25 22:58 45056 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\CApdpsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 00:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 00:22 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-02-03 18:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 00:23 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-20 17:27 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SeaPort"=2 (0x2)
"RasMan"=3 (0x3)
"HidServ"=2 (0x2)
"Eventlog"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/19/2010 12:38 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/19/2010 12:56 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/19/2010 12:36 AM 308064]
S2 gupdate1c9f6de450c1c6;Google Update Service (gupdate1c9f6de450c1c6);c:\program files\Google\Update\GoogleUpdate.exe [6/26/2009 11:16 PM 133104]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\memstpci.sys [3/28/2008 11:51 PM 26112]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0cf8dfec947c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 04:15]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 04:15]

2010-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1827217743-505614985-2339907569-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1827217743-505614985-2339907569-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = -
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
SafeBoot-klmdb.sys
MSConfigStartUp-McAfeeUpdaterUI - c:\program files\Network Associates\Common Framework\UpdaterUI.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-ShStatEXE - c:\program files\Network Associates\VirusScan\SHSTAT.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 11:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-06-23 11:10:07
ComboFix-quarantined-files.txt 2010-06-23 16:10

Pre-Run: 77,072,183,296 bytes free
Post-Run: 77,156,515,840 bytes free

- - End Of File - - 5EC0E3DAFD3BFE9F4E0EBEFE4AEA46C5
  • 0

#14
SweetTech
Posted 23 June 2010 - 10:23 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I would also like to see a list of files quarantined by ComboFix, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Post the contents of that file in your next reply.
  • 0

#15
Bigrob
Posted 24 June 2010 - 11:39 PM

Bigrob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
For your review:

2010-06-23 16:09:14 . 2010-06-23 16:09:14 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-WebCyberCoach_wtrb.reg.dat
2010-06-23 16:08:57 . 2010-06-23 16:08:57 652 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ShStatEXE.reg.dat
2010-06-23 16:08:57 . 2010-06-23 16:08:57 630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MyWebSearch Email Plugin.reg.dat
2010-06-23 16:08:57 . 2010-06-23 16:08:57 676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-My Web Search Bar Search Scope Monitor.reg.dat
2010-06-23 16:08:57 . 2010-06-23 16:08:57 704 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-McAfeeUpdaterUI.reg.dat
2010-06-23 16:08:55 . 2010-06-23 16:08:55 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-klmdb.sys.reg.dat
2010-06-23 16:08:39 . 2010-06-23 16:08:39 163 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-MSKDetectorExe.reg.dat
2010-06-23 16:08:36 . 2010-06-23 16:08:37 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2010-06-23 16:08:36 . 2010-06-23 16:08:36 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2010-06-19 06:18:38 . 2010-06-23 16:00:01 7,892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-06-19 05:57:45 . 2010-06-23 15:50:03 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-07-17 15:40:59 . 2009-07-17 15:40:59 748,924 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robby Salinas\Application Data\ShoppingReport\cs\res2\WhiteList.dbs.vir
2009-07-10 17:24:22 . 2009-07-10 17:24:22 3,968 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robby Salinas\Application Data\ShoppingReport\cs\Config.xml.vir
2009-07-10 17:06:53 . 2009-07-10 17:06:53 286,073 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robby Salinas\Application Data\ShoppingReport\cs\dwld\WhiteList.xip.vir
2009-07-08 02:07:56 . 2009-07-08 02:07:56 748,268 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Patricia Salinas\Application Data\ShoppingReport\cs\res1\WhiteList.dbs.vir
2009-07-06 17:41:47 . 2009-07-06 17:41:47 3,968 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Patricia Salinas\Application Data\ShoppingReport\cs\Config.xml.vir
2009-06-25 19:07:36 . 2009-06-25 19:07:36 285,791 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Patricia Salinas\Application Data\ShoppingReport\cs\dwld\WhiteList.xip.vir
2009-06-16 04:00:17 . 2009-06-16 04:00:18 748,116 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jessica Salinas\Application Data\ShoppingReport\cs\res1\WhiteList.dbs.vir
2009-06-16 03:58:46 . 2009-06-16 04:40:22 3,508 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jessica Salinas\Application Data\ShoppingReport\cs\db\Sites.dbs.vir
2009-06-16 03:58:29 . 2009-06-16 04:40:22 6,808 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jessica Salinas\Application Data\ShoppingReport\cs\db\Aliases.dbs.vir
2009-06-16 03:57:12 . 2009-06-16 05:19:39 108 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jessica Salinas\Application Data\ShoppingReport\cs\report\send_storage.xml.vir
2009-06-16 03:57:09 . 2009-06-16 05:19:38 57 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jessica Salinas\Application Data\ShoppingReport\cs\report\aggr_storage.xml.vir
2009-06-11 21:49:16 . 2009-06-11 21:49:16 3,968 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jessica Salinas\Application Data\ShoppingReport\cs\Config.xml.vir
2009-06-10 18:05:56 . 2009-06-10 18:05:56 285,740 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jessica Salinas\Application Data\ShoppingReport\cs\dwld\WhiteList.xip.vir
2009-05-21 22:09:56 . 2009-09-28 22:35:49 123 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\0008D673.vir
2009-05-10 18:14:25 . 2009-07-08 02:07:46 94,312 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Patricia Salinas\Application Data\ShoppingReport\cs\db\Sites.dbs.vir
2009-05-10 18:14:22 . 2009-07-08 02:07:46 36,960 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Patricia Salinas\Application Data\ShoppingReport\cs\db\Aliases.dbs.vir
2009-05-10 18:14:12 . 2009-07-08 02:25:11 108 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Patricia Salinas\Application Data\ShoppingReport\cs\report\send_storage.xml.vir
2009-05-10 18:14:12 . 2009-05-23 05:19:52 57 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Patricia Salinas\Application Data\ShoppingReport\cs\report\aggr_storage.xml.vir
2009-05-02 23:04:34 . 2009-07-23 15:24:54 652,440 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robby Salinas\Application Data\ShoppingReport\cs\db\Sites.dbs.vir
2009-05-02 23:04:31 . 2009-07-23 15:24:54 92,176 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robby Salinas\Application Data\ShoppingReport\cs\db\Aliases.dbs.vir
2009-05-02 23:04:24 . 2009-07-23 05:11:32 108 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robby Salinas\Application Data\ShoppingReport\cs\report\send_storage.xml.vir
2009-05-02 23:04:24 . 2009-07-23 05:11:31 57 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robby Salinas\Application Data\ShoppingReport\cs\report\aggr_storage.xml.vir
2009-04-20 18:07:03 . 2009-05-21 22:04:45 116 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\000701C3.vir
2009-03-13 05:15:52 . 2009-04-20 05:10:12 116 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\0034CBDE.vir
2009-03-06 04:27:19 . 2009-03-06 04:27:19 2,017 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Read Me.lnk.vir
2009-03-06 04:27:19 . 2009-03-06 04:27:19 2,008 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Ulead Photo Express 4.0 My Custom Edition.lnk.vir
2009-03-06 04:22:26 . 2009-03-06 04:22:26 1,578 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Uninstall Compaq A4000 .lnk.vir
2009-03-06 04:22:26 . 2009-03-06 04:22:26 1,759 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Compaq A4000 Registration.lnk.vir
2009-03-06 04:22:26 . 2009-03-06 04:22:26 1,610 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Compaq A4000 Settings Utility.lnk.vir
2009-03-06 04:22:25 . 2009-03-06 04:22:25 1,580 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Compaq A4000 Firmware Upgrade.lnk.vir
2009-03-06 04:22:25 . 2001-07-30 17:50:44 340 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Compaq Online.url.vir
2009-03-06 04:22:25 . 2001-07-30 17:50:20 344 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Order Supplies.url.vir
2009-03-06 04:22:25 . 2009-03-06 04:22:25 1,617 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Compaq A4000 Properties.lnk.vir
2009-03-06 04:22:25 . 2009-03-06 04:22:25 1,637 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Compaq A4000 Getting Started Guide.lnk.vir
2009-03-06 04:22:25 . 2009-03-06 04:22:25 1,641 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Compaq A4000 \Compaq A4000 Help.lnk.vir
2009-02-04 23:12:56 . 2009-02-04 23:12:56 4,088 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00143A58.bin.vir
2009-01-24 06:02:05 . 2009-01-24 06:02:05 107 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\01584201.vir
2008-09-02 03:24:02 . 2009-02-08 20:49:57 116 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\007EAC19.vir
2008-07-08 18:35:18 . 2008-07-08 18:35:24 61 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini.vir
2008-07-08 18:35:18 . 2008-07-08 18:35:18 91 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst.vir
2008-07-08 18:35:18 . 2008-07-08 18:35:18 4 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\ScreenSaver\Images\0021CF65.urr.vir
2008-06-26 20:17:34 . 2008-06-26 20:17:34 116 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\000593CB.vir
2008-06-25 22:17:04 . 2008-06-25 22:21:43 903 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Robert Salinas\Application Data\FunWebProducts\Data\Robert Salinas\wffavs.dat.vir
2008-06-25 22:16:08 . 2008-06-25 22:16:08 4 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\ScreenSaver\Images\01430DA9.urr.vir
2008-06-23 18:34:15 . 2008-06-23 18:34:15 1,024 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search3.vir
2008-06-23 18:34:13 . 2008-06-23 18:34:13 140 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST.vir
2008-06-23 18:34:13 . 2008-06-23 18:34:13 140 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST.vir
2008-06-23 18:34:13 . 2008-06-23 18:34:13 3,343 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG.vir
2008-06-23 18:34:13 . 2008-06-23 18:34:13 305 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT.vir
2008-06-23 18:34:13 . 2008-06-23 18:34:13 20,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir
2008-06-23 18:34:13 . 2008-06-23 18:34:13 5,446 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV.vir
2008-06-23 18:34:12 . 2008-06-23 18:34:12 20,164 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG.vir
2008-05-13 03:24:16 . 2008-06-05 22:47:12 107 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00549C85.vir
2008-05-13 03:21:59 . 2008-05-13 03:21:59 1,000 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\005285BB.bin.vir
2008-05-13 03:21:59 . 2009-07-15 00:59:35 65,426 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html.vir
2008-05-10 05:11:11 . 2008-05-10 05:11:11 116 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\009FE876.vir
2008-05-10 05:11:11 . 2008-05-10 05:11:11 976 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\009FE7AB.bin.vir
2008-05-10 05:11:10 . 2008-05-10 05:11:10 944 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\009FDB37.bin.vir
2008-05-10 05:11:07 . 2008-05-10 05:11:07 1,928 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\009FD914.bin.vir
2008-05-10 05:11:07 . 2009-07-15 00:59:38 31,236 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html.vir
2008-05-10 05:11:07 . 2009-07-15 00:59:36 25,157 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html.vir
2008-05-09 05:02:25 . 2008-05-09 05:02:25 244 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\0058EA06.bin.vir
2008-05-09 05:02:25 . 2008-05-09 05:02:25 1,192 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\0058E87F.bin.vir
2008-05-09 05:02:25 . 2008-05-09 05:02:25 920 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\0058E6D9.bin.vir
2008-05-09 05:02:24 . 2010-04-29 00:31:44 48,422 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html.vir
2008-05-09 05:02:24 . 2008-05-09 05:02:24 1,644 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\0058CD56.bin.vir
2008-05-09 05:02:24 . 2010-04-29 00:31:44 57,566 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html.vir
2008-05-01 01:00:57 . 2008-05-01 01:00:57 4 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\ScreenSaver\Images\00400F4A.urr.vir
2008-04-25 21:57:18 . 2008-04-25 21:57:18 1,940 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00158CC8.bin.vir
2008-04-25 21:57:17 . 2008-04-25 21:57:17 1,284 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00158362.bin.vir
2008-04-25 21:57:15 . 2008-04-25 21:57:15 1,668 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00158130.bin.vir
2008-04-25 21:57:14 . 2008-04-25 21:57:14 1,724 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00157ECE.bin.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 1,517 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 64 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 4,345 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 724 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 2,570 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 3,036 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 6,205 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 3,753 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 145 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:29 2,044 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\center.htm.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:28 3,630 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:28 1,922 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:28 2,353 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif.vir
2008-04-25 21:57:13 . 2008-06-23 19:16:28 7,792 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\index.htm.vir
2008-04-25 21:57:12 . 2008-04-25 21:57:12 2,288 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00157902.bin.vir
2008-04-25 21:57:12 . 2008-05-09 05:02:26 116 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\0015752A.vir
2008-04-25 21:57:12 . 2009-09-28 22:46:37 140,718 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html.vir
2008-04-25 21:57:12 . 2009-09-28 22:46:45 609,350 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html.vir
2008-04-25 21:57:11 . 2008-04-25 21:57:11 539 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak.vir
2008-04-25 21:57:11 . 2008-06-23 18:34:24 539 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\setting2.htm.vir
2008-04-25 21:57:11 . 2008-04-25 21:57:11 68 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\settings.dat.bak.vir
2008-04-25 21:57:11 . 2008-06-23 18:34:24 68 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\settings.dat.vir
2008-04-25 21:57:11 . 2008-04-25 21:57:11 1,024 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search2.vir
2008-04-25 21:57:11 . 2009-04-14 22:11:31 53,477 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm.vir
2008-04-25 21:57:11 . 2008-05-13 03:21:59 116 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\001570C5.vir
2008-04-25 21:57:09 . 2010-06-02 00:10:44 1,934 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\files.ini.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 12,782 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:19 24 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 7,406 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\SMILEY.ICO.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 7,406 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\WB.ICO.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 10,134 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\PSS.ICO.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 7,406 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\MFC.ICO.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 7,406 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\CM.ICO.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 56,688 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\REVERSI.F3S.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 66,726 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHESS.F3S.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 56,438 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S.vir
2008-04-25 21:57:02 . 2008-06-23 18:34:18 113,081 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:18 243,509 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 149,817 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 155,471 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 43,287 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 122,747 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAID.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 272,367 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 129,559 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 106,998 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\FISH.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 71,675 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\DOG.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 301,118 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 40,516 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON.F3S.vir
2008-04-25 21:57:01 . 2008-06-23 18:34:17 89,655 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S.vir
2008-04-18 21:45:28 . 2007-12-18 19:23:52 258,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\whiteList_plugin.dll.vir
2008-04-18 21:45:28 . 2008-02-29 16:25:50 52 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\version.txt.vir
2008-04-18 21:45:27 . 2008-02-29 16:03:06 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\update.exe.vir
2008-04-18 21:45:27 . 2008-02-29 16:02:54 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\uninstall.exe.vir
2008-04-18 21:45:27 . 2008-02-29 16:26:04 356,352 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbhelper.dll.vir
2008-04-18 21:45:27 . 2007-06-13 19:41:46 4,278 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\powered_yahoo_search.bmp.vir
2008-04-18 21:45:27 . 2008-02-29 16:02:24 7,071 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\options.html.vir
2008-04-18 21:45:27 . 2006-11-30 15:52:30 1,848 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\frzToolbar_logo.bmp.vir
2008-04-18 21:45:27 . 2007-06-22 14:03:26 65,334 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\icons.bmp.vir
2008-04-18 21:45:27 . 2008-02-29 16:26:04 79 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\info.txt.vir
2008-04-18 21:45:27 . 2008-02-29 16:26:04 2,350 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\freeze_us.inf.vir
2008-04-18 21:45:27 . 2008-02-29 16:26:04 225 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\freeze_us.crc.vir
2008-04-18 21:45:27 . 2006-07-13 01:04:22 2,562 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\freeze.bmp.vir
2008-04-18 21:45:27 . 2008-02-29 16:26:00 17,449 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\basis.xml.vir
2008-04-18 21:45:27 . 2008-02-29 16:04:10 27,136 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\autosearch_plugin.dll.vir
2007-12-15 23:20:27 . 2007-12-16 02:23:26 1,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\default.htm.vir
2007-12-15 23:20:17 . 2007-12-15 23:20:17 25,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\amsys\winam.dat.vir
2007-12-15 23:20:16 . 2007-12-15 23:20:16 23,296 ----a-w- C:\Qoobox\Quarantine\C\Program Files\amsys\unins000.dat.vir
2007-12-15 23:20:15 . 2007-12-15 23:20:15 17,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files\amsys\guid.dat.vir
2007-12-15 23:20:15 . 2007-12-15 23:20:15 27,392 ----a-w- C:\Qoobox\Quarantine\C\Program Files\amsys\awmsg.dat.vir
2007-12-15 23:20:15 . 2007-12-15 23:20:15 12,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\acontidialer.txt.vir
2007-12-15 23:20:15 . 2007-12-15 23:20:15 20,736 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\aconti.log.vir
2007-12-15 23:20:10 . 2007-12-15 23:20:10 26,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files\akl\unsetup.dat.vir
2007-12-15 23:20:10 . 2007-12-15 23:20:10 11,008 ----a-w- C:\Qoobox\Quarantine\C\Program Files\akl\readme.txt.vir
2007-12-15 23:20:10 . 2007-12-15 23:20:10 18,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\akl\keylog.txt.vir
2007-12-15 23:20:10 . 2007-12-15 23:20:10 18,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\akl\curlog.htm.vir
2007-12-15 23:19:48 . 2007-12-16 02:21:48 4 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\stfv.bin.vir
2007-12-15 23:08:51 . 2007-12-15 23:08:51 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sznf.ascii.vir
2007-12-15 23:08:50 . 2007-12-15 23:08:51 12 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dpqaqlqx.bin.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 1,791 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\win_logo.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 283 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\x.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 291 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\v.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 3,877 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\warning_icon.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 223 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star_gray_small.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 550 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star_small.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 835 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\style.css.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 821 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\shadow_bg.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 49 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\spacer.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 639 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 425 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star_gray.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 53 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sep_vert.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 2,798 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\shadow.jpg.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 65 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sep_hor.gif.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 25,711 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\screenshot.jpg.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:39 1,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\s_detect.htm.vir
2007-12-15 23:08:13 . 2007-12-15 23:08:13 4,008 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rating.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:39 24,495 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pt.htm.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 979 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_2_name_small.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 1,330 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_features.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 1,204 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\infected.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 215 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\main_back.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 2,214 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_2_header.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 16,977 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_red_protect_your_pc.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 838 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_red_free_scan_bg.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 3,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_red_free_scan.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 877 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_red_bg.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 11,077 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_4.gif.vir
2007-12-15 23:08:12 . 2007-12-15 23:08:12 10,193 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_3.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:12 15,421 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_2.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 28,459 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_1.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 2,922 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\footer_back.jpg.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 3,554 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\download_now_btn.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 8,852 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\download_btn.jpg.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:39 12,457 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\detect.htm.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 3,479 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cell_header_scan.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 3,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cell_header_remove.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 1,373 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cell_footer.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 3,313 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cell_header_block.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 1,647 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\button_freescan.gif.vir
2007-12-15 23:08:11 . 2007-12-15 23:08:11 1,342 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cell_bg.gif.vir
2007-12-15 23:08:10 . 2007-12-15 23:08:11 1,619 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\button_buynow.gif.vir
2007-12-15 23:08:10 . 2007-12-15 23:08:10 11,927 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\box_2.gif.vir
2007-12-15 23:08:10 . 2007-12-15 23:08:10 837 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\blank.gif.vir
2006-05-04 00:51:21 . 2006-05-04 00:51:36 1,105 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\xpsp1hfm.log.vir
2004-08-26 18:12:00 . 2004-08-26 18:12:00 126,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir
2004-08-18 21:47:58 . 2004-08-18 21:47:58 241 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.inf.vir
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP