Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

system unstable internet running wierd [Closed]

Started by jamiemad1 , Nov 11 2011 01:02 PM

  • This topic is locked This topic is locked

#1
jamiemad1
Posted 11 November 2011 - 01:02 PM

jamiemad1

    Member

  • Member
  • PipPip
  • 98 posts
recently my laptop (vista)has been acting unstable and when i go online the mouse is sometime unresponsive i tried to scan with mbam and it would not load right also have just noticed three things on my desktop that probibly should not be there ( ehthumbs_vista.db, desktop.ini, desktop.ini )they are three separate tabs. THANK YOU IN ADVANCE.

OTL logfile created on: 11/11/2011 2:07:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jamie Madigan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.71% Memory free
4.22 Gb Paging File | 2.91 Gb Available in Paging File | 69.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 159.64 Gb Free Space | 85.69% Space Free | Partition Type: NTFS

Computer Name: JAMIEMADIGAN-PC | User Name: Jamie Madigan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 14:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie Madigan\Downloads\OTL.exe
PRC - [2011/11/09 15:29:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 19:12:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/02/22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 17:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/10/25 12:31:20 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 15:29:03 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/14 02:45:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 02:45:29 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/14 02:41:39 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:41:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/03/20 09:09:07 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2007/12/08 13:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/02/15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKslcfc07999)
DRV - [2011/11/11 10:37:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{665F9786-39D4-43B6-9301-5796AB53AE45}\MpKsl47f7bc26.sys -- (MpKsl47f7bc26)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/18 12:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/02/15 17:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/26 19:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/06 22:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/05/18 08:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...m/?a=DidfmadxUO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {a6bbd11f-e0a8-4619-8362-49b5857c2a52}:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://mystart.incre...madxUO&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 19:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 15:29:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 21:08:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/04/24 20:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Extensions
[2011/09/11 16:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions
[2011/08/24 20:36:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/02 22:22:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 18:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions\{a6bbd11f-e0a8-4619-8362-49b5857c2a52}
[2011/03/15 20:03:38 | 000,000,925 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\conduit.xml
[2011/04/26 19:18:19 | 000,002,185 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\MyStart Search.xml
[2010/10/20 14:07:49 | 000,010,043 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\mywebsearch.xml
[2010/10/12 09:59:38 | 000,001,484 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\start-searcher.xml
[2011/11/09 15:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/24 10:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 15:29:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/20 06:47:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 15:29:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jamie Madigan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2011/09/11 16:28:55 | 000,436,581 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15042 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.154.1.9 24.154.1.38 192.168.1.1 24.154.1.9 24.154.1.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBA8A0DE-CAA1-4D5A-8A84-D2FD8D51FFA0}: DhcpNameServer = 24.154.1.9 24.154.1.38 192.168.1.1 24.154.1.9 24.154.1.38
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jamie Madigan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jamie Madigan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70a2857c-4671-11df-9785-806e6f6e6963}\Shell\AutoRun\command - "" = D:\bin\cdviewer.exe
O33 - MountPoints2\{70a2857c-4671-11df-9785-806e6f6e6963}\Shell\launch\command - "" = D:\bin\cdviewer.exe
O33 - MountPoints2\{70a2857c-4671-11df-9785-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{c124ed32-8571-11e0-859b-00219be13642}\Shell - "" = AutoRun
O33 - MountPoints2\{c124ed32-8571-11e0-859b-00219be13642}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 18:02:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 10:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2011/11/11 13:55:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/11 13:26:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/11 12:33:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/11 10:28:41 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 10:28:41 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 18:45:04 | 000,610,744 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/10 18:45:04 | 000,107,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/10 18:02:09 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/24 10:07:30 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/21 18:51:59 | 002,064,445 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\scanner manual.pdf
[2011/10/14 02:39:51 | 000,371,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/10/21 18:51:59 | 002,064,445 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\scanner manual.pdf
[2011/04/25 11:05:56 | 000,000,054 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Roaming\RSBot_Accounts.ini
[2010/10/06 20:52:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/03 09:00:48 | 000,000,085 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Roaming\RSBot Accounts.ini
[2010/07/29 08:06:48 | 000,028,160 | ---- | C] () -- C:\Windows\System32\DvrOcxCHS.dll
[2010/07/27 15:38:34 | 000,860,245 | ---- | C] () -- C:\Windows\System32\RM_DVRNET_DLL.dll
[2010/07/22 14:12:32 | 000,019,968 | ---- | C] () -- C:\Windows\System32\DvrOcxRUS.dll
[2010/06/21 09:24:34 | 000,018,944 | ---- | C] () -- C:\Windows\System32\DvrOcxESP.dll
[2010/06/21 09:24:32 | 000,019,456 | ---- | C] () -- C:\Windows\System32\DvrOcxFRA.dll
[2010/06/21 09:24:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxPTG.dll
[2010/06/21 09:24:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\DvrOcxPTB.dll
[2010/06/21 09:24:28 | 000,018,944 | ---- | C] () -- C:\Windows\System32\DvrOcxDEU.dll
[2010/06/21 09:24:28 | 000,013,824 | ---- | C] () -- C:\Windows\System32\DvrOcxCHT.dll
[2010/06/21 09:24:26 | 000,019,456 | ---- | C] () -- C:\Windows\System32\DvrOcxPLK.dll
[2010/06/21 09:24:24 | 000,019,456 | ---- | C] () -- C:\Windows\System32\DvrOcxITA.dll
[2010/06/21 09:24:24 | 000,018,944 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK.dll
[2010/06/02 07:35:39 | 000,004,096 | -H-- | C] () -- C:\Users\Jamie Madigan\AppData\Local\keyfile3.drm
[2010/05/28 07:01:55 | 000,120,320 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 13:38:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/15 13:38:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/15 12:57:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/14 12:29:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/12 15:40:10 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010/04/12 15:40:07 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010/04/12 15:36:49 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2010/04/12 15:36:49 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2010/04/12 15:36:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2010/04/12 15:36:49 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2010/04/12 15:36:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/04/12 15:12:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010/04/12 14:41:51 | 000,001,356 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Local\d3d9caps.dat
[2009/11/21 08:39:24 | 000,229,442 | ---- | C] () -- C:\Windows\System32\winpubf.dll
[2009/11/21 08:39:24 | 000,196,608 | ---- | C] () -- C:\Windows\System32\nvrfs.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,371,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,610,744 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/24 10:04:14 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2006/05/24 09:40:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ftdiunin.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Users\Jamie Madigan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 15:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jamie Madigan\AppData\Roaming\GARMIN
[2010/04/12 14:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jamie Madigan\AppData\Roaming\TMP
[2011/11/10 18:33:43 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Edited by jamiemad1, 11 November 2011 - 05:27 PM.

  • 0

Advertisements

#2
Blottedisk
Posted 17 November 2011 - 07:39 AM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi jamiemad1,

If you still need help, please follow these steps:


Step 1 | Please download OTL from one of the following mirrors:

This is THE Mirror

--------------------------------------------------------------------

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in your next reply:

OTListIt.txt <-- Will be opened
Extras.txt <-- Will be minimized


Step 2 | Please download GMER from one of the following locations and save it to your desktop:

Main Mirror - This version will download a randomly named file (Recommended)
Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

--------------------------------------------------------------------

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Make sure all options are checked except:
  • IAT/EAT
  • Drives/Partition other than Systemdrive, which is typically C:\
  • Show All (This is important, so do not miss it.)

Posted Image
Click the image to enlarge it

  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#3
jamiemad1
Posted 17 November 2011 - 05:37 PM

jamiemad1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hello and thank you for your help i will post the otl log but when i was scanning the other gmer i got a blue screen and the computer shut down should i try another scan?

OTL logfile created on: 11/17/2011 6:06:02 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jamie Madigan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.35% Memory free
4.22 Gb Paging File | 2.71 Gb Available in Paging File | 64.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 158.02 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive E: | 298.02 Gb Total Space | 275.98 Gb Free Space | 92.61% Space Free | Partition Type: FAT32

Computer Name: JAMIEMADIGAN-PC | User Name: Jamie Madigan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 14:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie Madigan\Downloads\OTL.exe
PRC - [2011/11/09 15:29:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 19:12:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/02/22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 17:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/10/25 12:31:20 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 15:29:03 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/14 02:45:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 02:45:29 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/14 02:41:39 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:41:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/03/20 09:09:07 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2007/12/08 13:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/02/15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl9f8fb395)
DRV - [2011/11/17 07:43:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEC206B7-BDE6-4532-A093-4CE69993C86D}\MpKsl0ca10ea5.sys -- (MpKsl0ca10ea5)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/18 12:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/02/15 17:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/26 19:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/06 22:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/05/18 08:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2398457636-577598120-1540720553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...m/?a=DidfmadxUO
IE - HKU\S-1-5-21-2398457636-577598120-1540720553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-2398457636-577598120-1540720553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2398457636-577598120-1540720553-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKU\S-1-5-21-2398457636-577598120-1540720553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {a6bbd11f-e0a8-4619-8362-49b5857c2a52}:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://mystart.incre...madxUO&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 19:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 15:29:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 21:08:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/04/24 20:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Extensions
[2011/09/11 16:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions
[2011/08/24 20:36:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/02 22:22:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 18:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\extensions\{a6bbd11f-e0a8-4619-8362-49b5857c2a52}
[2011/03/15 20:03:38 | 000,000,925 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\conduit.xml
[2011/04/26 19:18:19 | 000,002,185 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\MyStart Search.xml
[2010/10/20 14:07:49 | 000,010,043 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\mywebsearch.xml
[2010/10/12 09:59:38 | 000,001,484 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\searchplugins\start-searcher.xml
[2011/11/09 15:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/24 10:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 15:29:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/20 06:47:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 15:29:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jamie Madigan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2011/09/11 16:28:55 | 000,436,581 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15042 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2398457636-577598120-1540720553-1000\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-2398457636-577598120-1540720553-1000\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2398457636-577598120-1540720553-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2398457636-577598120-1540720553-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.154.1.9 24.154.1.38 192.168.1.1 24.154.1.9 24.154.1.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBA8A0DE-CAA1-4D5A-8A84-D2FD8D51FFA0}: DhcpNameServer = 24.154.1.9 24.154.1.38 192.168.1.1 24.154.1.9 24.154.1.38
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jamie Madigan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jamie Madigan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70a2857c-4671-11df-9785-806e6f6e6963}\Shell\AutoRun\command - "" = D:\bin\cdviewer.exe
O33 - MountPoints2\{70a2857c-4671-11df-9785-806e6f6e6963}\Shell\launch\command - "" = D:\bin\cdviewer.exe
O33 - MountPoints2\{70a2857c-4671-11df-9785-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{c124ed32-8571-11e0-859b-00219be13642}\Shell - "" = AutoRun
O33 - MountPoints2\{c124ed32-8571-11e0-859b-00219be13642}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 10:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/24 10:03:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/24 10:03:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/24 10:03:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2011/11/17 18:10:16 | 000,000,564 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\87k5xkej - Shortcut.lnk
[2011/11/17 17:57:52 | 000,610,744 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/17 17:57:52 | 000,107,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/17 17:57:36 | 000,122,368 | ---- | M] () -- C:\Users\Jamie Madigan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 17:40:44 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 17:37:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/17 14:54:13 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 14:54:13 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 12:26:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/16 19:08:13 | 000,097,402 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\ArmsCare_Coverage_Form.pdf
[2011/11/13 19:52:19 | 000,000,684 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\Marlin 60 action assy PDF 122109 - Shortcut.lnk
[2011/11/11 21:58:03 | 000,051,962 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\geek.jpg
[2011/11/11 18:26:22 | 000,018,193 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\screen shot.jpg
[2011/11/11 14:25:55 | 000,000,533 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\OTL - Shortcut.lnk
[2011/10/24 10:07:30 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/21 18:51:59 | 002,064,445 | ---- | M] () -- C:\Users\Jamie Madigan\Desktop\scanner manual.pdf

========== Files Created - No Company Name ==========

[2011/11/17 18:10:16 | 000,000,564 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\87k5xkej - Shortcut.lnk
[2011/11/16 19:08:13 | 000,097,402 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\ArmsCare_Coverage_Form.pdf
[2011/11/13 19:52:19 | 000,000,684 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\Marlin 60 action assy PDF 122109 - Shortcut.lnk
[2011/11/11 21:58:03 | 000,051,962 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\geek.jpg
[2011/11/11 18:26:22 | 000,018,193 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\screen shot.jpg
[2011/11/11 14:25:55 | 000,000,533 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\OTL - Shortcut.lnk
[2011/10/21 18:51:59 | 002,064,445 | ---- | C] () -- C:\Users\Jamie Madigan\Desktop\scanner manual.pdf
[2011/04/25 11:05:56 | 000,000,054 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Roaming\RSBot_Accounts.ini
[2010/10/06 20:52:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/03 09:00:48 | 000,000,085 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Roaming\RSBot Accounts.ini
[2010/07/29 08:06:48 | 000,028,160 | ---- | C] () -- C:\Windows\System32\DvrOcxCHS.dll
[2010/07/27 15:38:34 | 000,860,245 | ---- | C] () -- C:\Windows\System32\RM_DVRNET_DLL.dll
[2010/07/22 14:12:32 | 000,019,968 | ---- | C] () -- C:\Windows\System32\DvrOcxRUS.dll
[2010/06/21 09:24:34 | 000,018,944 | ---- | C] () -- C:\Windows\System32\DvrOcxESP.dll
[2010/06/21 09:24:32 | 000,019,456 | ---- | C] () -- C:\Windows\System32\DvrOcxFRA.dll
[2010/06/21 09:24:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxPTG.dll
[2010/06/21 09:24:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\DvrOcxPTB.dll
[2010/06/21 09:24:28 | 000,018,944 | ---- | C] () -- C:\Windows\System32\DvrOcxDEU.dll
[2010/06/21 09:24:28 | 000,013,824 | ---- | C] () -- C:\Windows\System32\DvrOcxCHT.dll
[2010/06/21 09:24:26 | 000,019,456 | ---- | C] () -- C:\Windows\System32\DvrOcxPLK.dll
[2010/06/21 09:24:24 | 000,019,456 | ---- | C] () -- C:\Windows\System32\DvrOcxITA.dll
[2010/06/21 09:24:24 | 000,018,944 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK.dll
[2010/06/02 07:35:39 | 000,004,096 | -H-- | C] () -- C:\Users\Jamie Madigan\AppData\Local\keyfile3.drm
[2010/05/28 07:01:55 | 000,122,368 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 13:38:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/15 13:38:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/15 12:57:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/14 12:29:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/12 15:40:10 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010/04/12 15:40:07 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010/04/12 15:36:49 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2010/04/12 15:36:49 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2010/04/12 15:36:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2010/04/12 15:36:49 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2010/04/12 15:36:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/04/12 15:12:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010/04/12 14:41:51 | 000,001,356 | ---- | C] () -- C:\Users\Jamie Madigan\AppData\Local\d3d9caps.dat
[2009/11/21 08:39:24 | 000,229,442 | ---- | C] () -- C:\Windows\System32\winpubf.dll
[2009/11/21 08:39:24 | 000,196,608 | ---- | C] () -- C:\Windows\System32\nvrfs.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,371,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,610,744 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/24 10:04:14 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2006/05/24 09:40:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ftdiunin.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Edited by jamiemad1, 17 November 2011 - 05:38 PM.

  • 0

#4
jamiemad1
Posted 17 November 2011 - 06:32 PM

jamiemad1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hello,

Ok so I tried again and then I tried in safe mode twice and all 4 times I got a blue screen the only code I could see when restarting was "BAD POOL CALLER " ? I am at a loss thanks again.
  • 0

#5
jamiemad1
Posted 18 November 2011 - 08:58 PM

jamiemad1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
i was able to get a log file from gmer i still will not do a full scan

Attached Files


  • 0

#6
Blottedisk
Posted 18 November 2011 - 09:38 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi jamiemad1, thanks for the logs.

Please download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
jamiemad1
Posted 19 November 2011 - 09:35 AM

jamiemad1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
ok here is combo fix log

ComboFix 11-11-19.03 - Jamie Madigan 11/19/2011 9:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1007 [GMT -5:00]
Running from: c:\users\Jamie Madigan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Object
c:\program files\Object\config.ini
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 15:05 . 2011-11-19 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-19 15:05 . 2011-11-19 15:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-19 02:45 . 2011-11-19 02:45 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\MpKslcd7e1616.sys
2011-11-18 22:53 . 2011-11-18 22:53 -------- d-----w- c:\users\Jamie Madigan\AppData\Local\ElevatedDiagnostics
2011-11-18 16:16 . 2011-11-18 16:16 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\MpKsld01f55e7.sys
2011-11-18 16:15 . 2011-11-19 02:45 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\offreg.dll
2011-11-18 16:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\mpengine.dll
2011-11-18 00:19 . 2011-11-18 00:19 100864 ----a-w- C:\pxxyrkog.sys
2011-11-09 12:47 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 12:47 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:47 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 12:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-10-24 15:04 . 2011-10-24 15:04 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 18:34 . 2011-10-11 18:36 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D3B491-8F5F-4E85-8E24-1BBDF0FA2ADD}\gapaengine.dll
2011-10-07 03:48 . 2010-09-19 03:03 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 09:06 . 2010-05-27 22:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30 . 2011-10-13 13:19 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-14 07:12 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 07:12 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 07:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00 . 2010-04-25 01:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-13 13:19 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 13:19 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-13 13:19 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-13 13:19 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 20:29 . 2011-05-20 11:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-26 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl0ca10ea5;MpKsl0ca10ea5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEC206B7-BDE6-4532-A093-4CE69993C86D}\MpKsl0ca10ea5.sys [x]
R1 MpKsl2c52966d;MpKsl2c52966d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B18F757-41CE-4B9E-B101-4727AE648E96}\MpKsl2c52966d.sys [x]
R1 MpKsl48d75223;MpKsl48d75223;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A984550E-8727-448E-8057-6103EA3CB6D5}\MpKsl48d75223.sys [x]
R1 MpKsl56be8643;MpKsl56be8643;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF836907-E429-4E13-AF6A-EF9ADC4353E0}\MpKsl56be8643.sys [x]
R1 MpKsl70eaa512;MpKsl70eaa512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0818FD9-036F-4282-9BA6-A4D762D4B407}\MpKsl70eaa512.sys [x]
R1 MpKsl90949b27;MpKsl90949b27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB33519-905B-435B-AFD7-3D46DE52E9BB}\MpKsl90949b27.sys [x]
R1 MpKsl9f8fb395;MpKsl9f8fb395;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2BD4B63-AD5C-4E05-B72D-691E4F9986BB}\MpKsl9f8fb395.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKslcd7e1616;MpKslcd7e1616;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\MpKslcd7e1616.sys [2011-11-19 28752]
S1 MpKsld01f55e7;MpKsld01f55e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\MpKsld01f55e7.sys [2011-11-18 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-07 111616]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSLCD7E1616
*Deregistered* - pxxyrkog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 00:10]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 00:10]
.
2011-08-31 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-10-21 19:31]
.
2011-03-30 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-10-21 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/?a=DidfmadxUO
mStart Page = hxxp://www.startsearcher.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.154.1.9 24.154.1.38 192.168.1.1 24.154.1.9 24.154.1.38
FF - ProfilePath - c:\users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=DidfmadxUO&search=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 10:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-19 10:08:42
ComboFix-quarantined-files.txt 2011-11-19 15:08
.
Pre-Run: 170,616,881,152 bytes free
Post-Run: 170,584,920,064 bytes free
.
- - End Of File - - 868CE819ABAF78E4E561DB52493EBA9D

Edited by jamiemad1, 19 November 2011 - 09:35 AM.

  • 0

#8
Blottedisk
Posted 19 November 2011 - 01:42 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Thanks for the log.

Please do the following:


Step 1 | Please go to the following site to scan a file: Virus Total

  • Click on Browse, and upload the following file for analysis:

    • C:\pxxyrkog.sys
      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\MpKsld01f55e7.sys
      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6F49E2-CE0F-4FEC-B7BF-660C2935EC42}\MpKslcd7e1616.sys
  • Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
  • If it says already scanned -- click "reanalyze now"
  • Please post the results in your next reply.

Step 2 | ComboFix - CFScript

WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

DDS::
uStart Page = hxxp://mystart.incredimail.com/?a=DidfmadxUO
mStart Page = hxxp://www.startsearcher.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=DidfmadxUO&search=
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
  • Save it to your desktop as CFScript.txt
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

    Posted Image

    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  • Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **
  • 0

#9
jamiemad1
Posted 19 November 2011 - 09:55 PM

jamiemad1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
OK here are the logs and hey thanks again for helping me after running combo fix just like you said i couldn't access any thing it kept saying illegal action registry key marked for deletion or something like that on all my desktop icons including firefox so i did a restart and everything is running again. Is that ok and normal thank you.


1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
pxxyrkog.sys
Submission date:
2011-11-20 02:59:54 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

2 VT Community user(s) with a total of 4 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
MpKsl88fd1555.sys
Submission date:
2011-11-20 03:15:42 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

THE SECOND ONE YOU WANTED ME TO SCAN IS NO LONGER THERE I COULD NOT FIND IT.




ComboFix 11-11-19.03 - Jamie Madigan 11/19/2011 22:34:05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1127 [GMT -5:00]
Running from: c:\users\Jamie Madigan\Downloads\ComboFix.exe
Command switches used :: c:\users\Jamie Madigan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 03:41 . 2011-11-20 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 03:41 . 2011-11-20 03:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-20 00:53 . 2011-11-20 00:53 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DFAAF3-12BF-4E7D-B91A-077682864125}\MpKsl88fd1555.sys
2011-11-20 00:52 . 2011-11-20 00:52 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DFAAF3-12BF-4E7D-B91A-077682864125}\offreg.dll
2011-11-20 00:52 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DFAAF3-12BF-4E7D-B91A-077682864125}\mpengine.dll
2011-11-18 22:53 . 2011-11-18 22:53 -------- d-----w- c:\users\Jamie Madigan\AppData\Local\ElevatedDiagnostics
2011-11-18 00:19 . 2011-11-18 00:19 100864 ----a-w- C:\pxxyrkog.sys
2011-11-09 12:47 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 12:47 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:47 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 12:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-10-24 15:04 . 2011-10-24 15:04 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 18:34 . 2011-10-11 18:36 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D3B491-8F5F-4E85-8E24-1BBDF0FA2ADD}\gapaengine.dll
2011-10-07 03:48 . 2010-09-19 03:03 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 09:06 . 2010-05-27 22:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30 . 2011-10-13 13:19 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-14 07:12 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 07:12 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 07:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00 . 2010-04-25 01:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-13 13:19 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 13:19 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-13 13:19 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-13 13:19 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 20:29 . 2011-05-20 11:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-26 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl0ca10ea5;MpKsl0ca10ea5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEC206B7-BDE6-4532-A093-4CE69993C86D}\MpKsl0ca10ea5.sys [x]
R1 MpKsl2c52966d;MpKsl2c52966d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B18F757-41CE-4B9E-B101-4727AE648E96}\MpKsl2c52966d.sys [x]
R1 MpKsl48d75223;MpKsl48d75223;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A984550E-8727-448E-8057-6103EA3CB6D5}\MpKsl48d75223.sys [x]
R1 MpKsl56be8643;MpKsl56be8643;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF836907-E429-4E13-AF6A-EF9ADC4353E0}\MpKsl56be8643.sys [x]
R1 MpKsl70eaa512;MpKsl70eaa512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0818FD9-036F-4282-9BA6-A4D762D4B407}\MpKsl70eaa512.sys [x]
R1 MpKsl90949b27;MpKsl90949b27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB33519-905B-435B-AFD7-3D46DE52E9BB}\MpKsl90949b27.sys [x]
R1 MpKsl9f8fb395;MpKsl9f8fb395;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2BD4B63-AD5C-4E05-B72D-691E4F9986BB}\MpKsl9f8fb395.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl88fd1555;MpKsl88fd1555;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DFAAF3-12BF-4E7D-B91A-077682864125}\MpKsl88fd1555.sys [2011-11-20 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-07 111616]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL88FD1555
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 00:10]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 00:10]
.
2011-08-31 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-10-21 19:31]
.
2011-03-30 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-10-21 19:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.154.1.9 24.154.1.38 192.168.1.1 24.154.1.9 24.154.1.38
FF - ProfilePath - c:\users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=DidfmadxUO&search=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 22:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-19 22:43:29
ComboFix-quarantined-files.txt 2011-11-20 03:43
ComboFix2.txt 2011-11-19 15:08
.
Pre-Run: 169,324,728,320 bytes free
Post-Run: 170,538,545,152 bytes free
.
- - End Of File - - 0FEA8BAA626AE514969A3448C11EE27C
  • 0

#10
Blottedisk
Posted 20 November 2011 - 09:43 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Thanks for the logs.

Please do the following:

Step 1 | ComboFix - CFScript

WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

File::
C:\pxxyrkog.sys
  • Save it to your desktop as CFScript.txt
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

    Posted Image

    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  • Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Step 2 | Let's perform an ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image (Selecting Uninstall application on close if you so wish)

  • 0

Advertisements

#11
jamiemad1
Posted 21 November 2011 - 11:00 AM

jamiemad1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ok here are the logs thanks again.

ComboFix 11-11-19.03 - Jamie Madigan 11/21/2011 10:20:10.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1138 [GMT -5:00]
Running from: c:\users\Jamie Madigan\Downloads\ComboFix.exe
Command switches used :: c:\users\Jamie Madigan\Desktop\CFScript.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 15:27 . 2011-11-21 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 15:27 . 2011-11-21 15:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-20 17:16 . 2011-11-20 17:16 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A585EB7-BB1C-4632-93C0-337E93223892}\MpKslaa286fbe.sys
2011-11-20 17:15 . 2011-11-20 17:15 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A585EB7-BB1C-4632-93C0-337E93223892}\offreg.dll
2011-11-20 17:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A585EB7-BB1C-4632-93C0-337E93223892}\mpengine.dll
2011-11-18 22:53 . 2011-11-18 22:53 -------- d-----w- c:\users\Jamie Madigan\AppData\Local\ElevatedDiagnostics
2011-11-18 00:19 . 2011-11-18 00:19 100864 ----a-w- C:\pxxyrkog.sys
2011-11-09 12:47 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 12:47 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:47 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 12:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-10-24 15:04 . 2011-10-24 15:04 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 18:34 . 2011-10-11 18:36 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D3B491-8F5F-4E85-8E24-1BBDF0FA2ADD}\gapaengine.dll
2011-10-07 03:48 . 2010-09-19 03:03 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 09:06 . 2010-05-27 22:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30 . 2011-10-13 13:19 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-14 07:12 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 07:12 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 07:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00 . 2010-04-25 01:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-13 13:19 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 13:19 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-13 13:19 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-13 13:19 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 20:29 . 2011-05-20 11:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-26 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl0ca10ea5;MpKsl0ca10ea5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEC206B7-BDE6-4532-A093-4CE69993C86D}\MpKsl0ca10ea5.sys [x]
R1 MpKsl2c52966d;MpKsl2c52966d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B18F757-41CE-4B9E-B101-4727AE648E96}\MpKsl2c52966d.sys [x]
R1 MpKsl48d75223;MpKsl48d75223;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A984550E-8727-448E-8057-6103EA3CB6D5}\MpKsl48d75223.sys [x]
R1 MpKsl56be8643;MpKsl56be8643;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF836907-E429-4E13-AF6A-EF9ADC4353E0}\MpKsl56be8643.sys [x]
R1 MpKsl70eaa512;MpKsl70eaa512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0818FD9-036F-4282-9BA6-A4D762D4B407}\MpKsl70eaa512.sys [x]
R1 MpKsl90949b27;MpKsl90949b27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB33519-905B-435B-AFD7-3D46DE52E9BB}\MpKsl90949b27.sys [x]
R1 MpKsl9f8fb395;MpKsl9f8fb395;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2BD4B63-AD5C-4E05-B72D-691E4F9986BB}\MpKsl9f8fb395.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKslaa286fbe;MpKslaa286fbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A585EB7-BB1C-4632-93C0-337E93223892}\MpKslaa286fbe.sys [2011-11-20 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-07 111616]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAA286FBE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 00:10]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 00:10]
.
2011-08-31 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-10-21 19:31]
.
2011-03-30 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-10-21 19:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.154.1.9 24.154.1.38 192.168.1.1 24.154.1.9 24.154.1.38
FF - ProfilePath - c:\users\Jamie Madigan\AppData\Roaming\Mozilla\Firefox\Profiles\jcbuc7pe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=DidfmadxUO&search=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 10:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-21 10:30:19
ComboFix-quarantined-files.txt 2011-11-21 15:30
ComboFix2.txt 2011-11-20 03:43
ComboFix3.txt 2011-11-19 15:08
.
Pre-Run: 169,996,742,656 bytes free
Post-Run: 171,213,332,480 bytes free
.
- - End Of File - - 84F2C210794158C701CCB8E9D62EF9F0


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=969eb515e84b764fa797168d4b8dc1df
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-18 04:59:58
# local_time=2011-02-18 11:59:58 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 25765434 134652995 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98079
# found=0
# cleaned=0
# scan_time=2930
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=969eb515e84b764fa797168d4b8dc1df
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-19 06:20:25
# local_time=2011-05-19 02:20:25 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 33544681 142432242 0 0
# compatibility_mode=8192 67108863 100 0 6861803 6861803 0 0
# scanned=101879
# found=0
# cleaned=0
# scan_time=4511
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=969eb515e84b764fa797168d4b8dc1df
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-02 12:24:41
# local_time=2011-09-01 08:24:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 42634695 151522256 0 0
# compatibility_mode=8192 67108863 100 0 15951817 15951817 0 0
# scanned=183710
# found=1
# cleaned=1
# scan_time=8353
C:\Users\Jamie Madigan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\59a9415d-66e062b8 Java/TrojanDownloader.OpenStream.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=969eb515e84b764fa797168d4b8dc1df
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-11 01:54:25
# local_time=2011-11-11 08:54:25 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 48689238 157576799 0 0
# compatibility_mode=8192 67108863 100 0 22006360 22006360 0 0
# scanned=113638
# found=0
# cleaned=0
# scan_time=50394
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=969eb515e84b764fa797168d4b8dc1df
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-21 04:57:37
# local_time=2011-11-21 11:57:37 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 49609870 158497431 0 0
# compatibility_mode=8192 67108863 100 0 22926992 22926992 0 0
# scanned=127231
# found=0
# cleaned=0
# scan_time=4754
  • 0

#12
Blottedisk
Posted 22 November 2011 - 07:27 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Good work.

How's the machine working now?
  • 0

#13
jamiemad1
Posted 22 November 2011 - 09:33 PM

jamiemad1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Thank you. its running decent only problem so far it will not let me back up to my e drive it gives me code of :failed to back up couldnt find file 0x80070002 sound familiar?
  • 0

#14
Blottedisk
Posted 24 November 2011 - 08:30 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Nope, and I can't find any info of it on the web. Is that the exact phrase of the message? If you could provide me with the exact phrase (or with a screenshot of the problem) then I will be able to help you solve it.

Also, what program/software do you use to backup your data to the E drive?
  • 0

#15
Blottedisk
Posted 27 November 2011 - 11:16 AM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Are you still with us?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP