Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Photo Joy Tool Bar Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Photo Joy Tool Bar Malware

Unread postby matt111 » June 17th, 2011, 1:17 am

Hello,

I have a Photo Joy Tool Bar that will not go away with the uninstall program performed. On the Photo Joy Tool Bar it has a sign that keeps on changing from "PC Running Slow" to "How to fix your PC". The computer is running slow and the whole screen is fading including text.

Thank you very much!!

The DDS would not work so here is the HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:54:56 PM, on 6/16/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.veritaspub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - {cf45c54f-801c-41b5-ac77-57f2bf418edc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110510082304.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C0
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\RegTweaker\key.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10849 bytes
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am
Advertisement
Register to Remove

Re: Photo Joy Tool Bar Malware

Unread postby MWR 3 day Mod » June 20th, 2011, 11:20 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Photo Joy Tool Bar Malware

Unread postby torreattack » June 22nd, 2011, 9:50 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi matt111and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Photo Joy Tool Bar Malware

Unread postby torreattack » June 23rd, 2011, 6:07 pm

Hi matt111 :

Vista Advice
Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


1. Create a System Restore Point (Vista)
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
Unless you use some other method to create system restore points...
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.




2. Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Ad-aware
STOPzilla
SUPERAntiSpyware


You may install these programs back after I give you the "ALL CLEAN" message.
However, since your are using STOPzilla, I want you to read this article: http://www.mywot.com/en/scorecard/stopzilla.com
It is up to you whether to continue to use this application or not.



3. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTListIt.txt and Extras.txt files in your next reply.



4. Checklist
Please post:
  • OTL log
  • An update on your problems


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Photo Joy Tool Bar Malware

Unread postby matt111 » June 23rd, 2011, 7:31 pm

HI,

torreattack I appreciate all your effort and help with my computer issues. I have backed up my computer like you instructed me to. I will begin applying your further instructions today or tomorrow.

Thanks for everything,

Matthew
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Photo Joy Tool Bar Malware

Unread postby matt111 » June 25th, 2011, 5:48 am

torreattack,

Here is my OTL Log and update on problems:

OTL logfile created on: 6/25/2011 2:22:54 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\altocirrus\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 48.19% Memory free
7.94 Gb Paging File | 5.84 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 323.20 Gb Total Space | 243.14 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
Drive D: | 12.15 Gb Total Space | 1.17 Gb Free Space | 9.61% Space Free | Partition Type: NTFS

Computer Name: ALTOCIRRUS-PC | User Name: altocirrus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\altocirrus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\altocirrus\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (dlea_device) -- C:\Windows\SysWow64\dleacoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (PCD5SRVC{E2AF211B-86DA020A-05040000}) -- C:\Program Files (x86)\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.veritaspub.com/
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.louvre.fr/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/04 10:43:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/24 10:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 19:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/15 19:39:41 | 000,000,000 | ---D | M]

[2008/10/03 00:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Extensions
[2011/03/09 14:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Firefox\Profiles\p1xquany.default\extensions
[2010/04/27 06:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Firefox\Profiles\p1xquany.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/22 17:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/08 14:41:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/15 21:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 12:26:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/24 10:23:32 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/05/03 16:24:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2011/06/16 17:26:25 | 000,001,949 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510082304.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110510082304.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [mcui_exe] File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000..\Run: [MsnMsgr] C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000..\Run: [WMPNSCFG] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [ehTray.exe] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [PhotoJoy] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [Sidebar] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [WMPNSCFG] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\altocirrus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\altocirrus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5af8a6b6-ec44-11df-b296-001fe25546f0}\Shell\AutoRun\command - "" = M:\PMBP_Win.exe
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell\AutoRun\command - "" = K:\StarterOfficeGuardian.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 00:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/22 13:47:01 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/22 13:28:27 | 002,088,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplui.exe
[2011/06/22 13:28:27 | 001,071,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpluir.dll
[2011/06/22 13:28:27 | 000,410,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.cpl
[2011/06/22 13:28:27 | 000,388,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvexpbar.dll
[2011/06/22 13:28:26 | 000,494,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2011/06/18 17:10:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/18 17:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/18 17:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011/06/16 21:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/16 20:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSafeDoctor
[2011/06/16 20:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSafeDoctor
[2011/06/16 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/06/16 17:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/06/16 06:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/06/15 23:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/15 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/06/15 22:50:20 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/15 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/15 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/15 22:41:20 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2011/06/15 22:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalUninstaller
[2011/06/15 04:53:40 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/15 04:53:40 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/15 04:53:39 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/15 04:53:39 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/15 04:53:37 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/15 04:53:37 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/15 04:53:37 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/15 04:53:37 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/15 04:53:36 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/15 04:53:36 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/15 04:53:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2011/06/15 04:53:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011/06/15 04:52:27 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/12/02 19:38:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2010/12/02 19:38:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2010/12/02 19:38:57 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2010/12/02 19:38:55 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2010/12/02 19:38:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2010/12/02 19:38:54 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2010/12/02 19:38:54 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2010/12/02 19:38:53 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2010/12/02 19:38:53 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2010/12/02 19:38:51 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2010/12/02 19:38:51 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2010/12/02 19:38:50 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\Users\altocirrus\Desktop\*.tmp files -> C:\Users\altocirrus\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 02:30:06 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922E689D-5E7A-4603-92A5-B7FE0D41B3A2}.job
[2011/06/25 02:26:27 | 000,000,587 | ---- | M] () -- C:\Users\altocirrus\Desktop\OTL.exe - Shortcut.lnk
[2011/06/25 02:07:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 02:07:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 01:31:38 | 000,703,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/25 01:31:38 | 000,603,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/25 01:31:38 | 000,105,032 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/25 00:10:49 | 000,000,488 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/06/25 00:08:54 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/06/25 00:07:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/22 14:06:26 | 000,002,944 | ---- | M] () -- C:\Users\altocirrus\AppData\Roaming\wklnhst.dat
[2011/06/22 14:05:18 | 000,000,680 | ---- | M] () -- C:\Users\altocirrus\AppData\Local\d3d9caps.dat
[2011/06/22 14:04:33 | 000,000,732 | ---- | M] () -- C:\Users\altocirrus\AppData\Local\d3d9caps64.dat
[2011/06/22 13:47:00 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/18 17:08:24 | 000,000,052 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/16 20:45:46 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/06/16 03:29:09 | 002,247,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/13 20:00:00 | 000,000,568 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - altocirrus.job
[2011/06/09 12:32:19 | 000,039,936 | ---- | M] () -- C:\Users\altocirrus\Desktop\Chapter Nine Love.wps
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\Users\altocirrus\Desktop\*.tmp files -> C:\Users\altocirrus\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 02:26:27 | 000,000,587 | ---- | C] () -- C:\Users\altocirrus\Desktop\OTL.exe - Shortcut.lnk
[2011/06/25 00:10:31 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/06/22 14:04:33 | 000,000,680 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\d3d9caps.dat
[2011/06/22 14:03:51 | 000,001,656 | ---- | C] () -- C:\Users\altocirrus\Desktop\iTunes.lnk
[2011/06/22 13:56:26 | 000,000,732 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\d3d9caps64.dat
[2011/06/18 17:08:24 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/16 20:45:46 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/06/16 17:15:02 | 000,004,680 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011/06/09 12:32:19 | 000,039,936 | ---- | C] () -- C:\Users\altocirrus\Desktop\Chapter Nine Love.wps
[2010/12/02 19:38:59 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2010/12/02 19:38:59 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2010/12/02 19:38:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2010/12/02 19:38:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2010/12/02 19:38:57 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2010/12/02 19:38:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2010/12/02 19:38:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2010/12/02 19:38:56 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2010/12/02 19:38:56 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2010/12/02 19:38:49 | 000,086,118 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2010/12/02 19:28:34 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2010/12/02 19:28:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2009/10/19 21:12:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 15:49:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 15:48:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 15:48:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/18 20:05:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\astro32.dll
[2008/11/10 09:41:12 | 000,013,312 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 12:15:46 | 000,002,944 | ---- | C] () -- C:\Users\altocirrus\AppData\Roaming\wklnhst.dat
[2008/10/04 11:52:00 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/04 03:07:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/25 22:04:16 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/25 21:40:48 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/25 21:40:48 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >


OTL Extras logfile created on: 6/25/2011 2:22:54 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\altocirrus\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 48.19% Memory free
7.94 Gb Paging File | 5.84 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 323.20 Gb Total Space | 243.14 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
Drive D: | 12.15 Gb Total Space | 1.17 Gb Free Space | 9.61% Space Free | Partition Type: NTFS

Computer Name: ALTOCIRRUS-PC | User Name: altocirrus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = CB 6E E3 2A D2 3E CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F1F764F-5EE3-4EA3-B7FB-FEB0D39DB143}" = rport=137 | protocol=17 | dir=out | app=system |
"{544222AA-B274-4354-A769-1C902B187BE5}" = lport=137 | protocol=17 | dir=in | app=system |
"{561E50F2-0B0F-4F0F-8763-48C18BD70F8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{59693706-AA6F-4A3D-9172-EBCF9BB8B7BA}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{A279C6F9-7165-49FB-85F1-AB5CB4859D83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C72B5647-6D33-494C-BB69-94E2F0CE0417}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CD332AA2-52FC-45DF-A2C9-2F6FD4E22B23}" = lport=445 | protocol=6 | dir=in | app=system |
"{CEA107B3-22E6-4156-90ED-E7B53981EF3C}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF7C110D-943E-45BB-B692-5D0702ED0AA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA8DD66F-A446-4E33-A7AC-D8482ACFEE76}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F7D94CCB-CC5A-4FB2-94E4-463DE7F188BF}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9805DBE-34F2-4D21-A931-0142B35F2CFB}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069EDF2B-C6F6-422E-B377-018DC6B655D3}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{06E73218-0D39-43E9-AD92-7AE81FA47912}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v310-v510 series\dleafax.exe |
"{10382C5A-677C-44F8-9A8B-6ADDC5194DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{145A67DD-7A11-455C-9C67-A33F0DB465F7}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{1F0546DC-C418-49B9-BE6B-446FD2084F02}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1F0DEF60-93F1-43F4-ADAF-01055767FA23}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v310-v510 series\dleafax.exe |
"{26BD1B88-77FE-4486-855E-8A05E6E68638}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2EBABF1F-EF2B-4BC1-A358-127FF1BCC047}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{328040FD-8E78-40F9-B2F2-C4664D123FC2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{37AD0FCB-1311-40AD-8E33-E5555F06699E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49AA1C67-41F8-442F-8196-CDF9F1D6E3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{510138C9-046D-4DCB-89EF-4F8FE054E525}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{566AD295-2372-4C5B-85C3-B5E316C0633F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58A6240D-2399-46F5-81B5-D6903BC2E7C5}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{59F85FDF-4601-4C20-86F2-AD986590A503}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{5CE94466-8403-40FB-A454-B3C3A46A4AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{6800875D-E276-4186-98FE-1D354A478716}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{82D3A30B-2B39-48F2-8D74-55AD3DB034C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A62D1EFA-0986-48E9-ABCE-CB6975291BBB}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{A8C0A048-525A-4197-BF4E-76DE5EDC4575}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{CB7BA605-B1CB-4242-9E52-B7009D3D505D}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{D4AB2534-B291-4944-90A8-C901D741D61D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DDB3BC03-566E-422A-87EF-D169BA38C66C}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{E6DC782C-EFDD-48C7-82E0-88369872D7CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0FB65F5A-4C42-42E1-907B-9CE56D9D82E8}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{3EAB35A6-4372-4120-A4C3-F07D18FC9DF8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{8F70B02B-B858-4A3D-B750-01ABD6F212F3}C:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{996F5FF7-60B7-40ED-B0F7-9446A71797D3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{D08E3BAA-C74B-466B-BFD1-E7398BA860E1}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{11F3F24A-FB71-4BCE-9509-1E7B0BC854D0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{35226EB6-18C5-428B-A309-65CF30DAADCE}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{7D3A85AA-BA9C-4800-874A-FD588F6D9613}C:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{965E92F7-09A9-4410-ADB9-C36C319A3F4B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"Dell V310-V510 Series" = Dell V310-V510 Series
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88704942-56A8-4EEC-A121-77687677DEE5}" = Microsoft WorldWide Telescope
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}" = MSN Messenger 7.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF5937B6-B68F-4197-8854-5079D5D1CC2B}" = QuickConnect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Astronomer's Control Panel" = Astronomer's Control Panel
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSC" = McAfee Total Protection
"MSNINST" = MSN
"Netgear Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.0b44
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PCSafeDoctor_is1" = PCSafeDoctor
"RealPlayer 6.0" = RealPlayer
"WindowsScriptHost" = Microsoft Windows Script Host

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2011 3:25:28 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2011 3:28:27 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2011 3:46:57 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2011 3:53:36 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2011 7:45:15 PM | Computer Name = altocirrus-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7fc Start Time: 01cc2e1125462f59 Termination Time: 103

Error - 6/18/2011 7:45:58 PM | Computer Name = altocirrus-PC | Source = Application Hang | ID = 1002
Description = The program HPAdvisor.exe version 3.1.9152.3107 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9c4 Start Time: 01cc2e1129e077f9 Termination Time: 2

Error - 6/18/2011 8:01:50 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2011 11:39:19 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/20/2011 6:41:22 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/20/2011 6:41:22 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 10/11/2009 11:35:10 PM | Computer Name = altocirrus-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 7:56:27 PM | Computer Name = altocirrus-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/23/2011 7:15:59 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/23/2011 7:16:02 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/25/2011 3:08:59 AM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/25/2011 3:08:59 AM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/25/2011 3:11:10 AM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/25/2011 3:11:13 AM | Computer Name = altocirrus-PC | Source = DCOM | ID = 10005
Description =

Error - 6/25/2011 3:11:13 AM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/25/2011 3:11:13 AM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/25/2011 3:31:43 AM | Computer Name = altocirrus-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 6/25/2011 5:15:03 AM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Basically the same PC problems as before, although I have not seen the screen fade again and some weird files have appeared on my desktop:

I have a Photo Joy Tool Bar that will not go away with the uninstall program performed. On the Photo Joy Tool Bar it has a sign that keeps on changing from "PC Running Slow" to "How to fix your PC". The computer is running slow.

Thank You,
Matthew
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Photo Joy Tool Bar Malware

Unread postby torreattack » June 27th, 2011, 10:24 am

Hi matt111 :


Registry Cleaners

RegTweaker
I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is very informative: WhatTheTech Forum



1. Create a System Restore Point (Vista)
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
Unless you use some other method to create system restore points...
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.




2. Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Adobe Reader 9.4.0
Java Auto Updater
Java(TM) 6 Update 23
PCSafeDoctor_is1
RegTweaker



3.Run OTL Script
We need to run an OTL Fix
  • Right click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    [2010/10/08 14:41:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/15 21:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/26 12:26:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    [2011/06/22 13:47:01 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/06/18 17:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
    [2011/06/16 21:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
    [2011/06/16 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/06/13 20:00:00 | 000,000,568 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - altocirrus.job
    [2011/06/16 20:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSafeDoctor
    [2011/06/16 20:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSafeDoctor
    IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - File not found
    O3 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.




Please answer the following questions.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

4.Do you set your local page to a blank page?


O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

5.Do you set some restrictions in control panel and internet explorer?



Checklist
Please post:
  • OTL log
  • Answer about blank local page
  • Answer about restrictions in control panel and internet explorer


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Photo Joy Tool Bar Malware

Unread postby matt111 » June 27th, 2011, 8:09 pm

torreattack,

Here is my new OTL log and answers to the two questions:

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File C:\Program Files (x86)\Java\jre6\bin\ssv.dll not found.
C:\Windows\SysNative\drivers\SBREDrv.sys moved successfully.
C:\ProgramData\PrevxCSI folder moved successfully.
C:\ProgramData\STOPzilla!\vdbupdate folder moved successfully.
C:\ProgramData\STOPzilla!\vdb folder moved successfully.
C:\ProgramData\STOPzilla!\Quarantine folder moved successfully.
C:\ProgramData\STOPzilla! folder moved successfully.
C:\ProgramData\Lavasoft\License folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - altocirrus.job moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSafeDoctor\ not found.
Folder C:\Program Files (x86)\PCSafeDoctor\ not found.
Registry value HKEY_USERS\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cf45c54f-801c-41b5-ac77-57f2bf418edc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3389329001-2147706668-1598446199-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: alto cirrus
->Temp folder emptied: 113979 bytes
->Temporary Internet Files folder emptied: 40905 bytes
->FireFox cache emptied: 26854584 bytes
->Flash cache emptied: 770 bytes

User: altocirrus
->Temp folder emptied: 13136749 bytes
->Temporary Internet Files folder emptied: 10185367 bytes
->Java cache emptied: 12456650 bytes
->FireFox cache emptied: 56338677 bytes
->Flash cache emptied: 66177 bytes

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matthew
->Temp folder emptied: 71663814 bytes
->Temporary Internet Files folder emptied: 2729679 bytes
->Java cache emptied: 2896577 bytes
->FireFox cache emptied: 104138940 bytes
->Flash cache emptied: 3969528 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4728087 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 11507678 bytes

Total Files Cleaned = 306.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_163923

Files\Folders moved on Reboot...
File\Folder C:\Users\altocirrus\AppData\Local\Temp\~DFAEAE.tmp not found!
File\Folder C:\Users\altocirrus\AppData\Local\Temp\~DFAEEC.tmp not found!
File\Folder C:\Windows\temp\TMP0000007BE78407253B4C332C not found!

Registry entries deleted on Reboot...


Question 1: No blank page. I assume the local page(home page) is the website that I put in to pop up when I run Firefox or Internet Explorer.

Question 2: No restrictions on control panel. No restrictions on the Firefox or Internet Explorer.

Thanks,

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Photo Joy Tool Bar Malware

Unread postby torreattack » June 29th, 2011, 7:33 am

Hi matt111 :

1. SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right click SystemLook.exe and select "Run as Admininstrator" to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    photoJoy*
    :folderfind
    photoJoy*
    :regfind
    photoJoy*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



2. Verify 32-bit or 64-bit version of IE browser.
Follow these steps to verify whether you are using 32-bit or 64-bit browser.
  1. Launch Internet Explorer browser.
  2. Click on the Help tab at the top.
  3. Select About Internet Explorer which will bring up an information window.
  4. If version of IE displays 64-bit Edition, then it is 64-bit IE... otherwise it's 32-bit browser.



3. Are you want to remove the PhotoJoy toolbar only or both PhotoJoy toolbar and PhotoJoy program?


4. The PhotoJoy toolbar is just appears in firefox only, or also appears in IE?


5. Checklist
Please post:
  • SystemLook log
  • 32 bit or 64 bit IE
  • Answer about which one that you want to remove
  • Answer about photojoy in fiirefox only or also in IE?
  • NEW OTL log
  • An update on your problems


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Photo Joy Tool Bar Malware

Unread postby matt111 » June 29th, 2011, 6:24 pm

torreattack,

SystemLook 04.09.10 by jpshortstuff
Log created at 15:10 on 29/06/2011 by Matthew
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "photoJoy*"
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\8cluc8nt.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\chrome\photojoy_bar.jar --a---- 729311 bytes [03:37 17/06/2011] [23:36 16/06/2011] CAD5D85F0463BCD13A845C9A09207869
C:\Users\Matthew\Downloads\photojoy_install.exe --a---- 468800 bytes [03:02 16/06/2011] [03:02 16/06/2011] 399C550B79E9A65E838BE6FAA647557E

========== folderfind ==========

Searching for "photoJoy*"
No folders found.

========== regfind ==========

Searching for "photoJoy*"
No data found.

-= EOF =-


2. 32-bit browser for IE


3. I would like to remove both the PhotoJoy toolbar and PhotoJoy program.


4. PhotoJoy toolbar appears in firefox only.


OTL logfile created on: 6/29/2011 3:28:11 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\altocirrus\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 54.03% Memory free
7.94 Gb Paging File | 5.75 Gb Available in Paging File | 72.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 323.20 Gb Total Space | 241.50 Gb Free Space | 74.72% Space Free | Partition Type: NTFS
Drive D: | 12.15 Gb Total Space | 1.17 Gb Free Space | 9.62% Space Free | Partition Type: NTFS

Computer Name: ALTOCIRRUS-PC | User Name: altocirrus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\altocirrus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\altocirrus\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (0087251309386395mcinstcleanup) McAfee Application Installer Cleanup (0087251309386395) -- C:\Windows\Temp\0087251309386395mcinst.exe (McAfee, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (dlea_device) -- C:\Windows\SysWow64\dleacoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (PCD5SRVC{E2AF211B-86DA020A-05040000}) -- C:\Program Files (x86)\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.veritaspub.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.louvre.fr/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/04 10:43:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/24 10:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 19:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/27 16:39:28 | 000,000,000 | ---D | M]

[2008/10/03 00:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Extensions
[2011/03/09 14:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Firefox\Profiles\p1xquany.default\extensions
[2010/04/27 06:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Firefox\Profiles\p1xquany.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/27 16:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/24 10:23:32 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/05/03 16:24:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2011/06/16 17:26:25 | 000,001,949 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510082304.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110510082304.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [mcui_exe] File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\altocirrus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\altocirrus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5af8a6b6-ec44-11df-b296-001fe25546f0}\Shell\AutoRun\command - "" = M:\PMBP_Win.exe
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell\AutoRun\command - "" = K:\StarterOfficeGuardian.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 15:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/27 16:39:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/22 13:28:27 | 002,088,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplui.exe
[2011/06/22 13:28:27 | 001,071,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpluir.dll
[2011/06/22 13:28:27 | 000,410,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.cpl
[2011/06/22 13:28:27 | 000,388,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvexpbar.dll
[2011/06/22 13:28:26 | 000,494,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2011/06/18 17:10:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/18 17:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/16 17:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/06/16 06:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/06/15 23:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/15 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/06/15 22:50:20 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/15 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/15 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/15 22:41:20 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2011/06/15 22:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalUninstaller
[2011/06/15 04:53:40 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/15 04:53:40 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/15 04:53:39 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/15 04:53:39 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/15 04:53:37 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/15 04:53:37 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/15 04:53:37 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/15 04:53:37 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/15 04:53:36 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/15 04:53:36 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/15 04:53:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2011/06/15 04:53:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011/06/15 04:52:27 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/12/02 19:38:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2010/12/02 19:38:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2010/12/02 19:38:57 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2010/12/02 19:38:55 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2010/12/02 19:38:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2010/12/02 19:38:54 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2010/12/02 19:38:54 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2010/12/02 19:38:53 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2010/12/02 19:38:53 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2010/12/02 19:38:51 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2010/12/02 19:38:51 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2010/12/02 19:38:50 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\Users\altocirrus\Desktop\*.tmp files -> C:\Users\altocirrus\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/29 15:30:09 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922E689D-5E7A-4603-92A5-B7FE0D41B3A2}.job
[2011/06/29 15:08:27 | 000,703,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/29 15:08:27 | 000,603,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/29 15:08:27 | 000,105,032 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 15:03:27 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/06/29 15:02:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 15:02:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 15:02:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/25 02:26:27 | 000,000,587 | ---- | M] () -- C:\Users\altocirrus\Desktop\OTL.exe - Shortcut.lnk
[2011/06/25 00:10:49 | 000,000,488 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/06/22 14:06:26 | 000,002,944 | ---- | M] () -- C:\Users\altocirrus\AppData\Roaming\wklnhst.dat
[2011/06/22 14:05:18 | 000,000,680 | ---- | M] () -- C:\Users\altocirrus\AppData\Local\d3d9caps.dat
[2011/06/22 14:04:33 | 000,000,732 | ---- | M] () -- C:\Users\altocirrus\AppData\Local\d3d9caps64.dat
[2011/06/18 17:08:24 | 000,000,052 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/16 20:45:46 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/06/16 03:29:09 | 002,247,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/09 12:32:19 | 000,039,936 | ---- | M] () -- C:\Users\altocirrus\Desktop\Chapter Nine Love.wps
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\Users\altocirrus\Desktop\*.tmp files -> C:\Users\altocirrus\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 02:26:27 | 000,000,587 | ---- | C] () -- C:\Users\altocirrus\Desktop\OTL.exe - Shortcut.lnk
[2011/06/25 00:10:31 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/06/22 14:04:33 | 000,000,680 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\d3d9caps.dat
[2011/06/22 14:03:51 | 000,001,656 | ---- | C] () -- C:\Users\altocirrus\Desktop\iTunes.lnk
[2011/06/22 13:56:26 | 000,000,732 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\d3d9caps64.dat
[2011/06/18 17:08:24 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/16 20:45:46 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/06/16 17:15:02 | 000,004,680 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011/06/09 12:32:19 | 000,039,936 | ---- | C] () -- C:\Users\altocirrus\Desktop\Chapter Nine Love.wps
[2010/12/02 19:38:59 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2010/12/02 19:38:59 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2010/12/02 19:38:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2010/12/02 19:38:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2010/12/02 19:38:57 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2010/12/02 19:38:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2010/12/02 19:38:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2010/12/02 19:38:56 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2010/12/02 19:38:56 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2010/12/02 19:38:49 | 000,086,118 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2010/12/02 19:28:34 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2010/12/02 19:28:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2009/10/19 21:12:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 15:49:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 15:48:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 15:48:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/18 20:05:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\astro32.dll
[2008/11/10 09:41:12 | 000,013,312 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 12:15:46 | 000,002,944 | ---- | C] () -- C:\Users\altocirrus\AppData\Roaming\wklnhst.dat
[2008/10/04 11:52:00 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/04 03:07:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/25 22:04:16 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/25 21:40:48 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/25 21:40:48 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >

Same PC problems. I have a Photo Joy Tool Bar that will not go away with the uninstall program performed. On the Photo Joy Tool Bar it has a sign that keeps on changing from "PC Running Slow" to "How to fix your PC". The computer is running slow.

FYI: At first I did not download photo joy. I downloaded a program to watch TV on my PC.(not veetle) I can not remember the name and the Photo joy toolbar just showed up. However, I did later download Photo Joy to see if then it would show up in programs so I could uninstall it and maybe the toolbar would disappear then.

Thanks, Matthew
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Photo Joy Tool Bar Malware

Unread postby torreattack » July 1st, 2011, 12:38 pm

Hi matt111:

Sorry for being late.

FYI: At first I did not download photo joy. I downloaded a program to watch TV on my PC.(not veetle) I can not remember the name and the Photo joy toolbar just showed up. However, I did later download Photo Joy to see if then it would show up in programs so I could uninstall it and maybe the toolbar would disappear then.

Thanks for the info.


1. Run OTL Script
We need to run an OTL Fix
  • Right click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    
    :files
    C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\8cluc8nt.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}
    C:\Users\Matthew\Downloads\photojoy_install.exe
    C:\Program Files (x86)\PhotoJoy_Bar
    C:\Program Files (x86)\PhotoJoy
    
    :commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


2. Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 26.
  • Click the Download JRE button to the right.
  • Check "Accept License Agreement "
  • Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck any extra software downloads you may be offered


3. Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1).
  • Note: remember to Uncheck any extra software downloads you may be offered



4.ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



5.Checklist
Please post:
  • OTL log
  • Eset online scanning result
  • An update of your problem


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Photo Joy Tool Bar Malware

Unread postby matt111 » July 3rd, 2011, 3:52 am

torreattack,

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
========== FILES ==========
File\Folder C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\8cluc8nt.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc} not found.
File\Folder C:\Users\Matthew\Downloads\photojoy_install.exe not found.
File\Folder C:\Program Files (x86)\PhotoJoy_Bar not found.
File\Folder C:\Program Files (x86)\PhotoJoy not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: alto cirrus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: altocirrus
->Temp folder emptied: 103898 bytes
->Temporary Internet Files folder emptied: 6332764 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28395001 bytes
->Flash cache emptied: 9817 bytes

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77368 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.24.1 log created on 07022011_143309

Files\Folders moved on Reboot...
File\Folder C:\Users\altocirrus\AppData\Local\Temp\Low\~DFD13F.tmp not found!
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWGS7KML\Messenger[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWGS7KML\resourcespreload[2].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JY91P7K1\AdServeMsg[2].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JY91P7K1\LocalStorage[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JY91P7K1\xmlProxy[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1ZOXEUGT\default[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1ZOXEUGT\RteFrame_16.0.1654.0622[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1ZOXEUGT\xmlProxy[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1FJMV16R\adloader[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1FJMV16R\AjaxHistoryFrame[1].htm moved successfully.
File\Folder C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1FJMV16R\EditMessageLight[1].htm not found!
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1FJMV16R\InboxLight[1].htm moved successfully.
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1FJMV16R\resourcespreload[1].htm moved successfully.
File\Folder C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1FJMV16R\viewtopic[1].htm not found!
C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...


2. C:\Users\Matthew\Downloads\PCSafeDoctor_Setup.exe multiple threats


I tried a few ways to get a log for the eset scan. I plugged the file name you gave me into Notepad C:\Program Files\ESET\EsetOnlineScanner\log.txt. and it said no file exists. I plugged it into run and no luck. All I could get was the file up above that showed up after the scan. I am not sure if I need to do something else.

The photojoy toolbar is gone! Now on the fire fox toolbar, all the way to the left, next to Most Visited is some sort of link that reads:
Imageshack - 1009207....

than I put my curser on the link and it reads:

Imageshack - 1009207.jpg
http://img690.imageshack.us/i/1009207.jpg/

Thanks again,

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Photo Joy Tool Bar Malware

Unread postby torreattack » July 4th, 2011, 5:29 am

Hi matt111 :

1. Run OTL Script
We need to run an OTL Fix
  • Right click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    C:\Users\Matthew\Downloads\PCSafeDoctor_Setup.exe
    
    :commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



The photojoy toolbar is gone! Now on the fire fox toolbar, all the way to the left, next to Most Visited is some sort of link that reads:
Imageshack - 1009207....

2. Can you just right click on the Imageshack - 1009207 that showed in folder/bookmark toolbar and delete it?

3. Please post a new OTL scan.

4. Checklist
Please post:
  • OTL removal log
  • are you able to delete the Imageshack on your toolbar?
  • New OTL log


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Photo Joy Tool Bar Malware

Unread postby matt111 » July 4th, 2011, 8:18 pm

torreattack,

All processes killed
========== FILES ==========
C:\Users\Matthew\Downloads\PCSafeDoctor_Setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: alto cirrus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: altocirrus
->Temp folder emptied: 43495 bytes
->Temporary Internet Files folder emptied: 10914512 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51910718 bytes
->Flash cache emptied: 9609 bytes

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138464 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.24.1 log created on 07042011_164720

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


2. Yes, I deleted the Imageshack from the toolbar.


OTL logfile created on: 7/4/2011 5:03:23 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\altocirrus\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.20% Memory free
7.92 Gb Paging File | 5.94 Gb Available in Paging File | 75.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 323.20 Gb Total Space | 250.07 Gb Free Space | 77.37% Space Free | Partition Type: NTFS
Drive D: | 12.15 Gb Total Space | 1.33 Gb Free Space | 10.95% Space Free | Partition Type: NTFS

Computer Name: ALTOCIRRUS-PC | User Name: altocirrus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\altocirrus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\altocirrus\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (dlea_device) -- C:\Windows\SysWow64\dleacoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (PCD5SRVC{E2AF211B-86DA020A-05040000}) -- C:\Program Files (x86)\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.veritaspub.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.louvre.fr/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/04 10:43:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/24 10:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 19:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/01 21:15:52 | 000,000,000 | ---D | M]

[2008/10/03 00:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Extensions
[2011/03/09 14:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Firefox\Profiles\p1xquany.default\extensions
[2010/04/27 06:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\altocirrus\AppData\Roaming\Mozilla\Firefox\Profiles\p1xquany.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/01 21:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/01 21:05:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/24 10:23:32 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/05/03 16:24:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2011/07/01 21:03:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2011/06/16 17:26:25 | 000,001,949 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510082304.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110510082304.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [mcui_exe] File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\altocirrus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\altocirrus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5af8a6b6-ec44-11df-b296-001fe25546f0}\Shell\AutoRun\command - "" = M:\PMBP_Win.exe
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell\AutoRun\command - "" = K:\StarterOfficeGuardian.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 16:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/02 14:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/01 21:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/01 21:04:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/01 21:04:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/01 21:04:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/27 16:39:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/22 13:28:27 | 002,088,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplui.exe
[2011/06/22 13:28:27 | 001,071,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpluir.dll
[2011/06/22 13:28:27 | 000,410,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.cpl
[2011/06/22 13:28:27 | 000,388,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvexpbar.dll
[2011/06/22 13:28:26 | 000,494,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2011/06/18 17:10:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/18 17:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/16 17:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/06/16 06:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/06/15 23:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/15 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/06/15 22:50:20 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/15 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/15 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/15 22:41:20 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2011/06/15 22:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalUninstaller
[2011/06/15 04:53:40 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/15 04:53:40 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/15 04:53:39 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/15 04:53:39 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/15 04:53:37 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/15 04:53:37 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/15 04:53:37 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/15 04:53:37 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/15 04:53:36 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/15 04:53:36 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/15 04:53:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2011/06/15 04:53:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011/06/15 04:52:27 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/12/02 19:38:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2010/12/02 19:38:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2010/12/02 19:38:57 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2010/12/02 19:38:55 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2010/12/02 19:38:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2010/12/02 19:38:54 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2010/12/02 19:38:54 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2010/12/02 19:38:53 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2010/12/02 19:38:53 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2010/12/02 19:38:51 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2010/12/02 19:38:51 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2010/12/02 19:38:50 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\Users\altocirrus\Desktop\*.tmp files -> C:\Users\altocirrus\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 17:05:29 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922E689D-5E7A-4603-92A5-B7FE0D41B3A2}.job
[2011/07/04 17:05:10 | 000,703,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/04 17:05:10 | 000,603,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/04 17:05:10 | 000,105,032 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/04 16:59:13 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/07/04 16:58:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 16:58:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 16:58:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 21:15:52 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/01 21:03:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/01 21:03:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/01 21:03:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/07/01 21:03:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/07/01 20:39:50 | 002,247,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/25 02:26:27 | 000,000,587 | ---- | M] () -- C:\Users\altocirrus\Desktop\OTL.exe - Shortcut.lnk
[2011/06/25 00:10:49 | 000,000,488 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/06/22 14:06:26 | 000,002,944 | ---- | M] () -- C:\Users\altocirrus\AppData\Roaming\wklnhst.dat
[2011/06/22 14:05:18 | 000,000,680 | ---- | M] () -- C:\Users\altocirrus\AppData\Local\d3d9caps.dat
[2011/06/22 14:04:33 | 000,000,732 | ---- | M] () -- C:\Users\altocirrus\AppData\Local\d3d9caps64.dat
[2011/06/18 17:08:24 | 000,000,052 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/16 20:45:46 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/06/09 12:32:19 | 000,039,936 | ---- | M] () -- C:\Users\altocirrus\Desktop\Chapter Nine Love.wps
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\Users\altocirrus\Desktop\*.tmp files -> C:\Users\altocirrus\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 21:15:52 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/01 21:15:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/25 02:26:27 | 000,000,587 | ---- | C] () -- C:\Users\altocirrus\Desktop\OTL.exe - Shortcut.lnk
[2011/06/25 00:10:31 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/06/22 14:04:33 | 000,000,680 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\d3d9caps.dat
[2011/06/22 14:03:51 | 000,001,656 | ---- | C] () -- C:\Users\altocirrus\Desktop\iTunes.lnk
[2011/06/22 13:56:26 | 000,000,732 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\d3d9caps64.dat
[2011/06/18 17:08:24 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/16 20:45:46 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/06/16 17:15:02 | 000,004,680 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011/06/09 12:32:19 | 000,039,936 | ---- | C] () -- C:\Users\altocirrus\Desktop\Chapter Nine Love.wps
[2010/12/02 19:38:59 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2010/12/02 19:38:59 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2010/12/02 19:38:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2010/12/02 19:38:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2010/12/02 19:38:57 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2010/12/02 19:38:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2010/12/02 19:38:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2010/12/02 19:38:56 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2010/12/02 19:38:56 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2010/12/02 19:38:49 | 000,086,118 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2010/12/02 19:28:34 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2010/12/02 19:28:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2009/10/19 21:12:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 15:49:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 15:48:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 15:48:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/18 20:05:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\astro32.dll
[2008/11/10 09:41:12 | 000,013,312 | ---- | C] () -- C:\Users\altocirrus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 12:15:46 | 000,002,944 | ---- | C] () -- C:\Users\altocirrus\AppData\Roaming\wklnhst.dat
[2008/10/04 11:52:00 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/04 03:07:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/25 22:04:16 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/25 21:40:48 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/25 21:40:48 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >

Thanks,

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Photo Joy Tool Bar Malware

Unread postby torreattack » July 5th, 2011, 6:12 pm

Hi matt111:


This is my general post for when your logs show no more signs of malware.

Congratulations... your computer now appears to be malware free! :)
Please follow these simple guidelines in order to help keep your computer more secure:

Time for some housekeeping

Clean up with OTL
  • Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Now we needed to deal with security vulnerabilities

Your Internet Explorer is outdated
You can find information and install IE 9 from Here

Your Mozilla Firefox is outdated
  • In the Firefox browser click Help > Check for updates to install the latest version.


Update your Antivirus programs and other programs regularly.
Secunia Software Inspector - Copyright © Secunia. F-secure Health Check - Copyright © F-Secure Corporation.


Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
What is Windows Update?
Microsoft Vista Update Home



Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly



I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.


Happy surfing!

torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 484 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware