Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows 7 Home Security Infection in my laptop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows 7 Home Security Infection in my laptop

Unread postby prfek » July 2nd, 2011, 7:27 am

.Have a malware infection that seems to keep coming back. Here are the Logs created to give you an idea to help. This was on the instruction of askey127. Askey127 helped me clear up this infection on my desktop.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by ROB at 7:21:23 on 2011-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1797 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Mamutu\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\conhost.exe
C:\Program Files\The Cleaner\tcap.exe
C:\Program Files\Preton\PretonSaver\PretonClientService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\program files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [FreeApp] "c:\users\rob\downloads\freeapp.exe" /autorun
dRun: [Steam] "c:\program files\steam\Steam.exe" -silent
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.co ... Detect.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BFF7625E-17D4-4668-A784-D185188498DD} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DEF136EF-612E-40F0-9BA2-823CC6F2D163} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DEF136EF-612E-40F0-9BA2-823CC6F2D163}\25F424D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DEF136EF-612E-40F0-9BA2-823CC6F2D163}\25F626723702E4564777F627B6 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\920tenai.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT26452 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-27 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-2-17 15672]
R1 a2injectiondriver;a2injectiondriver;c:\program files\mamutu\a2dix86.sys [2011-4-29 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\mamutu\a2util32.sys [2011-4-29 11776]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslb97d3a45;MpKslb97d3a45;c:\programdata\microsoft\microsoft antimalware\definition updates\{5a80abae-c024-4356-a613-d95eb754f5b6}\MpKslb97d3a45.sys [2011-7-2 28752]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-27 98392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Mamutu;Mamutu Service;c:\program files\mamutu\a2service.exe [2011-4-29 2860800]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-2 218432]
R2 PretonClientService;PretonSaver;c:\program files\preton\pretonsaver\PretonClientService.exe [2011-2-2 88576]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
R3 a2acc;a2acc;c:\program files\mamutu\a2accx86.sys [2011-4-29 73728]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-26 122368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-29 167936]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 228408]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-9-17 406016]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-12-3 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-9-29 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-07-02 10:22:46 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a80abae-c024-4356-a613-d95eb754f5b6}\MpKslb97d3a45.sys
2011-07-02 10:22:45 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-07-02 10:22:30 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a80abae-c024-4356-a613-d95eb754f5b6}\mpengine.dll
2011-07-02 10:12:46 -------- d-----w- c:\users\rob\appdata\local\{0F5421DC-ED17-41B1-8166-FFDE3527F98C}
2011-06-29 16:37:43 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e7620d1d-03a0-48e4-b073-a890f6093457}\gapaengine.dll
2011-06-29 16:32:26 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-29 16:28:37 -------- d-----w- c:\users\rob\.gimp-2.6
2011-06-29 16:26:33 -------- d-----w- c:\windows\Internet Logs
2011-06-29 16:24:53 -------- d-----w- c:\programdata\Soluto
2011-06-29 15:37:03 -------- d-----w- c:\users\rob\appdata\local\{CA4AC1D8-12CC-4906-B73E-0304BB64C000}
2011-06-29 15:20:30 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{82c65728-06cb-4c43-80af-d5cfc212e4f8}\mpengine.dll
2011-06-29 15:19:52 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:19:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-29 15:19:48 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-29 15:19:17 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 15:17:47 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-29 15:17:46 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-29 15:17:46 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 15:17:46 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-29 15:15:24 -------- d-----w- c:\users\rob\appdata\roaming\EurekaLog
2011-06-29 15:04:04 -------- d-----w- c:\users\rob\appdata\local\{ABBB4734-6379-41FA-9350-6C8FD9A6C806}
2011-06-29 15:02:40 -------- d-----w- c:\users\rob\appdata\roaming\CheckPoint
2011-06-25 14:31:51 -------- d-----w- c:\users\rob\appdata\local\{5D31EAFC-52C1-4F1F-A098-B5CE3E988B73}
2011-06-25 00:52:36 -------- d-----w- c:\users\rob\appdata\local\{928E1ED8-7BC6-4364-A5A0-4C2E218E0C77}
2011-06-22 23:41:18 -------- d-----w- c:\program files\ESET
2011-06-18 12:38:05 -------- d-----w- c:\users\rob\appdata\roaming\SuperUtils.com
2011-06-18 12:38:04 -------- d-----w- c:\program files\SuperUtils.com
2011-06-15 13:31:29 -------- d-----w- c:\users\rob\appdata\local\{F12C234F-3158-49DF-BC12-1BCF4101ADAF}
2011-06-08 00:08:54 -------- d-----w- c:\users\rob\appdata\roaming\Smarty Uninstaller
2011-06-08 00:08:05 -------- d-----w- c:\program files\Smarty Uninstaller
2011-06-07 23:48:12 -------- d-----w- c:\users\rob\appdata\local\{97712F5B-15DF-4FA9-B076-F0140B591C33}
2011-06-04 14:39:33 -------- d-----w- c:\users\rob\appdata\local\{F5460B58-2D63-4696-83A3-4CF2E229BC69}
.
==================== Find3M ====================
.
2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 12:13:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-08 16:00:40 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 19:25:24 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:10:01 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-18 17:18:50 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 17:18:50 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 7:22:14.60 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2010 1:11:29 PM
System Uptime: 7/2/2011 6:10:26 AM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 234.122 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.509 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Canon MP620 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MP620 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP332: 6/22/2011 7:24:30 PM - Revo Uninstaller's restore point - Software Informer 1.0 BETA
RP333: 6/25/2011 7:59:31 AM - Restore Operation
RP334: 6/29/2011 10:16:26 AM - Windows Backup
RP335: 6/29/2011 10:36:43 AM - Restore Operation
RP336: 6/29/2011 11:12:48 AM - Windows Backup
RP337: 6/29/2011 11:20:05 AM - Windows Update
RP339: 6/29/2011 11:27:54 AM - Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus
RP341: 6/29/2011 11:29:33 AM - Revo Uninstaller's restore point - ZoneAlarm
RP343: 6/29/2011 11:31:18 AM - Revo Uninstaller's restore point - ZoneAlarm Toolbar
RP345: 6/29/2011 11:33:10 AM - Revo Uninstaller's restore point - ZoneAlarm Toolbar
RP347: 6/29/2011 11:34:04 AM - Revo Uninstaller's restore point - ZoneAlarm
RP349: 6/29/2011 11:38:29 AM - Revo Uninstaller's restore point - ZoneAlarm
RP351: 6/29/2011 11:42:29 AM - Revo Uninstaller's restore point - Soluto
RP352: 6/29/2011 11:42:44 AM - Removed Soluto
RP354: 6/29/2011 11:46:17 AM - Revo Uninstaller's restore point - Advanced SystemCare 3
RP356: 6/29/2011 11:48:32 AM - Revo Uninstaller's restore point - EasyCleaner
RP358: 6/29/2011 11:49:16 AM - Removed EasyCleaner
RP360: 6/29/2011 11:50:22 AM - Revo Uninstaller's restore point - Free Audio CD Burner version 1.4
RP362: 6/29/2011 11:53:23 AM - Revo Uninstaller's restore point - Mamutu 3.0
RP364: 6/29/2011 11:54:58 AM - Revo Uninstaller's restore point - Media Buddy 1.2.2
RP366: 6/29/2011 11:56:24 AM - Revo Uninstaller's restore point - Atheros Driver Installation Program
RP368: 6/29/2011 11:57:57 AM - Revo Uninstaller's restore point - Move Media Player
RP370: 6/29/2011 12:00:17 PM - Revo Uninstaller's restore point - Audacity 1.3.11 (Unicode)
RP372: 6/29/2011 12:01:22 PM - Revo Uninstaller's restore point - Adobe Shockwave Player
RP374: 6/29/2011 12:02:33 PM - Revo Uninstaller's restore point - Mozilla Thunderbird (3.0.4)
RP376: 6/29/2011 12:05:00 PM - Revo Uninstaller's restore point - muvee Reveal
RP377: 6/29/2011 12:05:19 PM - Removed muvee Reveal
RP379: 6/29/2011 12:08:48 PM - Revo Uninstaller's restore point - PC Brother System Care Free v2.2.3.0
RP381: 6/29/2011 12:11:28 PM - Revo Uninstaller's restore point - SPORE Creature Creator Trial Edition
RP383: 6/29/2011 12:12:52 PM - Revo Uninstaller's restore point - Steam
RP384: 6/29/2011 12:13:09 PM - Removed Steam
RP386: 6/29/2011 12:15:27 PM - Revo Uninstaller's restore point - NetZero Preloader
RP387: 6/29/2011 12:15:44 PM - Removed NetZero Preloader
RP389: 6/29/2011 12:18:37 PM - Revo Uninstaller's restore point - Superfast Shutdown
RP391: 6/29/2011 12:19:53 PM - Revo Uninstaller's restore point - Tidy Start Menu
RP392: 6/29/2011 12:30:09 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Aiseesoft Streaming Video Recorder
Ashampoo Burning Studio 2010 Advanced
Ashampoo Photo Commander 7.60
Ashampoo StartUp Tuner 2.00
Ashampoo WinOptimizer 6.60
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
D3DX10
DVD Decrypter (Remove Only)
ESU for Microsoft Vista
FrostWire 4.21.3
GIMP 2.6.8
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Product Detection
HP Quick Launch Buttons
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
iCare Format Recovery Software1.1
Inkjet Printer/Scanner Extended Survey Program
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Junk Mail filter update
Juno Preloader
KhalInstallWrapper
LabelPrint
LightScribe System Software 1.14.17.1
magicJack
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoHelper 2.0.40 Driver 4.9.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.9.0
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Patin-Couffin 19
PCHand Media Converter Pro 1.0.0.1
PeaZip 3.0
Power2Go
PowerDirector
PretonSaver Home Edition
QLBCASL
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.92
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SetPoint
Skype™ 4.2
Smart Defrag
Software Informer 1.0 BETA
Synaptics Pointing Device Driver
The Cleaner 2012
Ubee USB RNDIS and NDIS Driver
Ultima Website 1.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VSO CopyToDVD 4
Windows 7 Upgrade Advisor
Windows Essentials Media Codec Pack 2.3d
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR archiver
WinX DVD Author 5.5.8
.
==== Event Viewer Messages From Past Week ========
.
7/2/2011 6:11:57 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/29/2011 12:35:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/29/2011 12:35:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/29/2011 12:35:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/29/2011 12:24:53 PM, Error: Service Control Manager [7031] - The Mamutu Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2011 11:43:30 AM, Error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
6/29/2011 10:54:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/29/2011 10:54:11 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2011 10:54:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/29/2011 10:54:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/29/2011 10:54:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2011 10:53:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/29/2011 10:53:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 10:53:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2011 10:53:46 AM, Error: volmgr [46] - Crash dump initialization failed!
6/29/2011 10:41:17 AM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
6/29/2011 1:46:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7.
6/25/2011 8:13:49 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2011 8:11:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf
.
==== End Of File ===========================
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am
Advertisement
Register to Remove

Re: Windows 7 Home Security Infection in my laptop

Unread postby MWR 3 day Mod » July 6th, 2011, 9:12 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Windows 7 Home Security Infection in my laptop

Unread postby askey127 » July 7th, 2011, 7:12 am

Hi again, prfek,
Sorry for the delay.
Let's get this one fixed.
I don't have to tell you, I presume, about Frostwire and all the other P2P programs getting your machine(s) infected.
We will replace Java and Adobe Reader later.
In this case, I cannot be certain that The Cleaner 2012 or SmartDefrag did not damage your system.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Adobe Reader 9.4.0
FrostWire 4.21.3
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Smart Defrag
The Cleaner 2012
Software Informer 1.0 BETA

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------
Please download the following file and save it to your desktop
http://download.bleepingcomputer.com/reg/FixNCR.reg
Right click the file and choose "Run as administrator"
OK the merge with the registry.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
Rkill.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill or eXplorer desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware (right click and choose "Run as administrator")
  • Select the Update tab. Choose Check for Updates.
  • After the update have been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security Infection in my laptop

Unread postby prfek » July 7th, 2011, 11:02 am

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7041

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/7/2011 10:57:21 AM
mbam-log-2011-07-07 (10-57-21).txt

Scan type: Quick scan
Objects scanned: 165730
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security Infection in my laptop

Unread postby askey127 » July 7th, 2011, 4:23 pm

prfek,
That's better than I expected.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 26 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license
Select the link for your Platform Windows x86 offline (or Windows 64-bit if your machine is 64-bit), and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator" in Vista/Win7) and it will install the newest version of Java for you to use.
During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus(It's just adware) or any extra toolbars.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Run a Scan with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
  • Right click the icon and choose "Run as administrator" to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
    Code: Select all
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

Note: The Extras.txt file will only appear the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security Infection in my laptop

Unread postby prfek » July 7th, 2011, 7:00 pm

OTL logfile created on: 7/7/2011 6:50:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ROB\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.42% Memory free
5.86 Gb Paging File | 4.83 Gb Available in Paging File | 82.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 235.34 Gb Free Space | 81.95% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.51 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: ROB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/29 13:13:18 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Mamutu\a2service.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 00:33:14 | 000,088,576 | ---- | M] () -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe
PRC - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 19:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
MOD - [2011/04/29 13:13:29 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Mamutu\a2hooks32.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/29 13:13:18 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Mamutu\a2service.exe -- (Mamutu)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/02 00:33:14 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/01 20:27:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/07 18:35:47 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB08743A-D76A-4343-8318-CBEDD677036C}\MpKsl4aad8a84.sys -- (MpKsl4aad8a84)
DRV - [2011/04/29 13:13:27 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Mamutu\a2accx86.sys -- (a2acc)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/12/27 18:49:21 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/12/03 15:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 18:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2010/09/29 18:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Mamutu\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Mamutu\a2util32.sys -- (a2util)
DRV - [2009/11/03 13:36:25 | 000,068,608 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pcatip.sys -- (Pcatip)
DRV - [2009/10/05 10:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/10 11:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/05/26 05:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/04/22 17:13:36 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/04/22 17:13:28 | 000,035,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2005/04/21 15:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2645238&SearchSource=13"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.1.0.12
FF - prefs.js..extensions.enabledItems: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3}:3.1.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2011/03/27 15:57:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2011/07/07 18:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components

[2010/05/15 10:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Extensions
[2010/05/15 10:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/08 13:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions
[2010/05/13 17:53:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 16:12:25 | 000,000,000 | ---D | M] (Free TV Bar c3 Community Toolbar) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}
[2011/05/08 12:35:29 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/08/30 22:03:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/27 16:02:51 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\DefaultManager@Microsoft
[2011/03/27 16:12:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\engine@conduit.com
[2011/07/07 18:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 20:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/08 13:06:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/07 18:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/07 18:39:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [FreeApp] File not found
O4 - HKU\.DEFAULT..\Run: [Steam] File not found
O4 - HKU\S-1-5-18..\Run: [FreeApp] File not found
O4 - HKU\S-1-5-18..\Run: [Steam] File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.co ... Detect.cab (HP Product Detection Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 18:48:12 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
[2011/07/07 18:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/07 18:42:26 | 048,536,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\ROB\Desktop\AdbeRdr1001_en_US.exe
[2011/07/07 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/07 18:39:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/07 18:39:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/07 18:39:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/07/07 18:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/07 10:44:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/07 10:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/07 10:44:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/07 10:17:11 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{4FD25EF5-38E2-4FAD-A140-83653B6AB965}
[2011/07/06 12:33:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{40438782-CEAC-4546-8B27-2EAC993360E2}
[2011/07/04 10:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials TV
[2011/07/04 10:09:07 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\CrashRpt
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 8
[2011/07/04 10:04:43 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\RapidSolution
[2011/07/04 10:00:18 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{8A269972-4699-4076-8664-B70466ED9E09}
[2011/07/02 07:19:43 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\ROB\Desktop\dds.scr
[2011/07/02 06:12:46 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{0F5421DC-ED17-41B1-8166-FFDE3527F98C}
[2011/06/29 12:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/29 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\gegl-0.0
[2011/06/29 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\ROB\.gimp-2.6
[2011/06/29 12:26:33 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/06/29 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/06/29 11:37:03 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{CA4AC1D8-12CC-4906-B73E-0304BB64C000}
[2011/06/29 11:27:29 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/29 11:18:44 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/29 11:18:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/29 11:18:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/29 11:18:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/29 11:18:28 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/06/29 11:18:28 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/06/29 11:18:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/06/29 11:18:27 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/06/29 11:18:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/06/29 11:18:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/06/29 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\EurekaLog
[2011/06/29 11:04:04 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{ABBB4734-6379-41FA-9350-6C8FD9A6C806}
[2011/06/29 11:02:40 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\CheckPoint
[2011/06/25 10:54:42 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\Anti-Malware
[2011/06/25 10:31:51 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{5D31EAFC-52C1-4F1F-A098-B5CE3E988B73}
[2011/06/24 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{928E1ED8-7BC6-4364-A5A0-4C2E218E0C77}
[2011/06/22 19:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/18 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\order_receipt.jsp_files
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\SuperUtils.com
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\SuperUtils.com
[2011/06/15 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{F12C234F-3158-49DF-BC12-1BCF4101ADAF}
[2011/06/07 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\Smarty Uninstaller
[2011/06/07 20:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Smarty Uninstaller
[2011/06/07 19:48:12 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{97712F5B-15DF-4FA9-B076-F0140B591C33}
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/11/03 14:10:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ROB\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 18:49:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
[2011/07/07 18:44:49 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/07 18:42:28 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\ROB\Desktop\AdbeRdr1001_en_US.exe
[2011/07/07 18:39:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/07 18:39:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/07 18:39:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/07/07 18:39:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/07/07 18:31:48 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 18:31:48 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 18:29:28 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/07 18:29:28 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/07 18:24:36 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 18:24:36 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/07/07 18:24:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/07/07 18:24:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/07 18:24:13 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/07 10:44:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 10:39:13 | 001,008,041 | ---- | M] () -- C:\Users\ROB\Desktop\rkill.exe
[2011/07/07 10:38:05 | 000,001,134 | ---- | M] () -- C:\Users\ROB\Desktop\FixNCR.reg
[2011/07/04 10:09:13 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/04 10:09:00 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/07/02 07:19:46 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\ROB\Desktop\dds.scr
[2011/06/29 13:48:11 | 000,348,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 12:33:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/29 11:38:42 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/29 11:27:30 | 000,001,226 | ---- | M] () -- C:\Users\ROB\Desktop\Revo Uninstaller.lnk
[2011/06/25 10:26:15 | 000,009,478 | -HS- | M] () -- C:\Users\ROB\AppData\Local\60gd6043ddatg5fe6ug2h2f51et588p0255f66r0yt2
[2011/06/25 08:04:39 | 000,008,766 | -HS- | M] () -- C:\ProgramData\60gd6043ddatg5fe6ug2h2f51et588p0255f66r0yt2
[2011/06/22 19:12:19 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/18 14:04:58 | 000,222,120 | ---- | M] () -- C:\Users\ROB\Documents\order_receipt.jsp.htm
[2011/06/07 19:48:49 | 000,005,536 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/06/07 19:48:49 | 000,002,142 | ---- | M] () -- C:\Windows\System32\.lck
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 18:44:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/07 18:44:49 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/07 10:44:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 10:39:08 | 001,008,041 | ---- | C] () -- C:\Users\ROB\Desktop\rkill.exe
[2011/07/07 10:38:04 | 000,001,134 | ---- | C] () -- C:\Users\ROB\Desktop\FixNCR.reg
[2011/07/04 10:09:13 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk
[2011/07/04 10:09:13 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/04 10:09:00 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/06/29 12:32:32 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/29 11:05:05 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/06/24 22:43:17 | 000,009,478 | -HS- | C] () -- C:\Users\ROB\AppData\Local\60gd6043ddatg5fe6ug2h2f51et588p0255f66r0yt2
[2011/06/24 22:43:17 | 000,008,766 | -HS- | C] () -- C:\ProgramData\60gd6043ddatg5fe6ug2h2f51et588p0255f66r0yt2
[2011/06/18 14:04:56 | 000,222,120 | ---- | C] () -- C:\Users\ROB\Documents\order_receipt.jsp.htm
[2011/05/26 11:24:25 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/17 23:18:58 | 000,028,496 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/02/17 23:18:58 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/05/18 11:13:23 | 000,000,083 | ---- | C] () -- C:\Windows\System32\gpupdate.bin
[2010/05/11 10:12:26 | 000,000,017 | ---- | C] () -- C:\Users\ROB\AppData\Local\resmon.resmoncfg
[2010/03/29 20:39:13 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/20 16:16:10 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/02/20 16:16:08 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/02/20 16:16:08 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/02/18 09:05:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/02/17 14:57:08 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/02/17 13:27:13 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/15 02:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/11/03 14:10:04 | 000,087,608 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\inst.exe
[2009/11/03 14:10:04 | 000,007,887 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\pcouffin.cat
[2009/11/03 14:10:04 | 000,001,144 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\pcouffin.inf
[2009/10/08 10:59:52 | 000,001,627 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/10/06 13:41:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 11:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/08/10 09:14:26 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 16:29:22 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,348,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/26 05:12:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/11 10:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/29 10:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/05/11 09:15:17 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\AltDesk
[2010/09/17 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Ashampoo
[2010/02/17 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Canon
[2011/06/29 11:02:40 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\CheckPoint
[2010/08/30 22:03:44 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/29 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\EurekaLog
[2011/03/27 15:44:26 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\FrostWire
[2011/06/29 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\IObit
[2011/06/29 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\mjusbsp
[2010/03/02 18:33:37 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Opera
[2010/10/28 19:41:48 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Panda Security
[2010/03/30 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\PeaZip
[2011/06/29 10:28:15 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Smarty Uninstaller
[2011/06/29 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Software Informer
[2011/06/18 08:38:05 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\SuperUtils.com
[2010/10/28 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\SurfSecret Privacy Suite
[2011/04/04 09:38:29 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\thecleaner
[2011/06/29 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Tidy Start Menu
[2010/05/24 13:06:13 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Ultima Website
[2010/07/16 18:55:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Uniblue
[2011/06/29 12:29:25 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\uTorrent
[2009/11/03 14:20:20 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Vso
[2011/04/04 09:56:14 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Windows Live Writer
[2010/02/17 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2011/07/07 18:24:36 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/10/01 07:57:23 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/08 23:08:02 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\program files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\program files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\program files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\program files\Mozilla Firefox\firefox.exe" -preferences [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:C31F31E6

< End of report >
OTL Extras logfile created on: 7/7/2011 6:50:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ROB\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.42% Memory free
5.86 Gb Paging File | 4.83 Gb Available in Paging File | 82.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 235.34 Gb Free Space | 81.95% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.51 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: ROB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2874471275-2695371719-2287692041-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{484B100E-6FBE-4631-BC55-5F872FD8E020}" = HP Wireless Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54B4FDFB-9345-4EC9-AA2B-B1476A8B20EF}_is1" = iCare Format Recovery Software1.1
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.0
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9055D15D-BAB4-487A-BA0D-0CC302613455}" = PretonSaver Home Edition
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9120E9AE-40AD-42BD-9C67-2E855099D5E8}_is1" = Patin-Couffin 19
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B11A4C66-9E9A-49E1-8C16-F71CCF3F6921}" = Audials
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7C7C686-8479-4173-9570-F4B350D91B37}" = Motorola Mobile Drivers Installation 4.9.0
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED1CF08-037C-444F-8FE8-4806BD317D34}" = Ubee USB RNDIS and NDIS Driver
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aiseesoft Streaming Video Recorder_is1" = Aiseesoft Streaming Video Recorder
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo StartUp Tuner 2_is1" = Ashampoo StartUp Tuner 2.00
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MotoHelper" = MotoHelper 2.0.40 Driver 4.9.0
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PCHand Media Converter Pro_is1" = PCHand Media Converter Pro 1.0.0.1
"Revo Uninstaller" = Revo Uninstaller 1.92
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"Ultima Website_is1" = Ultima Website 1.7
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = My HP Games
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"WinX DVD Author_is1" = WinX DVD Author 5.5.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2874471275-2695371719-2287692041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security Infection in my laptop

Unread postby askey127 » July 7th, 2011, 8:39 pm

prfek,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2874471275-2695371719-2287692041-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
    
    O4 - HKU\.DEFAULT..\Run: [FreeApp] File not found
    O4 - HKU\S-1-5-18..\Run: [FreeApp] File not found
    [2011/06/24 22:43:17 | 000,009,478 | -HS- | C] () -- C:\Users\ROB\AppData\Local\60gd6043ddatg5fe6ug2h2f51et588p0255f66r0yt2
    [2011/06/24 22:43:17 | 000,008,766 | -HS- | C] () -- C:\ProgramData\60gd6043ddatg5fe6ug2h2f51et588p0255f66r0yt2
    [2011/03/27 15:44:26 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\FrostWire
    [2011/06/29 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\IObit
    [2011/04/04 09:38:29 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\thecleaner
    [2011/06/29 12:29:25 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\uTorrent
    [2010/08/08 23:08:02 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security Infection in my laptop

Unread postby prfek » July 8th, 2011, 12:02 pm

OTL logfile created on: 7/8/2011 11:47:00 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ROB\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.99% Memory free
5.86 Gb Paging File | 5.11 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 235.96 Gb Free Space | 82.17% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.51 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: ROB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/29 13:13:18 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Mamutu\a2service.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 00:33:14 | 000,088,576 | ---- | M] () -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe
PRC - [2011/01/30 11:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 19:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
MOD - [2011/04/29 13:13:29 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Mamutu\a2hooks32.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/29 13:13:18 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Mamutu\a2service.exe -- (Mamutu)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/02 00:33:14 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/01 20:27:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 11:45:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB08743A-D76A-4343-8318-CBEDD677036C}\MpKsld4d97c03.sys -- (MpKsld4d97c03)
DRV - [2011/04/29 13:13:27 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Mamutu\a2accx86.sys -- (a2acc)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/12/27 18:49:21 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/12/03 15:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 18:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2010/09/29 18:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Mamutu\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Mamutu\a2util32.sys -- (a2util)
DRV - [2009/11/03 13:36:25 | 000,068,608 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pcatip.sys -- (Pcatip)
DRV - [2009/10/05 10:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/10 11:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/05/26 05:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/04/22 17:13:36 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/04/22 17:13:28 | 000,035,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2005/04/21 15:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2645238&SearchSource=13"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.1.0.12
FF - prefs.js..extensions.enabledItems: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3}:3.1.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2011/03/27 15:57:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2011/07/07 18:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components

[2010/05/15 10:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Extensions
[2010/05/15 10:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/08 13:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions
[2010/05/13 17:53:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 16:12:25 | 000,000,000 | ---D | M] (Free TV Bar c3 Community Toolbar) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}
[2011/05/08 12:35:29 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/08/30 22:03:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/27 16:02:51 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\DefaultManager@Microsoft
[2011/03/27 16:12:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\engine@conduit.com
[2011/07/07 18:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 20:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/08 13:06:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/07 18:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/07 18:39:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.co ... Detect.cab (HP Product Detection Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 11:40:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/08 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{FC7E0720-CA49-456E-960C-11509FFEB454}
[2011/07/07 18:48:12 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
[2011/07/07 18:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/07 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/07 18:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/07 10:44:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/07 10:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/07 10:44:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/07 10:17:11 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{4FD25EF5-38E2-4FAD-A140-83653B6AB965}
[2011/07/06 12:33:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{40438782-CEAC-4546-8B27-2EAC993360E2}
[2011/07/04 10:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials TV
[2011/07/04 10:09:07 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\CrashRpt
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 8
[2011/07/04 10:04:43 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\RapidSolution
[2011/07/04 10:00:18 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{8A269972-4699-4076-8664-B70466ED9E09}
[2011/07/02 07:19:43 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\ROB\Desktop\dds.scr
[2011/07/02 06:12:46 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{0F5421DC-ED17-41B1-8166-FFDE3527F98C}
[2011/06/29 12:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/29 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\gegl-0.0
[2011/06/29 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\ROB\.gimp-2.6
[2011/06/29 12:26:33 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/06/29 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/06/29 11:37:03 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{CA4AC1D8-12CC-4906-B73E-0304BB64C000}
[2011/06/29 11:27:29 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/29 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\EurekaLog
[2011/06/29 11:04:04 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{ABBB4734-6379-41FA-9350-6C8FD9A6C806}
[2011/06/29 11:02:40 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\CheckPoint
[2011/06/25 10:54:42 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\Anti-Malware
[2011/06/25 10:31:51 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{5D31EAFC-52C1-4F1F-A098-B5CE3E988B73}
[2011/06/24 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{928E1ED8-7BC6-4364-A5A0-4C2E218E0C77}
[2011/06/22 19:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/18 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\order_receipt.jsp_files
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\SuperUtils.com
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\SuperUtils.com
[2011/06/15 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{F12C234F-3158-49DF-BC12-1BCF4101ADAF}
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/11/03 14:10:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ROB\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/08 11:49:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 11:49:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 11:45:41 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/07/08 11:45:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/07/08 11:45:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 11:45:12 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 11:44:24 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 11:44:24 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 11:41:33 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/08 11:41:33 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
[2011/07/07 18:44:49 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/07 10:44:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 10:39:13 | 001,008,041 | ---- | M] () -- C:\Users\ROB\Desktop\rkill.exe
[2011/07/07 10:38:05 | 000,001,134 | ---- | M] () -- C:\Users\ROB\Desktop\FixNCR.reg
[2011/07/04 10:09:13 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/04 10:09:00 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/07/02 07:19:46 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\ROB\Desktop\dds.scr
[2011/06/29 13:48:11 | 000,348,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 12:33:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/29 11:38:42 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/29 11:27:30 | 000,001,226 | ---- | M] () -- C:\Users\ROB\Desktop\Revo Uninstaller.lnk
[2011/06/22 19:12:19 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/18 14:04:58 | 000,222,120 | ---- | M] () -- C:\Users\ROB\Documents\order_receipt.jsp.htm

========== Files Created - No Company Name ==========

[2011/07/07 18:44:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/07 18:44:49 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/07 10:44:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 10:39:08 | 001,008,041 | ---- | C] () -- C:\Users\ROB\Desktop\rkill.exe
[2011/07/07 10:38:04 | 000,001,134 | ---- | C] () -- C:\Users\ROB\Desktop\FixNCR.reg
[2011/07/04 10:09:13 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk
[2011/07/04 10:09:13 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/04 10:09:00 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/06/29 12:32:32 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/29 11:05:05 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/06/18 14:04:56 | 000,222,120 | ---- | C] () -- C:\Users\ROB\Documents\order_receipt.jsp.htm
[2011/05/26 11:24:25 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/17 23:18:58 | 000,028,496 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/02/17 23:18:58 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/05/18 11:13:23 | 000,000,083 | ---- | C] () -- C:\Windows\System32\gpupdate.bin
[2010/05/11 10:12:26 | 000,000,017 | ---- | C] () -- C:\Users\ROB\AppData\Local\resmon.resmoncfg
[2010/03/29 20:39:13 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/20 16:16:10 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/02/20 16:16:08 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/02/20 16:16:08 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/02/18 09:05:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/02/17 14:57:08 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/02/17 13:27:13 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/15 02:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/11/03 14:10:04 | 000,087,608 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\inst.exe
[2009/11/03 14:10:04 | 000,007,887 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\pcouffin.cat
[2009/11/03 14:10:04 | 000,001,144 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\pcouffin.inf
[2009/10/08 10:59:52 | 000,001,627 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/10/06 13:41:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 11:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/08/10 09:14:26 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 16:29:22 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,348,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/26 05:12:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/11 10:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/29 10:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/05/11 09:15:17 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\AltDesk
[2010/09/17 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Ashampoo
[2010/02/17 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Canon
[2011/06/29 11:02:40 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\CheckPoint
[2010/08/30 22:03:44 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/29 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\EurekaLog
[2011/06/29 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\mjusbsp
[2010/03/02 18:33:37 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Opera
[2010/10/28 19:41:48 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Panda Security
[2010/03/30 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\PeaZip
[2011/06/29 10:28:15 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Smarty Uninstaller
[2011/06/29 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Software Informer
[2011/06/18 08:38:05 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\SuperUtils.com
[2010/10/28 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\SurfSecret Privacy Suite
[2011/06/29 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Tidy Start Menu
[2010/05/24 13:06:13 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Ultima Website
[2010/07/16 18:55:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Uniblue
[2009/11/03 14:20:20 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Vso
[2011/04/04 09:56:14 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Windows Live Writer
[2010/02/17 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2011/07/08 11:45:41 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/10/01 07:57:23 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:C31F31E6

< End of report >
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security Infection in my laptop

Unread postby askey127 » July 8th, 2011, 12:52 pm

prfek,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    
    [2010/07/16 18:55:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Uniblue
    [2011/02/17 23:18:58 | 000,028,496 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - File not found
    [2011/05/08 12:35:29 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    
    [2011/03/27 16:12:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\engine@conduit.com
    [2011/03/27 16:12:25 | 000,000,000 | ---D | M] (Free TV Bar c3 Community Toolbar) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}
    
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.1.0.12
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2645238&SearchSource=13"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
    DRV - [2011/04/29 13:13:27 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Mamutu\a2accx86.sys -- (a2acc)
    SRV - [2011/04/29 13:13:18 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Mamutu\a2service.exe -- (Mamutu)
    MOD - [2011/04/29 13:13:29 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Mamutu\a2hooks32.dll
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security Infection in my laptop

Unread postby prfek » July 8th, 2011, 1:46 pm

OTL logfile created on: 7/8/2011 1:39:55 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ROB\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 71.21% Memory free
5.86 Gb Paging File | 4.93 Gb Available in Paging File | 84.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 235.95 Gb Free Space | 82.17% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.51 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: ROB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 00:33:14 | 000,088,576 | ---- | M] () -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe
PRC - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 19:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
MOD - [2011/04/29 13:13:29 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Mamutu\a2hooks32.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/02 00:33:14 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/01 20:27:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 13:24:54 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB08743A-D76A-4343-8318-CBEDD677036C}\MpKsl9270ea67.sys -- (MpKsl9270ea67)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/12/27 18:49:21 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/12/03 15:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 18:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2010/09/29 18:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Mamutu\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Mamutu\a2util32.sys -- (a2util)
DRV - [2009/11/03 13:36:25 | 000,068,608 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pcatip.sys -- (Pcatip)
DRV - [2009/10/05 10:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/10 11:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/05/26 05:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/04/22 17:13:36 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/04/22 17:13:28 | 000,035,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2005/04/21 15:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3}:3.1.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2011/03/27 15:57:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2011/07/07 18:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components

[2010/05/15 10:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Extensions
[2010/05/15 10:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/07/08 13:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions
[2010/05/13 17:53:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 22:03:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/27 16:02:51 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\920tenai.default\extensions\DefaultManager@Microsoft
[2011/07/07 18:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 20:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/08 13:06:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/07 18:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\920TENAI.DEFAULT\EXTENSIONS\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
File not found (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\920TENAI.DEFAULT\EXTENSIONS\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
File not found (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\920TENAI.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/07 18:39:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.co ... Detect.cab (HP Product Detection Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 11:40:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/08 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{FC7E0720-CA49-456E-960C-11509FFEB454}
[2011/07/07 18:48:12 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
[2011/07/07 18:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/07 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/07 18:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/07 10:44:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/07 10:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/07 10:44:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/07 10:17:11 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{4FD25EF5-38E2-4FAD-A140-83653B6AB965}
[2011/07/06 12:33:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{40438782-CEAC-4546-8B27-2EAC993360E2}
[2011/07/04 10:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials TV
[2011/07/04 10:09:07 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\CrashRpt
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2011/07/04 10:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 8
[2011/07/04 10:04:43 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\RapidSolution
[2011/07/04 10:00:18 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{8A269972-4699-4076-8664-B70466ED9E09}
[2011/07/02 07:19:43 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\ROB\Desktop\dds.scr
[2011/07/02 06:12:46 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{0F5421DC-ED17-41B1-8166-FFDE3527F98C}
[2011/06/29 12:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/29 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\gegl-0.0
[2011/06/29 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\ROB\.gimp-2.6
[2011/06/29 12:26:33 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/06/29 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/06/29 11:37:03 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{CA4AC1D8-12CC-4906-B73E-0304BB64C000}
[2011/06/29 11:27:29 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/29 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\EurekaLog
[2011/06/29 11:04:04 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{ABBB4734-6379-41FA-9350-6C8FD9A6C806}
[2011/06/29 11:02:40 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\CheckPoint
[2011/06/25 10:54:42 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\Anti-Malware
[2011/06/25 10:31:51 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{5D31EAFC-52C1-4F1F-A098-B5CE3E988B73}
[2011/06/24 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{928E1ED8-7BC6-4364-A5A0-4C2E218E0C77}
[2011/06/22 19:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/18 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\ROB\Documents\order_receipt.jsp_files
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\SuperUtils.com
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\SuperUtils.com
[2011/06/15 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\ROB\AppData\Local\{F12C234F-3158-49DF-BC12-1BCF4101ADAF}
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/11/03 14:10:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ROB\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/08 13:32:13 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 13:32:13 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 13:29:40 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/08 13:29:40 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/08 13:25:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 13:25:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/07/08 13:24:59 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/07/08 13:24:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 13:24:42 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 11:49:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 18:48:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ROB\Desktop\OTL.exe
[2011/07/07 18:44:49 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/07 10:44:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 10:39:13 | 001,008,041 | ---- | M] () -- C:\Users\ROB\Desktop\rkill.exe
[2011/07/07 10:38:05 | 000,001,134 | ---- | M] () -- C:\Users\ROB\Desktop\FixNCR.reg
[2011/07/04 10:09:13 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/04 10:09:00 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/07/02 07:19:46 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\ROB\Desktop\dds.scr
[2011/06/29 13:48:11 | 000,348,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 12:33:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/29 11:38:42 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/29 11:27:30 | 000,001,226 | ---- | M] () -- C:\Users\ROB\Desktop\Revo Uninstaller.lnk
[2011/06/22 19:12:19 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/18 14:04:58 | 000,222,120 | ---- | M] () -- C:\Users\ROB\Documents\order_receipt.jsp.htm

========== Files Created - No Company Name ==========

[2011/07/07 18:44:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/07 18:44:49 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/07 10:44:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 10:39:08 | 001,008,041 | ---- | C] () -- C:\Users\ROB\Desktop\rkill.exe
[2011/07/07 10:38:04 | 000,001,134 | ---- | C] () -- C:\Users\ROB\Desktop\FixNCR.reg
[2011/07/04 10:09:13 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk
[2011/07/04 10:09:13 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/04 10:09:00 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/06/29 12:32:32 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/29 11:05:05 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/06/18 14:04:56 | 000,222,120 | ---- | C] () -- C:\Users\ROB\Documents\order_receipt.jsp.htm
[2011/05/26 11:24:25 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/17 23:18:58 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/05/18 11:13:23 | 000,000,083 | ---- | C] () -- C:\Windows\System32\gpupdate.bin
[2010/05/11 10:12:26 | 000,000,017 | ---- | C] () -- C:\Users\ROB\AppData\Local\resmon.resmoncfg
[2010/03/29 20:39:13 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/20 16:16:10 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/02/20 16:16:08 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/02/20 16:16:08 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/02/18 09:05:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/02/17 14:57:08 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/02/17 13:27:13 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/15 02:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/11/03 14:10:04 | 000,087,608 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\inst.exe
[2009/11/03 14:10:04 | 000,007,887 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\pcouffin.cat
[2009/11/03 14:10:04 | 000,001,144 | ---- | C] () -- C:\Users\ROB\AppData\Roaming\pcouffin.inf
[2009/10/08 10:59:52 | 000,001,627 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/10/06 13:41:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 11:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/08/10 09:14:26 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 16:29:22 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,348,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/26 05:12:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/11 10:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/29 10:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/05/11 09:15:17 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\AltDesk
[2010/09/17 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Ashampoo
[2010/02/17 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Canon
[2011/06/29 11:02:40 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\CheckPoint
[2010/08/30 22:03:44 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/29 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\EurekaLog
[2011/06/29 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\mjusbsp
[2010/03/02 18:33:37 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Opera
[2010/10/28 19:41:48 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Panda Security
[2010/03/30 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\PeaZip
[2011/06/29 10:28:15 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Smarty Uninstaller
[2011/06/29 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Software Informer
[2011/06/18 08:38:05 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\SuperUtils.com
[2010/10/28 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\SurfSecret Privacy Suite
[2011/06/29 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Tidy Start Menu
[2010/05/24 13:06:13 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Ultima Website
[2009/11/03 14:20:20 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Vso
[2011/04/04 09:56:14 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\Windows Live Writer
[2010/02/17 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\ROB\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2011/07/08 13:25:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/10/01 07:57:23 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:C31F31E6

< End of report >
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security Infection in my laptop

Unread postby askey127 » July 8th, 2011, 6:05 pm

I would suggest staying off ask.com and conduit.com
Just use Google or Bing for searches.
Keep it simple and be careful what you click on.
Search engines designed to "help you" don't.
How is it running?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security Infection in my laptop

Unread postby prfek » July 8th, 2011, 9:32 pm

everything seems to be working fine. I really appreciate your help.
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security Infection in my laptop

Unread postby askey127 » July 9th, 2011, 8:05 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware