Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Been highjacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Been highjacked

Unread postby shinybeast » February 11th, 2010, 7:49 pm

Hi Tin1,

We are not giving up yet. Perform the following.

Download and Run ComboFix

Download Combofix by sUBs from one of these links and save it to your Desktop.
IMPORTANT: Before you save it, rename it to tin1.exe and save tin1.exe to your Desktop
Link 1 | Link 2

**Ensure you have disabled ALL anti-virus, anti-malware and firewall programs so they do not interfere with ComboFix.**
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.

  • Double-click tin1.exe to start Combofix (If you get a User Account Control warning, click Allow)
  • If you get a message from ComboFix that a rootkit is detected and it needs to reboot the computer, allow it to do so.
  • Wait for scan to complete. It can take tens of minutes.
  • Do not run any programs or do anything to interfere with ConboFix as it is running.
  • Once finished, a log should open. If not, the log can be located at C:\ComboFix.txt

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Advertisement
Register to Remove

Re: Been highjacked

Unread postby tin1 » February 11th, 2010, 9:03 pm

Hey shinnybeast I think you got it great job. Thank you very much for your help and wisdom. Please let me know your recommendations to keep this pc running smooth.


ComboFix 10-02-11.04 - Mike 02/11/2010 19:24:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.927 [GMT -5:00]
Running from: c:\users\Mike\Downloads\tin1.exe.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Mike\AppData\Roaming\sdra64.exe
c:\users\Mike\AppData\Roaming\SQLite3.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-11 14:34 . 2010-02-11 14:34 -------- d-----w- c:\users\Mike\AppData\Local\Oberon Games
2010-02-11 13:42 . 2010-02-11 13:42 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-02-11 13:42 . 2010-02-11 13:42 -------- d-----w- c:\program files\Mail.com Games
2010-02-09 22:50 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 22:50 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-09 22:50 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 22:50 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 22:50 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-09 22:50 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-09 22:49 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-09 22:49 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-09 22:49 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-09 22:49 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-09 22:49 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-09 22:49 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-09 22:49 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-09 22:49 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-09 22:49 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-09 22:49 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-09 22:49 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 20:46 . 2010-02-10 14:22 -------- d-----w- C:\MGADiagToolOutput
2010-02-09 20:45 . 2010-02-09 20:45 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-08 03:59 . 2010-02-07 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\NAVENG.SYS
2010-02-08 03:59 . 2010-02-07 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\NAVEX15.SYS
2010-02-08 03:59 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\CCERASER.DLL
2010-02-08 03:59 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\ECMSVR32.DLL
2010-02-08 03:59 . 2009-09-17 12:50 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\EECTRL.SYS
2010-02-08 03:59 . 2009-09-17 12:50 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\NAVENG32.DLL
2010-02-08 03:59 . 2009-09-17 12:50 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\NAVEX32A.DLL
2010-02-08 03:59 . 2009-09-17 12:50 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100207.006\ERASER.SYS
2010-02-07 19:02 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-07 19:00 . 2010-02-07 01:38 56982041 ----a-w- c:\programdata\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung_PC_Studio_7.2.24.9.exe
2010-02-07 14:16 . 2010-02-07 14:16 -------- d-----w- c:\program files\iPod
2010-02-07 14:16 . 2010-02-07 14:17 -------- d-----w- c:\program files\iTunes
2010-02-07 14:14 . 2010-02-07 14:14 -------- d-----w- c:\program files\QuickTime
2010-02-07 14:12 . 2010-02-07 14:12 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-07 01:46 . 2010-02-07 01:46 -------- d-----w- c:\programdata\PC Suite
2010-02-07 01:46 . 2010-02-07 01:46 -------- d-----w- c:\users\Mike\AppData\Roaming\PC Suite
2010-02-07 01:45 . 2008-07-03 00:48 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-02-07 01:44 . 2009-01-15 16:11 12160 ----a-w- c:\windows\system32\drivers\ssecwhnt.sys
2010-02-07 01:44 . 2009-01-15 16:11 12160 ----a-w- c:\windows\system32\drivers\ssecwh.sys
2010-02-07 01:44 . 2009-01-15 16:11 14976 ----a-w- c:\windows\system32\drivers\ssecmdfl.sys
2010-02-07 01:44 . 2009-01-15 16:11 114304 ----a-w- c:\windows\system32\drivers\ssecmdm.sys
2010-02-07 01:44 . 2009-01-15 16:11 86528 ----a-w- c:\windows\system32\drivers\ssecbus.sys
2010-02-07 01:44 . 2009-01-15 16:11 12160 ----a-w- c:\windows\system32\drivers\sseccmnt.sys
2010-02-07 01:44 . 2009-01-15 16:11 12160 ----a-w- c:\windows\system32\drivers\sseccm.sys
2010-02-07 01:43 . 2009-08-03 14:22 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-02-07 01:43 . 2009-08-03 14:22 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-02-07 01:43 . 2009-08-03 14:22 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-02-07 01:42 . 2010-02-09 22:30 -------- d-----w- c:\program files\MarkAny
2010-02-06 13:59 . 2010-02-06 13:59 -------- d-----w- c:\users\Mike\AppData\Roaming\Intuit
2010-02-06 13:58 . 2010-02-06 13:58 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-02-06 13:53 . 2010-02-06 13:55 -------- d-----w- c:\programdata\Intuit
2010-02-06 13:53 . 2010-02-06 13:53 -------- d-----w- c:\users\Mike\AppData\Local\IsolatedStorage
2010-02-06 13:53 . 2010-02-06 13:57 -------- d-----w- c:\program files\Common Files\Intuit
2010-02-06 13:53 . 2010-02-06 13:53 -------- d-----w- c:\program files\TurboTax
2010-02-05 02:43 . 2010-02-05 02:43 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-05 02:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-05 02:16 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-05 02:16 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-05 02:16 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-05 01:53 . 2010-02-05 01:53 -------- d-----w- c:\programdata\SlySoft
2010-02-05 01:51 . 2010-02-05 01:51 -------- d-----w- c:\program files\SlySoft
2010-02-05 01:43 . 2010-02-05 01:43 -------- d-----w- c:\program files\Elaborate Bytes
2010-02-04 20:46 . 2010-02-04 20:47 -------- d-----w- c:\windows\system32\ca-ES
2010-02-04 20:46 . 2010-02-04 20:47 -------- d-----w- c:\windows\system32\eu-ES
2010-02-04 20:46 . 2010-02-04 20:47 -------- d-----w- c:\windows\system32\vi-VN
2010-02-04 15:16 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 15:16 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 13:53 . 2010-02-04 15:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 00:15 . 2010-02-01 00:15 -------- d-----w- C:\temp
2010-01-31 17:30 . 2010-01-31 17:31 -------- d-----w- C:\rsit
2010-01-31 17:09 . 2010-01-31 17:09 -------- d-----w- c:\program files\Trend Micro
2010-01-31 13:33 . 2010-01-31 13:33 -------- d-----w- c:\programdata\Quick Heal
2010-01-31 13:31 . 2010-01-31 13:34 -------- d-----w- c:\program files\Quick Heal
2010-01-30 14:37 . 2010-01-31 16:41 -------- d-----w- c:\programdata\PCPitstop
2010-01-30 14:23 . 2010-01-30 14:23 -------- d-----w- c:\users\Mike\AppData\Roaming\Registry Mechanic
2010-01-30 14:22 . 2010-01-30 15:42 -------- d-----w- c:\program files\Reimage
2010-01-29 22:34 . 2010-02-09 22:30 -------- d-----w- c:\program files\Spyware Doctor
2010-01-29 22:34 . 2010-02-09 22:30 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-28 21:40 . 2010-02-05 15:16 -------- d-----w- c:\programdata\pagifali
2010-01-28 21:34 . 2010-02-05 15:16 -------- d-----w- c:\programdata\buyopako
2010-01-28 21:34 . 2010-02-04 14:21 -------- d-----w- c:\programdata\wuwagebe
2010-01-28 19:33 . 2010-01-28 23:14 -------- d-----w- c:\program files\Trojan Remover
2010-01-28 19:33 . 2010-01-28 19:33 -------- d-----w- c:\programdata\Simply Super Software
2010-01-28 19:24 . 2010-01-28 19:24 -------- d-----w- c:\users\Mike\AppData\Roaming\Nero
2010-01-27 13:16 . 2010-01-27 13:29 -------- d-----w- c:\program files\Mass Effect
2010-01-25 08:00 . 2010-01-25 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-01-24 19:40 . 2010-02-07 19:13 -------- d-----w- c:\users\Mike\AppData\Roaming\Samsung
2010-01-24 19:34 . 2010-02-07 01:45 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-01-24 19:34 . 2006-07-24 21:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-24 19:33 . 2010-02-09 22:30 -------- d-----w- c:\program files\Samsung
2010-01-18 13:13 . 2010-01-18 13:13 -------- d-----w- c:\users\Mike\AppData\Roaming\Intermedia Software
2010-01-18 13:13 . 2010-01-18 13:13 -------- d-----w- c:\programdata\Intermedia Software
2010-01-18 13:13 . 2010-01-09 14:59 767488 ---ha-w- c:\programdata\Intermedia Software\Helium 7\Data\LicenseManager2010.dll
2010-01-18 13:13 . 2010-01-18 13:13 -------- d-----w- c:\program files\Intermedia Software
2010-01-18 13:13 . 2003-04-18 20:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-18 13:13 . 2002-02-04 06:43 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-01-16 12:03 . 2010-01-16 12:03 -------- d-----w- c:\programdata\WindowsSearch
2010-01-15 13:06 . 2010-01-15 13:06 -------- d-----w- c:\programdata\Solidshield
2010-01-15 12:51 . 2010-01-15 12:51 -------- d-----w- c:\program files\Ubisoft
2010-01-13 05:53 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 05:53 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 20:45 . 2009-10-11 14:37 -------- d-----w- c:\programdata\PopCap Games
2010-02-10 15:19 . 2009-10-03 15:38 100392 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-10 14:20 . 2009-10-09 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 14:20 . 2009-10-03 16:19 -------- d-----w- c:\users\Mike\AppData\Roaming\uTorrent
2010-02-10 14:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-10 01:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-09 22:30 . 2009-10-07 21:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 22:01 . 2009-12-07 22:16 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-07 18:59 . 2009-12-07 22:16 -------- d-----w- c:\programdata\Installations
2010-02-07 14:21 . 2009-10-04 18:08 -------- d-----w- c:\programdata\Apple Computer
2010-02-07 14:16 . 2009-10-04 18:06 -------- d-----w- c:\program files\Common Files\Apple
2010-02-05 02:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-05 02:43 . 2010-02-05 02:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-05 02:43 . 2010-02-05 02:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-04 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-04 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-04 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-04 20:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-04 20:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-04 20:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-04 17:10 . 2009-10-16 22:43 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
2010-02-04 15:32 . 2010-01-12 14:48 -------- d-----w- c:\users\Mike\AppData\Roaming\WindowsDll
2010-02-04 14:56 . 2009-10-16 22:51 -------- d-----w- c:\users\Mike\AppData\Roaming\skypePM
2010-02-04 14:52 . 2010-01-10 21:57 -------- d-sh--w- c:\users\Mike\AppData\Roaming\lowsec
2010-02-04 14:48 . 2009-10-04 18:53 -------- d-----w- c:\users\Mike\AppData\Roaming\Winamp
2010-02-04 14:48 . 2010-01-10 16:09 -------- d-----w- c:\program files\Super Internet TV
2010-02-04 14:48 . 2009-10-24 13:35 -------- d-----w- c:\program files\WinAVI MP4 Converter
2010-02-04 14:48 . 2009-10-21 23:29 -------- d-----w- c:\program files\AllMyMovies
2010-02-04 14:48 . 2009-10-16 22:42 -------- d-----w- c:\program files\Common Files\Skype
2010-02-04 14:48 . 2009-10-16 22:42 -------- d-----r- c:\program files\Skype
2010-02-04 14:48 . 2009-10-03 20:29 -------- d-----w- c:\program files\JellyFish Light 3.5
2010-02-04 14:48 . 2009-10-03 20:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 12:25 . 2009-10-03 15:38 680 ----a-w- c:\users\Mike\AppData\Local\d3d9caps.dat
2010-01-30 20:21 . 2009-11-10 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-27 15:51 . 2009-10-07 21:19 -------- d-----w- c:\users\Mike\AppData\Roaming\Canon
2010-01-14 16:12 . 2010-01-11 21:30 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 23:29 . 2010-01-10 16:33 -------- d-----w- c:\program files\Lavasoft
2010-01-11 23:29 . 2009-12-20 17:25 -------- d-----w- c:\programdata\Lavasoft
2010-01-02 06:38 . 2010-01-21 19:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 19:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 19:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 19:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 18:08 . 2010-01-01 18:08 -------- d-----w- c:\program files\Cmedia
2010-01-01 13:19 . 2009-10-03 21:26 -------- d-----w- c:\users\Mike\AppData\Roaming\DivX
2009-12-29 02:17 . 2009-12-29 02:17 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-12-29 02:17 . 2009-12-29 02:17 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-29 02:17 . 2009-12-29 02:17 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-12-29 02:08 . 2009-12-29 02:08 -------- d-----w- c:\users\Mike\AppData\Roaming\Logitech
2009-12-29 02:07 . 2009-12-29 02:07 10134 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2009-12-29 02:07 . 2009-12-29 02:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-29 02:06 . 2009-12-29 02:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-29 02:05 . 2009-12-29 02:05 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-29 02:05 . 2009-12-29 02:05 -------- d-----w- c:\programdata\Logitech
2009-12-29 02:05 . 2009-12-29 02:05 -------- d-----w- c:\program files\Logitech
2009-12-29 02:05 . 2009-12-29 02:05 10134 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe
2009-12-29 02:05 . 2009-12-29 02:05 -------- d-----w- c:\users\Mike\AppData\Roaming\InstallShield
2009-12-29 02:04 . 2009-12-29 02:04 -------- d-----w- c:\programdata\LogiShrd
2009-12-20 17:06 . 2009-12-20 17:00 -------- d-----w- c:\users\Mike\AppData\Roaming\Any Video Converter Professional
2009-12-20 17:01 . 2009-12-20 17:00 -------- d-----w- c:\program files\Any Video Converter Professional
2009-12-20 11:37 . 2009-12-20 11:32 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-20 11:33 . 2009-12-20 11:33 -------- d-----w- c:\users\Mike\AppData\Roaming\TuneUp Software
2009-12-20 11:32 . 2009-12-20 11:32 -------- d-----w- c:\programdata\TuneUp Software
2009-12-20 11:32 . 2009-12-20 11:32 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-19 02:54 . 2009-12-19 02:54 -------- d-----w- c:\program files\Coupons
2009-12-18 05:14 . 2009-12-20 11:34 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-18 05:09 . 2009-12-20 11:34 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-12-18 05:08 . 2009-12-20 11:34 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-14 09:00 . 2010-01-09 01:05 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100108.002\CCERASER.DLL
2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-12-08 01:29 . 2009-12-06 16:19 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-07 22:16 . 2009-12-07 22:16 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-27 16:19 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-27 16:19 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-22 22:29 . 2009-11-22 22:29 288256 ----a-w- c:\windows\system32\fmodex.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-04 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-05-14 136080]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-28 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"userinit"=c:\users\Mike\AppData\Roaming\sdra64.exe
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"EPSON Stylus Photo R340 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /FU "c:\windows\TEMP\E_S9C0.tmp" /EF "HKCU"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"BigDogPath"=c:\windows\VM_STI.EXE VIMICRO USB PC Camera 301x
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NPSStartup"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2a,db,48,39,dc,a5,ca,01

R0 amacpi;Microsoft Away Mode System;c:\windows\System32\drivers\null.sys [11/27/2009 11:00 AM 4608]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [7/31/2008 8:45 PM 20616]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [11/4/2009 10:45 AM 172032]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [8/1/2008 3:55 PM 143467]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [2/6/2010 8:43 PM 233472]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/4/2010 10:16 AM 236368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/18/2009 12:12 AM 1044808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/8/2010 8:05 PM 102448]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [2/6/2010 8:43 PM 36608]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2/4/2010 10:16 AM 19160]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 5:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 5:25 AM 251904]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/4/2009 1:45 PM 721904]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [6/17/2009 2:02 PM 29192]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [11/27/2009 10:58 AM 21504]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [5/14/2009 1:31 PM 121744]
S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\System32\drivers\ssecbus.sys [2/6/2010 8:44 PM 86528]
S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\System32\drivers\ssecmdfl.sys [2/6/2010 8:44 PM 14976]
S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\System32\drivers\ssecmdm.sys [2/6/2010 8:44 PM 114304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Mike.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-04 21:07]

2010-02-11 c:\windows\Tasks\Malwarebytes' Scheduled Update for Mike.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-04 21:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 19:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-3019109715-1815328312-2852718085-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-3019109715-1815328312-2852718085-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"

[HKEY_USERS\S-1-5-21-3019109715-1815328312-2852718085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-11 19:34:53
ComboFix-quarantined-files.txt 2010-02-12 00:34

Pre-Run: 280,958,918,656 bytes free
Post-Run: 280,949,956,608 bytes free

- - End Of File - - 17646970B27FEF66FCC00759FB39C3C9


Malwarebytes' Anti-Malware 1.44
Database version: 3723
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/11/2010 7:49:17 PM
mbam-log-2010-02-11 (19-49-17).txt

Scan type: Quick Scan
Objects scanned: 111726
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
tin1
Regular Member
 
Posts: 16
Joined: January 31st, 2010, 1:47 pm

Re: Been highjacked

Unread postby shinybeast » February 12th, 2010, 11:54 am

Hi tin1,

Let's check for leftovers.

ESET Online Scan

Before you begin:
  • Please use Internet Explorer for this scan.
  • Close your browser and right-click the shortcut you use to open Internet Explorer and select Image Run as administrator. Then navigate back to this page.
  • Disable your anti-virus to avoid conflicts. Click here for instructions.
Click here to visit ESET Online Scanner then click Image
  • In the new tab/window that opens, check YES, I accept the Terms of Use then click the green Start button
  • When prompted, allow the Add-On/Active X to install.
  • Under Computer Scan Settings do the following:
    • Ensure that Remove found threats is NOT checked
    • Ensure that Scan archives is checked.
  • Then click Advanced settings and ensure the following are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Start button.
  • The signature database will then be downloaded and the scan will start.
    NOTE: Then scan will take quite some time; the more data to be scanned, the longer it will take. Please be patient.
  • When it is finished, ensure the Uninstall application on close box is NOT checked and click Finish button.
    If you wish, you may uninstall the scanner through Progams and Features after we are finished.
  • Copy the whole line in the code box below.
    Code: Select all
    "%PROGRAMFILES%\ESET\ESET Online Scanner\log.txt"
  • Click Start button and paste the above line in the start search field, then press enter.
  • The log should open, if not, navigate to C:\Program Files\ESET\ESET Online Scanner\ and open the text file named log.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


OTL Scan

  • Close all other open windows, then double-click OTL.exe to start OTL
  • Click Run Scan to start the scan
  • Once it is finished, a log will open (OTL.txt)
  • Please copy and paste the contents of OTL.txt in your next reply.


Please include the ESET and OTL logs in your next reply, along with info on any remaining symptoms.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Been highjacked

Unread postby tin1 » February 13th, 2010, 9:09 am

Hi did the online scan twice got the all clean but no report was created.

OTL logfile created on: 2/13/2010 7:47:31 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Mike\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 271.27 Gb Free Space | 58.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (BlueSoleilCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (BsHelpCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100211.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100211.002\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (ssecmdm) -- C:\Windows\System32\drivers\ssecmdm.sys (MCCI Corporation)
DRV - (ssecmdfl) -- C:\Windows\System32\drivers\ssecmdfl.sys (MCCI Corporation)
DRV - (ssecbus) Samsung Mobile Modem Device driver (WDM) -- C:\Windows\System32\drivers\ssecbus.sys (MCCI Corporation)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 DE E4 CF FD AB CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 08:54:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 09:19:50 | 000,000,000 | ---D | M]

[2009/10/03 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/02/12 19:31:48 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(403)
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\esnipesnipeit@esnipe(400).com
[2009/10/18 10:47:29 | 000,002,217 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\searchplugins\askcom.xml
[2010/02/11 19:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/07 21:32:27 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/02/10 09:29:52 | 000,000,925 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/12 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/11 19:34:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/11 19:34:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/11 19:34:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp
[2010/02/11 19:23:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/11 19:23:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/11 19:23:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/11 19:23:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/11 19:19:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/11 19:19:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/11 09:34:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Oberon Games
[2010/02/11 08:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/02/11 08:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mail.com Games
[2010/02/10 09:16:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/09 17:50:25 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 17:50:25 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 17:49:46 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 17:49:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 17:49:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 17:49:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 15:46:20 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/02/09 15:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/08 10:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Visual Studio 2005
[2010/02/07 14:02:13 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/02/07 09:39:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\extras
[2010/02/07 09:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/07 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/07 09:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/06 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\NPS
[2010/02/06 20:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/02/06 20:46:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\PC Suite
[2010/02/06 20:45:11 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2010/02/06 20:44:43 | 000,114,304 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdm.sys
[2010/02/06 20:44:43 | 000,086,528 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecbus.sys
[2010/02/06 20:44:43 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdfl.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwhnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwh.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccmnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccm.sys
[2010/02/06 20:43:55 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010/02/06 20:43:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\My NPS Files
[2010/02/06 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/02/06 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\TurboTax
[2010/02/06 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intuit
[2010/02/06 08:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/02/06 08:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/02/06 08:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\IsolatedStorage
[2010/02/06 08:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/02/06 08:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2010/02/04 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/02/04 21:18:41 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/02/04 21:18:40 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/02/04 21:18:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/02/04 21:18:10 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/02/04 21:18:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/02/04 21:18:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/02/04 21:18:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/02/04 21:18:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/02/04 21:18:08 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/02/04 21:18:08 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/02/04 21:18:08 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/02/04 21:18:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/02/04 21:18:08 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/02/04 21:18:08 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/02/04 21:18:08 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/02/04 21:18:08 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/02/04 21:18:08 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/02/04 21:18:08 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/02/04 21:18:08 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/02/04 21:18:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/02/04 21:18:08 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/02/04 21:18:08 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/02/04 21:18:08 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/02/04 21:18:08 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/02/04 21:18:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/02/04 21:18:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/02/04 21:18:08 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/02/04 21:18:08 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/02/04 21:17:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/02/04 21:17:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/02/04 21:17:24 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/02/04 21:17:22 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/02/04 21:17:22 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/02/04 21:17:22 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/02/04 21:17:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/02/04 21:17:22 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/02/04 21:17:22 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/02/04 21:17:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/02/04 21:17:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/02/04 21:17:21 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/02/04 21:16:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/02/04 21:16:18 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/02/04 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\AnyDVDHD
[2010/02/04 20:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/02/04 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/02/04 20:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/02/04 15:46:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/02/04 10:16:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/04 10:16:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/04 08:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/31 19:15:58 | 000,000,000 | ---D | C] -- C:\temp
[2010/01/31 12:30:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010/01/31 12:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/31 08:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Quick Heal
[2010/01/31 08:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Heal
[2010/01/30 09:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/01/30 09:23:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Registry Mechanic
[2010/01/30 09:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/01/30 09:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/01/29 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/29 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/28 16:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\pagifali
[2010/01/28 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\wuwagebe
[2010/01/28 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\buyopako
[2010/01/28 14:35:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Simply Super Software
[2010/01/28 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/01/28 14:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/01/28 14:24:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Nero
[2010/01/27 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\BioWare
[2010/01/27 08:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
[2010/01/25 03:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/24 14:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\My Art
[2010/01/24 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Samsung
[2010/01/24 14:34:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2010/01/24 14:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/01/21 14:28:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 14:28:23 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 14:28:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 14:28:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 14:28:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 14:28:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 14:28:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 14:28:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 14:28:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 14:28:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 14:28:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 14:28:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 14:28:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 14:28:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/18 08:13:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intermedia Software
[2010/01/18 08:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Intermedia Software
[2010/01/18 08:13:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2010/01/18 08:13:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010/01/18 08:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intermedia Software
[2010/01/18 08:13:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Helium Music Manager 7
[2010/01/16 07:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/01/15 08:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010/01/15 07:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft

========== Files - Modified Within 30 Days ==========

[2010/02/13 07:47:26 | 002,883,584 | -HS- | M] () -- C:\Users\Mike\ntuser.dat
[2010/02/13 07:01:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/13 03:49:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/13 03:49:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/13 01:14:35 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/13 01:00:16 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/11 20:11:40 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/11 20:11:40 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/11 20:11:40 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/11 20:06:55 | 000,000,952 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2010/02/11 20:06:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/11 20:06:20 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/11 20:04:49 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000001.regtrans-ms
[2010/02/11 20:04:49 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TM.blf
[2010/02/11 20:04:39 | 003,188,350 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/02/11 19:32:48 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/11 08:42:30 | 000,001,904 | ---- | M] () -- C:\Users\Mike\Desktop\Galapago FREE.lnk
[2010/02/11 08:42:30 | 000,001,140 | ---- | M] () -- C:\Users\Mike\Desktop\Mail.com Games.lnk
[2010/02/10 11:52:06 | 000,374,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/10 11:49:52 | 000,004,369 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010/02/10 10:19:22 | 000,000,099 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010/02/10 10:19:10 | 000,100,392 | ---- | M] () -- C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/10 09:29:52 | 000,000,925 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/10 09:16:34 | 000,000,276 | ---- | M] () -- C:\Windows\win.ini
[2010/02/09 20:09:06 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 19:26:45 | 000,092,160 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 17:27:16 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 17:27:16 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/07 15:54:44 | 001,730,004 | ---- | M] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 09:17:13 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | M] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 21:56:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010/02/06 20:42:35 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 08:56:10 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/04 21:43:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 18:25:47 | 000,006,027 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[2010/02/04 18:24:34 | 000,000,488 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2010/02/04 10:16:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 08:50:11 | 000,006,456 | -H-- | M] () -- C:\ProgramData\yebosiye
[2010/02/04 07:25:14 | 000,000,680 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2010/01/28 08:41:51 | 000,427,520 | ---- | M] () -- C:\Users\Mike\Documents\super-bowl-xlii-pool.xls
[2010/01/24 16:39:52 | 005,639,201 | ---- | M] () -- C:\Users\Mike\Documents\ATT_SGH-a797_ug_eng_F12.pdf.pdf
[2010/01/18 08:13:23 | 000,000,909 | ---- | M] () -- C:\Users\Mike\Desktop\Helium Music Manager 7.lnk
[2010/01/15 09:16:53 | 000,000,294 | ---- | M] () -- C:\Users\Mike\Desktop\autorun - Shortcut.lnk
[2010/01/15 06:54:21 | 000,014,892 | ---- | M] () -- C:\Users\Mike\Documents\FOOTBALL GAME TITLE.docx
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\yebosiye
[2010/02/11 19:23:44 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/11 19:23:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/11 19:23:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/11 19:23:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/11 19:23:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/11 08:42:30 | 000,001,904 | ---- | C] () -- C:\Users\Mike\Desktop\Galapago FREE.lnk
[2010/02/11 08:42:30 | 000,001,140 | ---- | C] () -- C:\Users\Mike\Desktop\Mail.com Games.lnk
[2010/02/09 17:37:41 | 000,524,288 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 17:37:41 | 000,524,288 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 17:37:41 | 000,065,536 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TM.blf
[2010/02/07 15:54:41 | 001,730,004 | ---- | C] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 09:17:13 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | C] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 20:43:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/06 20:43:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/02/06 20:42:35 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 08:56:10 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/05 19:25:51 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/05 19:25:41 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/04 21:43:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 10:16:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 09:50:03 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 16:39:44 | 005,639,201 | ---- | C] () -- C:\Users\Mike\Documents\ATT_SGH-a797_ug_eng_F12.pdf.pdf
[2010/01/24 14:38:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/24 14:34:27 | 000,000,766 | ---- | C] () -- C:\Windows\System32\Uninstall.ico
[2010/01/24 14:34:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/18 08:13:23 | 000,000,909 | ---- | C] () -- C:\Users\Mike\Desktop\Helium Music Manager 7.lnk
[2010/01/15 09:16:53 | 000,000,294 | ---- | C] () -- C:\Users\Mike\Desktop\autorun - Shortcut.lnk
[2010/01/15 06:57:31 | 000,427,520 | ---- | C] () -- C:\Users\Mike\Documents\super-bowl-xlii-pool.xls
[2010/01/15 06:54:20 | 000,014,892 | ---- | C] () -- C:\Users\Mike\Documents\FOOTBALL GAME TITLE.docx
[2009/12/08 16:33:44 | 000,000,200 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2009/12/07 22:01:31 | 000,006,027 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/12/07 21:56:25 | 000,000,488 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/12/07 21:36:18 | 000,004,369 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/12/07 21:36:13 | 000,000,099 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/12/07 21:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/12/05 10:21:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 19:24:52 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv39738p1now.sys
[2009/10/16 18:43:39 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2009/10/16 18:43:39 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2009/10/16 17:51:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 16:40:23 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI
[2009/10/04 13:45:00 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/03 16:36:08 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/03 16:36:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/03 16:16:56 | 000,000,164 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2009/10/03 16:16:35 | 000,258,048 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/10/03 16:16:35 | 000,002,125 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2009/10/03 16:16:35 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2009/10/03 16:16:34 | 000,002,423 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009/10/03 15:32:22 | 000,092,160 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 10:38:19 | 000,000,680 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2009/06/17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/04 18:04:44 | 000,000,952 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2008/08/04 17:36:50 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2008/08/01 15:58:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2008/08/01 15:58:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2008/08/01 15:58:14 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2008/08/01 15:56:14 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2008/08/01 15:55:40 | 000,118,880 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2008/08/01 15:55:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/08/01 15:46:30 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/08/01 15:46:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\Mike\Documents\contacts.eml:OECustomProperty
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0295CBF7
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:85DBC22B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
tin1
Regular Member
 
Posts: 16
Joined: January 31st, 2010, 1:47 pm

Re: Been highjacked

Unread postby shinybeast » February 13th, 2010, 5:33 pm

Hi tin1,

Is there is no log in C:\Program Files\ESET\ESET Online Scanner\ folder?


OTL

  • Close all other open windows, then double-click OTL.exe to start OTL
  • Copy all of the text in the code box below and paste it in the white area under Custom Scans/Fixes (under the cyan line at the bottom of the window)
    Code: Select all
    :otl
    @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0295CBF7
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:85DBC22B
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    
    :files
    C:\Users\Mike\AppData\Roaming\lowsec
    C:\ProgramData\pagifali
    C:\ProgramData\wuwagebe
    C:\ProgramData\buyopako
    C:\ProgramData\yebosiye
    
    :commands
    [emptytemp]
  • Close all running programs except for OTL, including all browser windows.
  • Then click Run Fix at the top of the window.
  • Once done, OTL will require a reboot. Please allow it.
  • After reboot, the log should open. Please save the log and post it in your next reply.


Adobe Reader

Adobe Reader is out of date. Older versions have security vulnerabilities and you should update it.

Remove older version:
  • Click Start button
  • Type appwiz.cpl and press Enter to open Programs and Features
  • Right-click Adobe Reader 9.1 in the list and click Uninstall

Install new version:
  • Click Here to download the installer for Adobe Reader and save AdbeRdr930_en_US.exe to a convenient location.
  • Double-click AdbeRdr930_en_US.exe and follow the prompts to install Adobe Reader 9.3


Please include the OTL log and any info on any remaining malware issues.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Been highjacked

Unread postby tin1 » February 13th, 2010, 6:26 pm

hi shinnybeast I updated acrobat to 9.3

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:0295CBF7 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:85DBC22B deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Users\Mike\AppData\Roaming\lowsec folder moved successfully.
C:\ProgramData\pagifali folder moved successfully.
C:\ProgramData\wuwagebe folder moved successfully.
C:\ProgramData\buyopako folder moved successfully.
C:\ProgramData\yebosiye moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 423229 bytes
->Temporary Internet Files folder emptied: 64560417 bytes
->FireFox cache emptied: 137692338 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8015 bytes
RecycleBin emptied: 8920 bytes

Total Files Cleaned = 193.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02132010_171509

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
tin1
Regular Member
 
Posts: 16
Joined: January 31st, 2010, 1:47 pm

Re: Been highjacked

Unread postby shinybeast » February 14th, 2010, 11:21 am

Hello tin1,

Please answer this for me.

Is there no log in C:\Program Files\ESET\ESET Online Scanner\ folder?


I need to know before we can proceed.

Also, how is the computer now? Any malware issues?
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Been highjacked

Unread postby tin1 » February 14th, 2010, 3:33 pm

Hi ran eset scan for a third time nothing found. Only log in eset folder. Computer seems to be running good.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
tin1
Regular Member
 
Posts: 16
Joined: January 31st, 2010, 1:47 pm

Re: Been highjacked

Unread postby shinybeast » February 14th, 2010, 9:56 pm

Hi tin1,

It appears the ESET scan never really got going or did not complete.
Please try this alternative as I want to be sure the computer is clean before we finish up.


Panda Online Scan

Before you begin:
  • You can use Internet Explorer or Firefox for this scan.
  • Close your browser and right-click the shortcut you use to open your browser and select Image Run as administrator. Then navigate back to this page.
Please visit Panda Active Scan to run an online scan
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
      If using Internet Explorer:
    • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
    • Run the ActiveX control, if requested.

      If using Firefox:
    • Allow the ActiveScan plug-in to install.
  • The screen will then show the scanning progress - the scan could take several hours to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply


OTL Quick Scan

  • Close all other open windows, then double-click OTL.exe to start OTL
  • Click Quick Scan to start the scan
  • Once it is finished, a log will open (OTL.txt)
  • Please copy and paste the contents of OTL.txt in your next reply.

Please reply with Panda log (Activescan.txt) and OTL log (OTL.txt)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Been highjacked

Unread postby tin1 » February 15th, 2010, 12:26 am

***********************************************************************************************************************************************************************************
ANALYSIS: 2010-02-14 23:17:18
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus 10.2.3.3000 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@mediaplex[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@burstnet[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@www.burstbeacon[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@server.iad.liveperson[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\low\mike@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@questionmarket[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\users\mike\appdata\roaming\microsoft\windows\cookies\mike@enhance[1].txt
02710108 Generic Trojan Virus/Trojan No 0 Yes No c:\program files\allmymovies\allmymovies.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


OTL logfile created on: 2/14/2010 11:21:33 PM - Run 4
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Mike\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 277.27 Gb Free Space | 59.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (BlueSoleilCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (BsHelpCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 DE E4 CF FD AB CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 08:54:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/13 17:12:41 | 000,000,000 | ---D | M]

[2009/10/03 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/02/14 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(403)
[2010/01/30 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\extensions\esnipesnipeit@esnipe(400).com
[2009/10/18 10:47:29 | 000,002,217 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e0841v79.default\searchplugins\askcom.xml
[2010/02/14 21:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/07 21:32:27 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/02/10 09:29:52 | 000,000,925 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/14 21:12:10 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/02/14 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/02/14 11:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/13 17:15:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/13 17:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/02/13 11:48:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apps
[2010/02/11 19:34:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/11 19:34:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/11 19:34:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp
[2010/02/11 19:23:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/11 19:23:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/11 19:23:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/11 19:23:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/11 19:19:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/11 19:19:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/11 09:34:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Oberon Games
[2010/02/11 08:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/02/11 08:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mail.com Games
[2010/02/10 09:16:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/09 15:46:20 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/02/09 15:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/08 10:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Visual Studio 2005
[2010/02/07 14:02:13 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/02/07 09:39:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\extras
[2010/02/07 09:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/07 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/07 09:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/06 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\NPS
[2010/02/06 20:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/02/06 20:46:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\PC Suite
[2010/02/06 20:44:43 | 000,114,304 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdm.sys
[2010/02/06 20:44:43 | 000,086,528 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecbus.sys
[2010/02/06 20:44:43 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecmdfl.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwhnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssecwh.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccmnt.sys
[2010/02/06 20:44:43 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sseccm.sys
[2010/02/06 20:43:55 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010/02/06 20:43:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\My NPS Files
[2010/02/06 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/02/06 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\TurboTax
[2010/02/06 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intuit
[2010/02/06 08:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/02/06 08:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/02/06 08:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\IsolatedStorage
[2010/02/06 08:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/02/06 08:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2010/02/04 21:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/02/04 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\AnyDVDHD
[2010/02/04 20:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/02/04 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/02/04 20:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/02/04 15:46:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/02/04 15:46:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/02/04 10:16:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/04 10:16:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/04 08:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 14 Days ==========

[2010/02/14 23:23:18 | 002,883,584 | -HS- | M] () -- C:\Users\Mike\ntuser.dat
[2010/02/14 21:38:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/14 21:38:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/14 07:37:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/14 01:09:50 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/14 01:00:08 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/13 17:23:14 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/13 17:23:14 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/13 17:23:14 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/13 17:18:53 | 000,000,952 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2010/02/13 17:18:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/13 17:18:23 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/13 17:16:47 | 000,004,369 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010/02/13 17:16:41 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000001.regtrans-ms
[2010/02/13 17:16:41 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TM.blf
[2010/02/13 17:12:42 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/13 15:52:57 | 000,000,099 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010/02/13 08:44:11 | 003,213,936 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/02/11 19:32:48 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/11 08:42:30 | 000,001,904 | ---- | M] () -- C:\Users\Mike\Desktop\Galapago FREE.lnk
[2010/02/11 08:42:30 | 000,001,140 | ---- | M] () -- C:\Users\Mike\Desktop\Mail.com Games.lnk
[2010/02/10 11:52:06 | 000,374,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/10 10:19:10 | 000,100,392 | ---- | M] () -- C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/10 09:29:52 | 000,000,925 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/10 09:16:34 | 000,000,276 | ---- | M] () -- C:\Windows\win.ini
[2010/02/09 20:09:06 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 19:26:45 | 000,092,160 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 17:27:16 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 17:27:16 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/07 15:54:44 | 001,730,004 | ---- | M] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 09:17:13 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | M] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 21:56:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010/02/06 20:42:35 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 08:56:10 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/04 21:43:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 18:25:47 | 000,006,027 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[2010/02/04 18:24:34 | 000,000,488 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2010/02/04 10:16:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 07:25:14 | 000,000,680 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/02/13 17:12:42 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/11 19:23:44 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/11 19:23:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/11 19:23:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/11 19:23:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/11 19:23:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/11 08:42:30 | 000,001,904 | ---- | C] () -- C:\Users\Mike\Desktop\Galapago FREE.lnk
[2010/02/11 08:42:30 | 000,001,140 | ---- | C] () -- C:\Users\Mike\Desktop\Mail.com Games.lnk
[2010/02/09 17:37:41 | 000,524,288 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 17:37:41 | 000,524,288 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 17:37:41 | 000,065,536 | -HS- | C] () -- C:\Users\Mike\ntuser.dat{3d0d5f0f-15c9-11df-86e7-001167bd8921}.TM.blf
[2010/02/07 15:54:41 | 001,730,004 | ---- | C] () -- C:\Users\Mike\Documents\540 tredmill.pdf
[2010/02/07 09:17:13 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/07 09:14:41 | 000,001,929 | ---- | C] () -- C:\Users\Mike\Desktop\CanoScan Toolbox 4.1.lnk
[2010/02/06 20:43:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/06 20:43:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/02/06 20:42:35 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010/02/06 08:56:10 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/05 19:25:51 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Mike.job
[2010/02/05 19:25:41 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Mike.job
[2010/02/04 21:43:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/04 21:43:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/04 10:16:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 09:50:03 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 14:38:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/24 14:34:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/08 16:33:44 | 000,000,200 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2009/12/07 22:01:31 | 000,006,027 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/12/07 21:56:25 | 000,000,488 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/12/07 21:36:18 | 000,004,369 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/12/07 21:36:13 | 000,000,099 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/12/07 21:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/12/05 10:21:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 19:24:52 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv39738p1now.sys
[2009/10/16 18:43:39 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2009/10/16 18:43:39 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2009/10/16 17:51:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 16:40:23 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI
[2009/10/04 13:45:00 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/03 16:36:08 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/03 16:36:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/03 16:16:56 | 000,000,164 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2009/10/03 16:16:35 | 000,258,048 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/10/03 16:16:35 | 000,002,125 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2009/10/03 16:16:35 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2009/10/03 16:16:34 | 000,002,423 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009/10/03 15:32:22 | 000,092,160 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 10:38:19 | 000,000,680 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2009/06/17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/04 18:04:44 | 000,000,952 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2008/08/04 17:36:50 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2008/08/01 15:58:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2008/08/01 15:58:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2008/08/01 15:58:14 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2008/08/01 15:56:14 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2008/08/01 15:55:40 | 000,118,880 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2008/08/01 15:55:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/08/01 15:46:30 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/08/01 15:46:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/10/03 15:34:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ACD Systems
[2009/12/20 12:06:19 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Any Video Converter Professional
[2010/01/27 10:51:55 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canon
[2009/10/03 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DriverCure
[2009/10/09 16:15:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Forte
[2010/01/18 08:13:33 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Intermedia Software
[2009/11/07 07:45:26 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Obsidium
[2010/02/06 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PC Suite
[2010/01/30 09:23:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Registry Mechanic
[2010/02/07 14:13:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Samsung
[2009/12/20 06:33:34 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TuneUp Software
[2010/02/12 11:14:47 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent
[2010/02/04 10:32:39 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\WindowsDll
[2010/02/13 17:16:50 | 000,021,142 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 656 bytes -> C:\Users\Mike\Documents\contacts.eml:OECustomProperty
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:85DBC22B
< End of report >
tin1
Regular Member
 
Posts: 16
Joined: January 31st, 2010, 1:47 pm

Re: Been highjacked

Unread postby shinybeast » February 15th, 2010, 3:43 pm

Hi tin1,

There is one thing of concern in the log.


Upload file for scanning

  • Please visit Jotti's Malware Scan
  • Click the Browse button near the top of the page.
  • Copy and paste the file and path below into the File Name box and click Open
    c:\program files\allmymovies\allmymovies.exe
  • Click Submit and wait for the scanning to complete
  • Bookmark/Add to Favorites the scan page and copy the address/URL in the location bar and paste that URL in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Been highjacked

Unread postby tin1 » February 15th, 2010, 6:15 pm

http://virusscan.jotti.org/en/scanresul ... 610421ce61

Hi shinnybeast looks like mixed reviews should I delete program? Or did the other scans remove it already?
tin1
Regular Member
 
Posts: 16
Joined: January 31st, 2010, 1:47 pm

Re: Been highjacked

Unread postby shinybeast » February 15th, 2010, 10:59 pm

Hello tin1,

I suggest you uninstall the program. If you paid for it, you might contact Bolide Software and ask them why their program is detected as a trojan.


Uninstall Programs

Click Start button
Type appwiz.cpl and press Enter to open Programs and Features
For each of the programs listed below, right-click them in the list and click Uninstall

All My Movies 5.6


After that, delete the c:\program files\allmymovies folder if it is still there.


Uninstall ComboFix

Copy the text in the code box below.

Code: Select all
ComboFix /uninstall


Press and hold Windows key (next to Alt key) and press R to open the Run box.
Paste the above text in the Open: field and click OK.
Combofix will uninstall; click OK when it is finished.


OTL Cleanup

Please run OTL which should still be on your desktop
In the upper right click CleanUp
This will delete OTL and will clean up after it.


Other than the above mentioned program, your logs are clean.

Create a new System Restore point and clear old ones

Please clear old restore points in order to avoid reintroducing malware from a restore point in the future.

Create a new restore point
  • Click Start button, right-click Computer and select Properties
  • Click System Protection under Tasks
  • Ensure only System drive (usually C: ) is checked
  • Click Create then type a brief description (like PostCleaning or something similar - date/time will be automatically added)
  • Click Create. You should get a message that the restore point was created successfully.

Delete old restore points
  • Click Start button
  • Type cleanmgr and press Enter
  • Select Files from all users
  • Select System drive (usually C: )
  • Disk Cleanup will search for items to clean up.
  • When it is finished click the More options tab.
  • Under System Restore and Shadow Copies, click Clean up...
  • You will be asked if you want to delete all but the most recent restore point, click Delete
  • Click OK and at the confirmation dialog, click Delete Files
Note: Do the above once. Restore points should not be routinely deleted.


Implementing the following suggestions will greatly reduce your chances of malware problems in the future.


Update Windows

It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.

I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.

Close all windows and temporarily disable your anti-virus (usually through a tray icon)

Use Internet Explorer to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US

Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.


Keep installed programs up to date

Anti-virus
Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.

Update Other Vulnerable Software
Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
Secunia Online Software Inspector
F-Secure Health Check

Mozilla Firefox Plug-in Check
If using Firefox, Click here to visit Mozilla, check your plug-ins and update them as necessary.


Best Practices for Email and Downloaded Files.

  • Do not read emails from unknown sources.
  • Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
  • Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
  • Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.


Additional Protection Programs

The programs listed below are excellent for improving your computer's security.

WinPatrol by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found here

MVPS Hosts file - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
Note: MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.

I encourage you to check out Tony Klein's article "How did I get infected in the first place?"
and miekiemoes' article "How to prevent Malware:"

If you have any questions about these suggestions, I would be happy to answer them.

Regards,
shinybeast

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Been highjacked

Unread postby tin1 » February 16th, 2010, 12:20 am

Shinnybeast thank you so much for your help. Your directions were easy and right on the money. I appreciate your hard work and dedication. I will do my best to stay clean and highjack free. :cheers: :cheers: :cheers:
tin1
Regular Member
 
Posts: 16
Joined: January 31st, 2010, 1:47 pm

Re: Been highjacked

Unread postby shinybeast » February 16th, 2010, 11:24 am

You're very welcome, tin1. :)

Stay clean and surf safe.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware