Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help needed with browser hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help needed with browser hijack

Unread postby dcowie » February 8th, 2010, 9:09 pm

J&J,

Computer appears to be fine. In fact, I haven't noticed any problems since the first time I ran ComboFix on my machine.
Here are the OTL logs:

OTL Extras logfile created on: 08/02/2010 7:17:00 PM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 116.22 Gb Free Space | 52.17% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HARRY
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048D447E-961F-404A-BF81-9BFDF141B32E}" = lport=445 | protocol=6 | dir=in | app=system |
"{0647995B-B93B-45C2-8CEE-381DC5354AF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14B5624C-F061-448B-B836-412F06BFE0BA}" = rport=137 | protocol=17 | dir=out | app=system |
"{2EF36DA3-FC9D-4A4A-8746-11B864FF106A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F470F77-1470-4329-8249-BA0544FFAF48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AE471AB-4227-40ED-9C71-B5BC917A2D4A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3EAA141D-6FE9-495D-9D21-C8E390E0F7CE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5364E6A7-A8B2-45D6-8A7E-D47EB02B0F58}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53B25B81-2BEB-4CE2-8581-69CC4DE1C1DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{648FDD6E-2709-492A-A2DF-0591C3670AE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E256D9C-EC73-43AB-B212-CB36923DF90D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{861F6549-D718-4148-8B1B-0B5F4EAD755B}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E64E0E4-2035-4C6A-B04C-B75AC92E54D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{BCE7A8DD-7F4B-4ED3-A8F7-6BBA8FD7D52C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C0CB8F59-4A9F-4730-A90D-4818DEB856BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{C3DD1CD7-67E8-4672-93A5-E4063ACEAF6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{CE63AC42-175D-4AFD-AB4E-9E089BDB23F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0C816BC-F4C5-4537-8AD9-8FC50D41A82D}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048BA0BC-1C90-401D-8AA9-CA2BA362DD62}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0A09C139-BBBF-4E73-BA9A-9772C018CDC1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{0D339E68-1073-410A-B709-C82E9181DA87}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{14F14F68-E02C-4C71-8327-A964AA5A88E3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{25383295-9DC9-44CA-9C82-34875ED0371A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2B34F66B-F6DB-4929-B529-D6681AA71F2C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{2EECDC65-EBA9-456D-8281-5D74AB995C77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E4F2EEE-5859-4022-8819-B2A52A29F255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F5F1952-CBE9-4CAD-8183-D0BE46F64506}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5C7EBF62-3A07-4F68-9E10-25985FDED923}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6A795C98-971B-445B-BE43-522181F78876}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A90FFE46-16C6-419A-A7EA-3AD4FAD9B453}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A94A0771-4721-4058-B08F-66B6DFB7AD91}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{AECBDC4B-A996-47F0-9531-8EA84BE3C967}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B7A3FC53-5CCD-4CF7-8431-D34190740338}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C844BE18-3D23-4E5B-A95F-761E6A9053F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBE02381-2BAB-480C-BC91-0C35B4FE74E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D264CD38-A1F8-4072-A976-611BDAA99932}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D9E56566-84DE-4714-BE50-548FC6540551}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DC481A02-E0CC-4EFF-99A2-8A727C8E8185}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6907524-D9BC-489D-8125-86DE3FA0ED28}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E70CA18D-BFDA-477A-9131-18A17CE7C0D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EFF176DF-A0D4-4B0B-8CE7-D5990C5F656B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB617100-B00B-4C34-920A-5B5547D8749B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF426218-0F5F-4A1B-B3E2-757BD280C9D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2A96E09E-EF11-431D-BFE7-AA8F2A99E2AF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{59222552-6315-477C-B59C-7DA1E1D959F2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{62D5E991-9D11-457D-A932-04C3AB7CF169}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{757137EE-14BE-4CF2-BFDB-807B07CE73BE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9CE451EF-A033-4266-81CF-1286DC4B0A0D}C:\users\david\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C938172B-96AB-4EF7-BC09-ADB101DFC115}C:\program files\pokeroffice\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe |
"UDP Query User{2FE5F945-7CED-4C85-A79D-5CD2E957A1A5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6FC4F5DE-A310-492C-B4B3-5728A41EC10B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7E0992F8-790F-4123-B917-3AB4804DEA6A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{B67E4C4B-6762-4456-B905-019242F4EB9D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B93C7B3E-CBBF-4E05-BB0A-4C32DAC7558A}C:\users\david\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{D30F39B0-5C03-4EBE-AFA4-67CE69E1B01A}C:\program files\pokeroffice\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 18
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.3.40
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{82B7209D-B838-4BC6-9390-4F1D06E12068}" = AVerMedia M779 Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}" = Black's Digital Solution Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AMDAway INF" = AMDAway INF
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVIcodec" = AVIcodec (remove only)
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoToAssist" = GoToAssist 8.0.0.480
"InstallShield_{82B7209D-B838-4BC6-9390-4F1D06E12068}" = AVerMedia M779 Driver
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"mp3-2-wav" = mp3-2-wav converter 1.14
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PhotoStitch" = Canon Utilities PhotoStitch
"PokerStars" = PokerStars
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR archiver
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

-----------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 08/02/2010 7:17:00 PM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 116.22 Gb Free Space | 52.17% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HARRY
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/02 06:51:01 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/21 02:24:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/08 08:11:03 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/31 18:35:22 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\David\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/27 19:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/21 16:25:48 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 16:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/01 14:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/03/25 10:35:26 | 001,732,608 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/02/02 06:51:01 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/24 20:57:14 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/02 09:14:45 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/21 16:48:10 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/25 10:35:26 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV - [2010/01/26 16:54:36 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/13 11:51:08 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/04/16 13:51:56 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/09/17 07:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/10 16:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/03/01 15:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/21 14:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 14:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 14:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/06 00:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/01/21 11:31:44 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FLMckUSB.sys -- (FLMCKUSB) AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\S-1-5-21-2209711222-1865678921-789788502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/08 19:03:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/08 19:10:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/08 19:14:52 | 000,000,000 | ---D | M]

[2008/12/09 11:47:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/02/08 07:28:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4heyesc6.default\extensions
[2008/08/13 07:11:48 | 000,002,386 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4heyesc6.default\searchplugins\siteadvisor.xml
[2010/02/08 19:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/04 21:44:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000..\Run: [Google Update] C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/08 19:14:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/08 19:07:59 | 008,327,264 | ---- | C] (Mozilla) -- C:\Users\David\Desktop\Firefox Setup 3.6.exe
[2010/02/08 07:36:59 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Malware Logs
[2010/02/07 12:36:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/07 11:16:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Adobe
[2010/02/07 09:01:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/07 09:01:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2010/02/07 08:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/07 08:32:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/07 08:24:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Apple Computer
[2010/02/07 08:11:10 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\David\Desktop\ATF-Cleaner.exe
[2010/02/04 21:18:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/04 21:18:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/04 21:18:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/04 21:18:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/04 21:17:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/02 07:04:30 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\SysProt
[2010/02/02 06:50:38 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2010/02/01 21:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/01 21:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/01 21:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/30 09:46:40 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/01/30 09:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/01/30 09:43:45 | 001,560,952 | ---- | C] (Microsoft Corporation) -- C:\Users\David\Desktop\MGADiag.exe
[2010/01/29 09:20:01 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Users\David\Desktop\StartUpLite.exe
[2010/01/27 19:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/27 19:41:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/27 19:41:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/27 19:41:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/24 09:09:19 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/01/23 16:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/23 15:35:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/23 13:29:59 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/23 13:18:24 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/01/23 13:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/23 13:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/01/23 12:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/23 12:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/23 08:10:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2010/01/23 08:10:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/23 08:10:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/23 08:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/23 08:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 21:10:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/22 21:10:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/22 21:10:03 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 21:10:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 21:10:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 21:10:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 21:10:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 21:10:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 21:10:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 21:09:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 21:09:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/22 21:09:58 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 21:09:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 21:09:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 21:09:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 21:09:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/18 09:11:20 | 000,000,000 | ---D | C] -- C:\68b411019a85948517
[2008/12/13 11:51:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\David\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/02/08 19:16:01 | 003,932,160 | -HS- | M] () -- C:\Users\David\ntuser.dat
[2010/02/08 19:14:52 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/08 19:10:41 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/08 19:09:19 | 008,327,264 | ---- | M] (Mozilla) -- C:\Users\David\Desktop\Firefox Setup 3.6.exe
[2010/02/08 19:07:09 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/08 19:07:09 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/08 18:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2209711222-1865678921-789788502-1000UA.job
[2010/02/08 15:58:30 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5534744B-AA83-4504-A996-4815F336029C}.job
[2010/02/08 15:53:59 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/08 07:19:40 | 000,012,152 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/02/08 07:07:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/08 07:07:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/08 07:07:02 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 21:43:10 | 000,524,288 | -HS- | M] () -- C:\Users\David\ntuser.dat{ba2d0684-07c0-11df-baf8-ada2ffca9819}.TMContainer00000000000000000001.regtrans-ms
[2010/02/07 21:43:10 | 000,065,536 | -HS- | M] () -- C:\Users\David\ntuser.dat{ba2d0684-07c0-11df-baf8-ada2ffca9819}.TM.blf
[2010/02/07 21:42:54 | 002,698,011 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
[2010/02/07 19:40:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2209711222-1865678921-789788502-1000Core.job
[2010/02/07 08:57:11 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/07 08:32:06 | 003,849,953 | R--- | M] () -- C:\Users\David\Desktop\ComboFix.exe
[2010/02/07 08:11:14 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\David\Desktop\ATF-Cleaner.exe
[2010/02/04 21:44:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/02 06:51:01 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2010/02/01 07:44:53 | 226,920,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/01 07:41:53 | 000,293,376 | ---- | M] () -- C:\Users\David\Desktop\kt5yy707.exe
[2010/02/01 07:18:40 | 000,068,160 | ---- | M] () -- C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/01 07:18:17 | 000,282,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/31 13:11:52 | 000,010,716 | ---- | M] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2010/01/31 13:07:41 | 000,002,477 | ---- | M] () -- C:\Users\David\Desktop\HiJackThis.lnk
[2010/01/30 09:48:00 | 000,441,856 | ---- | M] () -- C:\Users\David\Desktop\CKScanner.exe
[2010/01/30 09:43:51 | 001,560,952 | ---- | M] (Microsoft Corporation) -- C:\Users\David\Desktop\MGADiag.exe
[2010/01/29 18:57:43 | 000,225,280 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 18:57:13 | 000,000,668 | ---- | M] () -- C:\Users\David\AppData\Roaming\vso_ts_preview.xml
[2010/01/29 09:20:01 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\David\Desktop\StartUpLite.exe
[2010/01/27 13:41:02 | 000,002,044 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2010/01/26 16:54:36 | 000,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2010/01/24 07:00:22 | 000,001,356 | ---- | M] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2010/01/23 16:42:26 | 001,401,344 | ---- | M] () -- C:\Users\David\Desktop\HijackThis.msi
[2010/01/23 15:14:42 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/01/23 15:14:42 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/01/23 12:14:30 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Spybot - Search & Destroy.lnk
[2010/01/23 08:10:26 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 20:52:50 | 000,524,288 | -HS- | M] () -- C:\Users\David\ntuser.dat{ba2d0684-07c0-11df-baf8-ada2ffca9819}.TMContainer00000000000000000002.regtrans-ms
[2010/01/22 20:46:59 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/22 20:46:59 | 000,065,536 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/02/08 19:14:52 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/08 19:10:41 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/07 08:32:02 | 003,849,953 | R--- | C] () -- C:\Users\David\Desktop\ComboFix.exe
[2010/02/04 21:18:49 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/04 21:18:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/04 21:18:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/04 21:18:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/04 21:18:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/01 21:15:49 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/01 07:41:48 | 000,293,376 | ---- | C] () -- C:\Users\David\Desktop\kt5yy707.exe
[2010/01/30 09:47:59 | 000,441,856 | ---- | C] () -- C:\Users\David\Desktop\CKScanner.exe
[2010/01/23 16:43:41 | 000,002,477 | ---- | C] () -- C:\Users\David\Desktop\HiJackThis.lnk
[2010/01/23 16:42:15 | 001,401,344 | ---- | C] () -- C:\Users\David\Desktop\HijackThis.msi
[2010/01/23 16:36:51 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/23 13:21:06 | 000,012,152 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2010/01/23 13:18:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2010/01/23 13:18:08 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2010/01/23 12:14:30 | 000,001,017 | ---- | C] () -- C:\Users\David\Desktop\Spybot - Search & Destroy.lnk
[2010/01/23 08:10:26 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 20:52:50 | 000,524,288 | -HS- | C] () -- C:\Users\David\ntuser.dat{ba2d0684-07c0-11df-baf8-ada2ffca9819}.TMContainer00000000000000000002.regtrans-ms
[2010/01/22 20:52:50 | 000,524,288 | -HS- | C] () -- C:\Users\David\ntuser.dat{ba2d0684-07c0-11df-baf8-ada2ffca9819}.TMContainer00000000000000000001.regtrans-ms
[2010/01/22 20:52:50 | 000,065,536 | -HS- | C] () -- C:\Users\David\ntuser.dat{ba2d0684-07c0-11df-baf8-ada2ffca9819}.TM.blf
[2009/08/18 16:37:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/22 08:05:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/25 11:46:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/12/13 11:52:40 | 000,000,668 | ---- | C] () -- C:\Users\David\AppData\Roaming\vso_ts_preview.xml
[2008/12/13 11:52:23 | 000,000,034 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.log
[2008/12/13 11:51:08 | 000,007,887 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.cat
[2008/12/13 11:51:08 | 000,001,144 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.inf
[2007/11/08 15:46:10 | 000,010,716 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2007/11/05 13:55:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/22 18:03:02 | 000,225,280 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/21 08:05:13 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/10/21 07:10:19 | 000,001,356 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2007/04/10 16:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2007/02/22 10:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007/02/22 10:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

========== LOP Check ==========

[2008/10/08 17:03:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Autodesk
[2008/12/22 17:10:35 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2008/09/06 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TravelerSafe+
[2010/01/28 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Vso
[2009/02/16 11:01:38 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\WorksImaging
[2010/01/23 15:14:42 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/01/23 15:14:42 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/02/07 21:43:21 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/08 15:58:30 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5534744B-AA83-4504-A996-4815F336029C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\David\Desktop\Downloads:Roxio EMC Stream
< End of report >
dcowie
Regular Member
 
Posts: 23
Joined: January 24th, 2010, 9:54 am
Advertisement
Register to Remove

Re: Help needed with browser hijack

Unread postby Jack&Jill » February 9th, 2010, 8:15 pm

Hello dcowie :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Backup your registry with ERUNT
  • Double click on erunt-setup.exe and run the installation setup.
  • Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
  • Continue until you get prompted to run ERUNT at startup. Choose No.
  • Next, make sure Launch ERUNT is checked (ticked) and click Finish.
  • Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.

Fix with OTL
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Double click on OTL.exe to run it.
  • Copy and paste the following text into the white box below Custom Scans/Fixes:
    Code: Select all
    :otl
    SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2209711222-1865678921-789788502-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2009/02/22 08:05:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D339E68-1073-410A-B709-C82E9181DA87}"=-
    "{14F14F68-E02C-4C71-8327-A964AA5A88E3}"=-
    "{25383295-9DC9-44CA-9C82-34875ED0371A}"=-
    "{E6907524-D9BC-489D-8125-86DE3FA0ED28}"=-
    "TCP Query User{62D5E991-9D11-457D-A932-04C3AB7CF169}C:\program files\utorrent\utorrent.exe"=-
    "TCP Query User{C938172B-96AB-4EF7-BC09-ADB101DFC115}C:\program files\pokeroffice\bin\javaw.exe"=-
    "UDP Query User{7E0992F8-790F-4123-B917-3AB4804DEA6A}C:\program files\utorrent\utorrent.exe"=-
    "UDP Query User{D30F39B0-5C03-4EBE-AFA4-67CE69E1B01A}C:\program files\pokeroffice\bin\javaw.exe"=-
    
    :commands
    [resethosts]
    [emptytemp]
  • Click Run Fix.
  • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
  • If requested to reboot, please do so. The log file will open after restart.
  • Enable back your security softwares as soon as you completed the OTL fix steps.

Remove Poker programs
  • From your log, I can see that you've installed poker programs.

    Full Tilt Poker
    PartyPoker
    PokerStove version 1.23


  • A lot of poker programs are infected/can infect you with malware.
  • Go to Control Panel > Add/Remove Programs and uninstall the Poker program(s) listed above (in red).

You may keep and play PokerStars as it is safe.

Please post back:
1. the OTL fix log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Help needed with browser hijack

Unread postby dcowie » February 10th, 2010, 9:27 am

Hi J&J,

Here is the OTL log, as requested:

All processes killed
========== OTL ==========
Service stllssvr stopped successfully!
Service stllssvr deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2209711222-1865678921-789788502-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2209711222-1865678921-789788502-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2209711222-1865678921-789788502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D339E68-1073-410A-B709-C82E9181DA87} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D339E68-1073-410A-B709-C82E9181DA87}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14F14F68-E02C-4C71-8327-A964AA5A88E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14F14F68-E02C-4C71-8327-A964AA5A88E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25383295-9DC9-44CA-9C82-34875ED0371A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25383295-9DC9-44CA-9C82-34875ED0371A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6907524-D9BC-489D-8125-86DE3FA0ED28} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6907524-D9BC-489D-8125-86DE3FA0ED28}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62D5E991-9D11-457D-A932-04C3AB7CF169}C:\program files\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C938172B-96AB-4EF7-BC09-ADB101DFC115}C:\program files\pokeroffice\bin\javaw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7E0992F8-790F-4123-B917-3AB4804DEA6A}C:\program files\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D30F39B0-5C03-4EBE-AFA4-67CE69E1B01A}C:\program files\pokeroffice\bin\javaw.exe deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 93636943 bytes
->Temporary Internet Files folder emptied: 341482736 bytes
->Java cache emptied: 69326328 bytes
->FireFox cache emptied: 44698638 bytes
->Google Chrome cache emptied: 331878283 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1055514 bytes
RecycleBin emptied: 11845209 bytes

Total Files Cleaned = 853.00 mb


OTL by OldTimer - Version 3.1.27.1 log created on 02102010_080253

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_by717FhyJqIJl6Y not found!
File\Folder C:\Windows\temp\mcmsc_Fb5npbsyHdi5j8a not found!
File\Folder C:\Windows\temp\mcmsc_GgfESwSqGGmdwmy not found!
File\Folder C:\Windows\temp\mcmsc_yZ3t2wfKpGdfjBZ not found!
File\Folder C:\Windows\temp\sqlite_Fvsvwj1b0MB3Tca not found!
File\Folder C:\Windows\temp\sqlite_H5Yoen7wZkr2ZEv not found!
File\Folder C:\Windows\temp\sqlite_scXFIeBZbtEE093 not found!
File\Folder C:\Windows\temp\sqlite_WmM4MgA1WkFAbwF not found!

Registry entries deleted on Reboot...
dcowie
Regular Member
 
Posts: 23
Joined: January 24th, 2010, 9:54 am

Re: Help needed with browser hijack

Unread postby Jack&Jill » February 10th, 2010, 11:56 am

Hello dcowie :),

For your security programs, please choose one between Windows Defender and Spybot to prevent conflict and uninstall the other. Do stay away from P2P and cracked/illegal programs as they will expose you to threats.

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Go to Start > Run.... Copy and paste the following text into the white box:
    ComboFix /uninstall
    Click OK.
  • Run OTL by double clicking on OTL.exe. Click on CleanUp at the upper right corner, proceed to reboot if prompted.
  • Delete the CKScanner and GMER (kt5yy707.exe) files, plus the SysProt folder on your desktop .
  • Delete any logs on the desktop.
  • Uninstall HijackThis
    • Open HijackThis.
    • Go to Open the Misc Tools section by clicking on the box.
    • Scroll down until the bottom and under the Uninstall HijackThis section, click on Uninstall HijackThis & exit button.
    • Click Yes if prompted.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore. A recovery feature will only be useful if it is clean from malwares. See Windows Vista System Restore Guide for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications. If you decide to install WinPatrol, it would be advisable to uninstall both Windows Defender and Spybot to prevent conflict.

6. Install SiteHound or Web of Trust (WOT). SiteHound and WOT keeps you from dangerous websites with warnings and blockings. Please choose one only.

7. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

10. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.

Stay safe.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Help needed with browser hijack

Unread postby dcowie » February 10th, 2010, 12:05 pm

Jack & Jill,

A huge thanks for all of your assistance and advice. It is hard to get such high quality help anywhere these days, let alone from someone freely volunteering their time and efforts.

Bravo I say!

cheers

DC
dcowie
Regular Member
 
Posts: 23
Joined: January 24th, 2010, 9:54 am

Re: Help needed with browser hijack

Unread postby Jack&Jill » February 10th, 2010, 12:07 pm

Hello dcowie :),

You are most welcome. Take care.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Help needed with browser hijack

Unread postby Gary R » February 11th, 2010, 12:01 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 169 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware