Jump to content

Broswer Search Redirect searchclick9.com then virus warnings


Recommended Posts

Three days ago my browser search results started getting directed through yahoo and google. AOL search seems unaffected. Everything I have found online about the searchclick redirect talks about searchclick7.com or searchclick8.com Mine displays as searchlcick9.com and then brings up all these fake virus warning sites. It happens with FireFox and Internet explorer.

I have run adaware, malwarebytes, and kaspersky. It did find several items that were removed, but nothing has detected the redirect.

Please Help.

Thank You,

Chad

DS (Ver_09-12-01.01) - NTFSX64

Run by CCote at 17:42:45.81 on Thu 03/04/2010

Internet Explorer: 8.0.6001.18882

Microsoft

Attach.zip

Link to post
Share on other sites

Hello, and welcome to Malwarebytes forum!

Lets see if we can start fixing this B)

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Elise - Thank you for your help.

I should note that since my original post, I replaced my 2007 version of Kaspersky Internet Security with the 2010 version. It didn't find anything additional.

I ran OTL. Here are the results.

OTL logfile created on: 3/6/2010 4:40:16 PM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\CCote\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.85 Gb Total Space | 385.22 Gb Free Space | 84.51% Space Free | Partition Type: NTFS

Drive D: | 9.91 Gb Total Space | 1.34 Gb Free Space | 13.54% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 326.77 Gb Free Space | 70.16% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 247.22 Mb Total Space | 188.89 Mb Free Space | 76.41% Space Free | Partition Type: FAT

Computer Name: CCOTE-PC

Current User Name: CCote

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/06 16:39:41 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\CCote\Desktop\OTL.exe

PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

PRC - [2009/10/10 12:32:18 | 000,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2009/10/10 12:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe

PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2008/07/26 08:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

PRC - [2008/03/20 01:25:43 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/03/20 01:25:42 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2007/08/23 01:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/07/12 19:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007/05/29 17:19:06 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe

PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

PRC - [2007/03/08 17:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe

PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

PRC - [2005/09/09 00:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe

========== Modules (SafeList) ==========

MOD - [2010/03/06 16:39:41 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\CCote\Desktop\OTL.exe

MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj07.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/07 15:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2010/01/07 15:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2008/07/26 08:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2008/07/26 08:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)

SRV:64bit: - [2008/02/27 19:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)

SRV:64bit: - [2008/02/27 19:53:29 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/10/18 06:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)

SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)

SRV - [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/03/29 23:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008/02/27 19:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)

SRV - [2007/08/23 01:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/08/23 01:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/05/29 17:19:06 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)

SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/04 23:11:17 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)

DRV:64bit: - [2009/10/14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)

DRV:64bit: - [2009/10/02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/09/14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)

DRV:64bit: - [2009/09/01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)

DRV:64bit: - [2009/07/14 13:18:49 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WudfPf.sys -- (WudfPf)

DRV:64bit: - [2009/04/11 00:39:35 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WinUSB.sys -- (WinUSB)

DRV:64bit: - [2009/04/11 00:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV:64bit: - [2009/03/19 15:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/12/23 02:47:52 | 000,188,416 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/12/03 21:20:24 | 001,686,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)

DRV:64bit: - [2008/07/26 15:26:44 | 005,068,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)

DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2008/07/26 15:26:00 | 000,067,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvsels64.sys -- (lvsels64)

DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2008/07/26 08:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2008/07/26 08:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2008/05/08 04:27:00 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)

DRV:64bit: - [2008/05/08 04:25:12 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2008/05/08 04:24:08 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)

DRV:64bit: - [2008/02/26 08:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)

DRV:64bit: - [2008/01/20 21:50:35 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\umpass.sys -- (UMPass)

DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008/01/20 21:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)

DRV:64bit: - [2008/01/20 21:46:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)

DRV:64bit: - [2007/10/18 06:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)

DRV:64bit: - [2007/07/31 18:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl64)

DRV:64bit: - [2007/07/12 11:35:44 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2007/01/15 16:44:04 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)

DRV:64bit: - [2006/11/08 02:27:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)

DRV:64bit: - [2006/06/19 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

DRV - [2008/01/20 21:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUSB)

DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2006/06/19 09:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)

DRV - [2000/05/31 13:20:34 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\MrtRate.sys -- (mrtRate)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1073224397-70436487-4154996722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-1073224397-70436487-4154996722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-1073224397-70436487-4154996722-1000\S-1-5-21-1073224397-70436487-4154996722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://hp-desktop.aol.com/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/04 23:46:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/04 23:46:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/03/04 22:55:11 | 000,000,000 | ---D | M]

[2008/07/06 21:22:51 | 000,000,000 | ---D | M] -- C:\Users\CCote\AppData\Roaming\Mozilla\Extensions

[2010/03/04 17:33:23 | 000,000,000 | ---D | M] -- C:\Users\CCote\AppData\Roaming\Mozilla\Firefox\Profiles\nszrddl3.default\extensions

[2009/09/03 23:05:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\CCote\AppData\Roaming\Mozilla\Firefox\Profiles\nszrddl3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/09/24 17:20:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\CCote\AppData\Roaming\Mozilla\Firefox\Profiles\nszrddl3.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2010/03/04 22:56:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/03/04 22:56:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/03/01 19:11:27 | 000,001,494 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 89.149.210.60 www.google.com

O1 - Hosts: 89.149.210.60 www.google.de

O1 - Hosts: 89.149.210.60 www.google.fr

O1 - Hosts: 89.149.210.60 www.google.co.uk

O1 - Hosts: 89.149.210.60 www.google.com.br

O1 - Hosts: 89.149.210.60 www.google.co.jp

O1 - Hosts: 89.149.210.60 www.google.com.mx

O1 - Hosts: 89.149.210.60 www.google.gr

O1 - Hosts: 89.149.210.60 www.google.se

O1 - Hosts: 89.149.210.60 www.google.it

O1 - Hosts: 89.149.210.60 www.google.dk

O1 - Hosts: 89.149.210.60 www.google.ie

O1 - Hosts: 89.149.210.60 www.google.fi

O1 - Hosts: 89.149.210.60 www.google.ca

O1 - Hosts: 89.149.210.60 www.google.com.au

O1 - Hosts: 89.149.210.60 www.google.co.za

O1 - Hosts: 89.149.210.60 www.google.be

O1 - Hosts: 89.149.210.60 www.google.at

O1 - Hosts: 89.149.210.60 www.google.no

O1 - Hosts: 89.149.210.60 www.google.ch

O1 - Hosts: 89.149.210.60 www.google.pt

O1 - Hosts: 89.149.210.60 search.yahoo.com

O1 - Hosts: 89.149.210.60 us.search.yahoo.com

O1 - Hosts: 1 more lines...

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-1073224397-70436487-4154996722-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Reg Error: Value error. File not found

O3 - HKU\S-1-5-21-1073224397-70436487-4154996722-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [lxdxamon] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe File not found

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)

O4 - HKLM..\Run: [sunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1073224397-70436487-4154996722-1000..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-1073224397-70436487-4154996722-1000..\Run: [bTBFirstRun] C:\Program Files (x86)\Hewlett-Packard\SDP\HPRun.exe (Hewlett-Packard Company)

O4 - HKU\S-1-5-21-1073224397-70436487-4154996722-1000..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()

O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://elite.huronconsultinggroup.com/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdn.smugmug.com/photos/activex/Imag....1.0-082608.cab (Image Uploader Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: Geni Publisher http://www.geni.com/plugins/genipublisher.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)

O24 - Desktop WallPaper: C:\Users\CCote\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\CCote\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1fc67e7a-f13f-11dc-bffe-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1fc67e7a-f13f-11dc-bffe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\KIS7EN.EXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 16:39:41 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\CCote\Desktop\OTL.exe

[2010/03/04 23:42:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/03/04 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2010/03/04 22:54:24 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2010/03/04 22:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2010/03/04 22:47:18 | 073,543,224 | ---- | C] (Kaspersky Lab) -- C:\Users\CCote\Desktop\kis2010_9.0.0.736en.exe

[2010/03/04 00:21:22 | 016,372,000 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\CCote\Desktop\jre-6u18-windows-x64.exe

[2010/03/03 23:59:04 | 000,000,000 | ---D | C] -- C:\Users\CCote\AppData\Local\Threat Expert

[2010/03/03 23:57:30 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old

[2010/03/03 23:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor

[2010/03/03 23:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/03/03 22:50:25 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2010/03/03 22:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/03/02 22:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2010/03/02 22:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2010/03/02 22:19:56 | 000,000,000 | ---D | C] -- C:\Users\CCote\AppData\Roaming\AVG8

[2010/03/02 22:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/03/02 20:19:20 | 000,000,000 | ---D | C] -- C:\Users\CCote\AppData\Roaming\Malwarebytes

[2010/03/02 20:19:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/03/02 20:19:15 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/03/02 20:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/03/02 20:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/03/01 23:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2010/02/24 11:18:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2010/02/24 11:18:13 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2010/02/24 11:17:58 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll

[2010/02/24 11:17:58 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll

[2010/02/24 11:17:57 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll

[2010/02/24 11:17:57 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll

[2010/02/24 11:17:56 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe

[2010/02/24 11:17:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe

[2010/02/24 11:17:56 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe

[2010/02/24 11:17:56 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe

[2010/02/24 11:17:56 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll

[2010/02/24 11:17:56 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2010/02/24 11:17:56 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe

[2010/02/24 11:17:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

[2010/02/24 11:17:56 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

[2010/02/24 11:17:56 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll

[2010/02/24 11:17:56 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2010/02/24 11:17:56 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll

[2010/02/24 11:17:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll

[2010/02/24 11:17:56 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll

[2010/02/24 11:17:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll

[2010/02/24 11:17:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2010/02/24 11:17:51 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2010/02/24 11:17:51 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2010/02/24 11:17:51 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll

[2010/02/24 11:17:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll

[2010/02/10 09:39:02 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2010/02/10 09:39:02 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2010/02/10 09:39:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll

[2010/02/10 09:39:02 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll

[2010/02/10 09:39:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll

[2010/02/10 09:39:02 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll

[2010/02/10 09:39:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll

[2010/02/10 09:39:01 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll

[2010/02/10 09:39:01 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2010/02/10 09:39:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2010/02/10 09:38:55 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2008/08/27 16:58:00 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll

[2008/08/27 16:58:00 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll

[2008/08/27 16:58:00 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll

[2008/08/27 16:57:59 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll

[2008/08/27 16:57:59 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll

[2008/08/27 16:57:59 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll

[2008/08/27 16:57:59 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll

[2008/08/27 16:57:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll

[2008/08/27 16:57:58 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll

[2008/08/27 16:57:58 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll

[2005/08/31 20:33:54 | 000,092,672 | ---- | C] ( ) -- C:\Windows\SysWow64\DVDRead.dll

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/06 16:44:59 | 004,194,304 | -HS- | M] () -- C:\Users\CCote\ntuser.dat

[2010/03/06 16:39:41 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\CCote\Desktop\OTL.exe

[2010/03/06 16:39:15 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{06FA76CF-9163-481F-86DA-3153BE214B79}.job

[2010/03/06 16:35:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/06 16:35:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/06 16:35:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/06 16:35:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/06 16:35:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/06 16:35:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2010/03/06 00:26:03 | 000,524,288 | -HS- | M] () -- C:\Users\CCote\ntuser.dat{c36a32d4-187d-11de-bcf7-001fc610130c}.TMContainer00000000000000000001.regtrans-ms

[2010/03/06 00:26:03 | 000,065,536 | -HS- | M] () -- C:\Users\CCote\ntuser.dat{c36a32d4-187d-11de-bcf7-001fc610130c}.TM.blf

[2010/03/06 00:25:57 | 004,231,482 | -H-- | M] () -- C:\Users\CCote\AppData\Local\IconCache.db

[2010/03/06 00:06:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/05 13:11:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/03/04 23:11:17 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2010/03/04 22:56:38 | 000,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat

[2010/03/04 22:56:38 | 000,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat

[2010/03/04 22:47:18 | 073,543,224 | ---- | M] (Kaspersky Lab) -- C:\Users\CCote\Desktop\kis2010_9.0.0.736en.exe

[2010/03/04 18:30:28 | 000,002,646 | ---- | M] () -- C:\Users\CCote\Desktop\Attach.zip

[2010/03/04 18:02:57 | 000,293,376 | ---- | M] () -- C:\Users\CCote\Desktop\e42g5q26.exe

[2010/03/04 17:42:28 | 000,524,288 | ---- | M] () -- C:\Users\CCote\Desktop\dds.scr

[2010/03/04 17:37:37 | 000,000,000 | ---- | M] () -- C:\Users\CCote\defogger_reenable

[2010/03/04 17:36:30 | 000,050,477 | ---- | M] () -- C:\Users\CCote\Desktop\Defogger.exe

[2010/03/04 00:41:54 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/03/04 00:21:22 | 016,372,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\CCote\Desktop\jre-6u18-windows-x64.exe

[2010/03/03 22:50:24 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2010/03/03 13:56:59 | 010,391,552 | ---- | M] () -- C:\Users\CCote\Documents\CHAD.mny

[2010/03/03 13:56:54 | 002,110,706 | R--- | M] () -- C:\Users\CCote\Documents\CHAD Backup_2010-03-03_135651.mbf

[2010/03/02 23:55:11 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/03/02 23:55:11 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/03/02 23:55:11 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/03/02 22:13:04 | 000,001,930 | ---- | M] () -- C:\Users\CCote\Desktop\HijackThis.lnk

[2010/03/02 20:19:19 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/01 22:40:38 | 000,005,505 | ---- | M] () -- C:\Users\CCote\Desktop\61ac6f9618b7bb1a.jpg

[2010/03/01 22:29:29 | 000,027,648 | ---- | M] () -- C:\Users\CCote\Desktop\Nominee Distributions Lois 09.doc

[2010/03/01 16:10:42 | 002,112,234 | R--- | M] () -- C:\Users\CCote\Documents\CHAD Backup_2010-03-01_161039.mbf

[2010/03/01 15:36:59 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini

[2010/02/25 10:22:37 | 000,113,720 | ---- | M] () -- C:\Users\CCote\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/25 10:21:54 | 000,510,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/02/11 20:01:27 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/02/07 22:40:38 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2049/12/31 16:00:00 | 000,115,985 | ---- | C] () -- C:\Users\CCote\Desktop\_MG_0950.jpg

[2049/12/31 16:00:00 | 000,113,879 | ---- | C] () -- C:\Users\CCote\Desktop\_MG_0935.jpg

[2049/12/31 16:00:00 | 000,071,673 | ---- | C] () -- C:\Users\CCote\Desktop\_MG_0936.jpg

[2010/03/04 22:56:38 | 000,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat

[2010/03/04 22:56:38 | 000,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat

[2010/03/04 18:30:27 | 000,002,646 | ---- | C] () -- C:\Users\CCote\Desktop\Attach.zip

[2010/03/04 18:02:53 | 000,293,376 | ---- | C] () -- C:\Users\CCote\Desktop\e42g5q26.exe

[2010/03/04 17:42:28 | 000,524,288 | ---- | C] () -- C:\Users\CCote\Desktop\dds.scr

[2010/03/04 17:37:37 | 000,000,000 | ---- | C] () -- C:\Users\CCote\defogger_reenable

[2010/03/04 17:36:29 | 000,050,477 | ---- | C] () -- C:\Users\CCote\Desktop\Defogger.exe

[2010/03/04 00:28:51 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/03/03 23:57:30 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old

[2010/03/03 23:55:56 | 000,012,826 | ---- | C] () -- C:\Users\CCote\AppData\Local\dd_vcredistUI61D9.txt

[2010/03/03 23:55:55 | 000,374,354 | ---- | C] () -- C:\Users\CCote\AppData\Local\dd_vcredistMSI61D6.txt

[2010/03/03 23:55:55 | 000,013,542 | ---- | C] () -- C:\Users\CCote\AppData\Local\dd_vcredistUI61D6.txt

[2010/03/03 13:56:54 | 002,110,706 | R--- | C] () -- C:\Users\CCote\Documents\CHAD Backup_2010-03-03_135651.mbf

[2010/03/02 22:13:04 | 000,001,930 | ---- | C] () -- C:\Users\CCote\Desktop\HijackThis.lnk

[2010/03/02 20:19:19 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/01 22:40:51 | 000,005,505 | ---- | C] () -- C:\Users\CCote\Desktop\61ac6f9618b7bb1a.jpg

[2010/03/01 22:25:56 | 000,027,648 | ---- | C] () -- C:\Users\CCote\Desktop\Nominee Distributions Lois 09.doc

[2010/03/01 16:10:42 | 002,112,234 | R--- | C] () -- C:\Users\CCote\Documents\CHAD Backup_2010-03-01_161039.mbf

[2010/01/19 13:02:41 | 000,004,096 | -H-- | C] () -- C:\Users\CCote\AppData\Local\keyfile3.drm

[2009/09/11 09:10:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/11 09:09:40 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/05/14 12:54:52 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini

[2009/01/27 17:44:55 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008/12/14 14:12:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt

[2008/08/31 11:08:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Effects

[2008/08/31 11:08:35 | 000,000,268 | RH-- | C] () -- C:\Users\CCote\AppData\Roaming\Drum Kits

[2008/08/31 11:08:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT

[2008/08/31 11:08:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Clav

[2008/08/31 11:08:33 | 000,000,268 | RH-- | C] () -- C:\Users\CCote\AppData\Roaming\Drums

[2008/08/31 11:00:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT

[2008/08/27 16:59:18 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll

[2008/08/27 16:59:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll

[2008/08/27 16:59:18 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll

[2008/08/27 16:58:01 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll

[2008/08/27 16:58:00 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll

[2008/07/24 23:13:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Enhance Timing

[2008/07/24 23:13:34 | 000,000,268 | RH-- | C] () -- C:\Users\CCote\AppData\Roaming\Echo

[2008/07/24 23:10:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT

[2008/05/10 23:46:59 | 000,000,000 | ---- | C] () -- C:\Users\CCote\AppData\Roaming\CopyToGo.dat

[2008/05/01 19:38:32 | 000,000,592 | ---- | C] () -- C:\Users\CCote\AppData\Roaming\wklnhst.dat

[2008/04/29 20:34:12 | 000,014,848 | ---- | C] () -- C:\Users\CCote\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/28 20:16:01 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2008/04/28 20:05:40 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini

[2008/04/28 20:05:21 | 000,000,677 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2008/02/22 08:24:11 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2008/02/22 08:12:40 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll

[2008/02/22 08:12:40 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 3/6/2010 4:40:16 PM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\CCote\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.85 Gb Total Space | 385.22 Gb Free Space | 84.51% Space Free | Partition Type: NTFS

Drive D: | 9.91 Gb Total Space | 1.34 Gb Free Space | 13.54% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 326.77 Gb Free Space | 70.16% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 247.22 Mb Total Space | 188.89 Mb Free Space | 76.41% Space Free | Partition Type: FAT

Computer Name: CCOTE-PC

Current User Name: CCote

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1073224397-70436487-4154996722-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07BCBCD4-08BA-4EF5-BF57-43C9C0E445B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{0C96D6BA-C562-44B7-9C28-533D29E60B4D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{0DC1CCA2-A6C7-472B-AA88-0CEA0578FFA6}" = lport=3390 | protocol=6 | dir=in | app=system |

"{11D021BA-940A-4D6C-9EDF-E1723D923B55}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1260A4DD-7D37-45E5-9074-DB1D527DDC7F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1471CC51-D13D-443F-A419-8D01CDC077FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{181B76FE-F72B-4175-A57A-6ABCC1B354F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{181CD921-D6FA-481D-9447-D0A28920AE1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{18AD5681-0D95-4533-86C3-11AF36451173}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{23AB4AFB-F098-4AB6-9C1F-264BDA7E62E0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{2740D198-0702-4773-9712-D9E2283C0C34}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2C952C20-9CC0-4D5A-A3FC-015168EAAE28}" = lport=10244 | protocol=6 | dir=in | app=system |

"{31E354F3-A61B-4EBC-8B98-584D34C69344}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{31E88A9C-65AF-475E-A03F-86647DFB4BF4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{390D8550-5FB8-405E-8A29-B68005D5E26D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3D524BD0-74DA-4857-B0EC-B2EE6CFF2F69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{463EC8A2-3D6E-41CC-97D7-993D0A1922B4}" = rport=10244 | protocol=6 | dir=out | app=system |

"{470C1666-2C5D-4711-B32C-668E944CB458}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5228714E-6FF1-4779-96D2-B8A53E1C0790}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{5328F864-CDF3-4E4E-8F57-BA2230DB34CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{539B90E9-AD1C-411D-B11E-E20564771450}" = rport=137 | protocol=17 | dir=out | app=system |

"{592B578D-830C-4DF2-B44E-C32AEF79374C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{61FC4CED-1357-49D6-B9B8-6220C68B54E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{64768F9F-96D6-4EEA-8E2E-834FEAD6A949}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{697C4C9D-52ED-4F02-A2A2-FA2E4FFEB1D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{737E674E-078B-4574-ADF3-CDC77982864C}" = rport=10244 | protocol=6 | dir=out | app=system |

"{756DD9CC-B777-4DE8-831F-8C82257D85A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7662993D-3D34-4418-85F5-AD810D975224}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{7F712307-2831-490C-A2B7-933E416DC404}" = lport=138 | protocol=17 | dir=in | app=system |

"{7F941A6E-0A51-4644-A64D-6E713DA24255}" = lport=137 | protocol=17 | dir=in | app=system |

"{83234CEA-EABB-4FB0-B43F-4FEB3497699D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{881E73F9-98CB-4B52-830D-9722AEF8E016}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{897D094B-05C3-4579-8CF7-544020C6D616}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{8FE07107-4D63-43E5-80DC-680C715E6B5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A4CD05F5-6957-4720-99FA-6876A2648869}" = lport=10244 | protocol=6 | dir=in | app=system |

"{A815C888-5C32-4D5B-B4E5-5599FF492869}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AA1C3E04-C1E8-41E6-BBC4-C5029CC214E0}" = rport=138 | protocol=17 | dir=out | app=system |

"{ABD03FF9-5B70-4FBB-BD25-99A63FABAE5B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{ACC917C5-D867-44B3-8E85-07F9DC806609}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AD8EBABF-50C7-411F-93F0-70EB3179D088}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{B0D94628-BBF3-40CB-8B0E-C7C2016AE4BD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B5C5F854-4265-494B-A50A-DB2E65AFAC9D}" = rport=10243 | protocol=6 | dir=out | app=system |

"{CF029956-F8A2-428F-BCD3-D68A2B9A0927}" = lport=139 | protocol=6 | dir=in | app=system |

"{D0B7BA60-361D-4115-9229-92E76E980C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D23D2994-7012-4E6F-88DE-0BFFDAB3AD95}" = lport=445 | protocol=6 | dir=in | app=system |

"{D491B63C-E73B-4ADA-91D0-5C9C7AC8A3B7}" = rport=139 | protocol=6 | dir=out | app=system |

"{DB54B311-7108-4EDE-888A-2EE47414D19B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E9CAA9D2-B51F-499A-BFD2-6E2149BA7E26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EBFFBAE0-6235-44ED-AC19-15139D5982F1}" = rport=445 | protocol=6 | dir=out | app=system |

"{ECA6BCE1-536C-4179-BAF2-E9257A842284}" = rport=10243 | protocol=6 | dir=out | app=system |

"{EE9DE4FB-3AC2-4EC4-A2EC-CEE3048189B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F3F2F3FC-9089-45C5-8F16-DF69E917CD19}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00D4E695-EB5A-4C6C-BE3D-200064FF6DEA}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{02D4006E-7DF6-495A-B99C-0998353B81BE}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |

"{0695B342-DD43-4FC9-9BCB-16452694955E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |

"{0D463EA8-A810-429C-AA48-EF92A90B6710}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\wireless\lxdxwpss.exe |

"{0DE2472A-9736-4670-82AD-10E5718C0B5D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |

"{0E888E2F-54F8-4800-9E05-6BFE1D330C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{0EB91D7D-CAB4-47EE-A0FF-1F07588D6B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{0EFDC2B2-203E-4E43-BEA7-04FD759D4E52}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |

"{113C3F95-0023-463D-9A96-F4FFC2996504}" = protocol=17 | dir=in | app=c:\users\ccote\appdata\local\temp\lxdx\wireless\lxdxwpss.exe |

"{14345292-61FF-48D8-8C18-B5EEE081663A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{2A5DDB88-D6BD-4155-8421-A24338D615A5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcfg.exe |

"{2A8FEAC7-436E-4FE8-A05F-576D9A548FB6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{2D0AC146-6F6F-4C7C-B0FF-F6E333C81C1B}" = protocol=6 | dir=out | app=system |

"{2E0854FE-591C-496B-9A70-A9F7C6B463C7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{31D23C27-6F2A-4E38-9009-8C18A4B3E8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{33F4EE91-8AC9-4C1E-A143-F8762751954C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{3559A00D-7286-4217-9260-D2360FE6FFFF}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |

"{38064B92-BF7D-4DA7-BB81-A122DAA64ED3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3925DDF5-C6FB-49DD-B576-243A469C500A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |

"{3E044747-0747-4D46-B619-DE088EFF36DB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{41766728-6463-43AF-A585-F63CB68ED42F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{4201774A-99EE-4E5D-ADA5-74A7CB95D79E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

"{43C95A63-CF55-4F41-8053-FB7C2726EFC8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{45D9F75C-7878-49FD-8C26-BE8FDD4D5D99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{47643F21-248C-419B-97FA-5FF5595F319F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{482FCFC3-F51D-4E9F-A0C0-807AC4E7BFC9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{4A59F8E0-C94F-490F-BED1-CAB2049B8882}" = protocol=6 | dir=out | app=system |

"{53993EE1-E902-4173-8783-BB35E7A78BE8}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{55885B61-4E79-46CF-8AD4-6E20D92948CE}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{5BACD651-E18A-4F49-A2A7-E434B914887B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{5BB61705-65E7-4087-ACAD-3635AD92AC12}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvd gold\123copydvd.exe |

"{5CCB56BA-94DB-4C07-8CAF-6D86784C077A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6088922B-547E-4939-AED7-0281D465EFE7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

"{60AE2F76-0C0D-4755-BED9-733813B0E228}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{64E62944-1628-46F6-AB97-14F7968984BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{66A93239-E2E9-4686-9979-82AD7046AD68}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{67E88A61-4720-41A3-825A-E637949EC173}" = protocol=6 | dir=in | app=c:\users\ccote\appdata\local\temp\lxdx\wireless\lxdxwpss.exe |

"{69E14259-83A4-448E-B13F-0E4EC5DF4A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6E0B6DB8-00B5-42BE-B4BD-61C1681F3A8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7296C789-1F2F-4082-A7BA-B1FA5E8D8315}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{774BEF9E-BD1C-4DBD-BA67-8780FBBC99BA}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{7DEF61DB-DCC1-42EA-80D1-9727265A70BC}" = protocol=6 | dir=out | app=system |

"{891CCF86-DD71-4657-B34B-1BDF72119027}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8AA0CB5A-69CE-469A-984D-A118C2F74F62}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\wireless\lxdxwpss.exe |

"{913D39DC-308B-42D1-ADD4-F2AEFE44778A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"{96C76751-0904-4994-8600-BD40DAED0C1F}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |

"{A30028F9-3D04-4398-B1A2-A989F0F6CFE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{A51CC15C-79A5-4A88-B3AC-E7ABCCF8F021}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A555F1B6-B65C-4001-ACF3-E610AE7BA99E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |

"{AE344F46-2662-4AB2-8E54-78C620D11003}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{AE511AB1-7BFE-4EDB-A4AD-87D4F5C9E6A8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{B1F78E64-CEAB-4E75-8E3E-8CF3E0895DB8}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |

"{B8E29B08-D347-48A3-8EFA-BCDE577EB801}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{BAA3E709-B3D3-4850-8856-36F6321E2A7E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{BC9B6321-D6A5-4674-A8E5-2F21404EAF81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{BDFD93AF-9F40-439A-B17D-56FCDE801058}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"{C3CBFEF2-21CA-45D1-A742-68DBEF4BC4B6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{C75AE910-CE13-4E4B-995C-3D51EC4312F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{D198DBE7-050A-4A7F-8B99-17168CF0DC40}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcfg.exe |

"{D83A241E-E7C5-4FC4-AC13-A16FAB158785}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{DC78555C-CD0E-4A65-8164-4D464BC7CE81}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvd gold\123copydvd.exe |

"{DD4B15CD-441F-43C7-BE13-77B38F5370D2}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{DF419447-D37A-472D-8439-B2166469160E}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{EE028E15-BF70-405A-A331-DD5897D3668F}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |

"{F063E04A-D480-4F61-B84E-CBFA338666A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F7F2F4B0-0399-4A46-BE0C-973EF922ED24}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{F96D5C78-F93C-4A88-9F05-1E4ED7F7C4BE}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |

"TCP Query User{13EAC533-4240-4E9F-8597-BF7DC93B0CFC}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe |

"TCP Query User{33FB5B76-BC3D-4D4C-92B8-9C377B5D6422}C:\windows\rundll22.exe" = protocol=6 | dir=in | app=c:\windows\rundll22.exe |

"TCP Query User{825EED48-F5F6-47CF-8B48-ADB09767C969}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{8B5280ED-B915-49F3-AADC-359969DDDABA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{AA05C26C-CE9F-42CE-A978-853A8860EC87}C:\program files (x86)\adobe\photoshop elements 4.0\adobephotoshopelementsmediaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\photoshop elements 4.0\adobephotoshopelementsmediaserver.exe |

"TCP Query User{BA0C4DFB-FAEB-4757-A6DF-D6BEBBE62498}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{E679D9BD-76BD-4EE1-AA77-233A35BD2573}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"UDP Query User{404053A9-1F53-4000-B290-D62D3D21E0E3}C:\program files (x86)\adobe\photoshop elements 4.0\adobephotoshopelementsmediaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\photoshop elements 4.0\adobephotoshopelementsmediaserver.exe |

"UDP Query User{46F7288A-B14D-4210-850E-A01A4DE136A1}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe |

"UDP Query User{52EFC3E0-365A-495B-B4F7-3D502AD217CC}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{54F37C99-373B-4A4A-A21E-F5D1C16C0EEC}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{AD5F9A3A-F3B5-41DD-9CFB-4031CBB217F4}C:\windows\rundll22.exe" = protocol=17 | dir=in | app=c:\windows\rundll22.exe |

"UDP Query User{B518C1F9-2138-464D-A491-0D38D458B350}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"UDP Query User{FD190036-4CFC-4519-912B-AE7C4347A71F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam

"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)

"{3A25872A-0F1C-4989-9435-96C13230F818}" = Apple Mobile Device Support

"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)

"{67DB4BFC-02AA-4806-B3CF-9840F29C92FA}" = Microsoft IntelliType Pro 6.2

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6F4B9839-F409-4D38-89D6-145321400FED}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

" WILLPower" = WILLPower

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochure

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar

"{10291DE0-C37B-4875-85E6-CAC20F022235}" = Trips and Pics

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{20292BBB-C7D7-4526-9E38-42C4A5C2A3A6}" = H&R Block Deluxe + Efile 2009

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth

"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4BAC29B6-145B-49D0-A2FC-A79AE4F606E5}" = TaxCut New York 2008

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

Link to post
Share on other sites

Hello , Lets see if we can get rid of this redirector first :P

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :commands
    [resethosts]
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please launch MBAM and update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

In your next reply, please include the following:

  • OTL report
  • MBAM log

Link to post
Share on other sites

Hi Elise,

I ran OTL with the repaire commands and ran Malwarebytes. The search redirect appears to be gone. Should I do anything else?

Thank You for your help.

Chad

Here are the results.

All processes killed

========== COMMANDS ==========

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: CCote

->Temp folder emptied: 334490 bytes

->Temporary Internet Files folder emptied: 2011140 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 240432 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 668766821 bytes

Total Files Cleaned = 640.00 mb

OTL by OldTimer - Version 3.1.34.0 log created on 03072010_124247

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

File\Folder C:\Users\CCote\AppData\Local\Temp\~DF6F7A.tmp not found!

File\Folder C:\Users\CCote\AppData\Local\Temp\~DF6F81.tmp not found!

File\Folder C:\Users\CCote\AppData\Local\Temp\~DF7229.tmp not found!

File\Folder C:\Users\CCote\AppData\Local\Temp\~DF725A.tmp not found!

File\Folder C:\Users\CCote\AppData\Local\Temp\~DF740A.tmp not found!

File\Folder C:\Users\CCote\AppData\Local\Temp\~DF7456.tmp not found!

File\Folder C:\Users\CCote\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7E15VXJ\iframe[1].html not found!

File\Folder C:\Users\CCote\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7E15VXJ\index[1].htm not found!

C:\Users\CCote\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.44

Database version: 3833

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/7/2010 2:35:17 PM

mbam-log-2010-03-07 (14-35-17).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 397369

Time elapsed: 1 hour(s), 42 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello, glad to hear that :P

Do you have any other problems left?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

OTL logfile created on: 3/8/2010 4:52:19 AM - Run 2

OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Gus\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 14.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 92.96 Gb Total Space | 73.59 Gb Free Space | 79.16% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GUS-B123C432270

Current User Name: Gus

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/08 04:48:54 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gus\My Documents\Downloads\OTL.exe

PRC - [2010/03/07 15:47:39 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

PRC - [2010/02/15 19:24:59 | 001,249,104 | ---- | M] (Billeo, Inc.) -- C:\Program Files\Billeo\billeo.exe

PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/12/21 11:22:00 | 000,049,040 | ---- | M] () -- C:\Program Files\Tether\TBService.exe

PRC - [2009/12/14 18:57:53 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

PRC - [2009/11/06 15:19:44 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe

PRC - [2009/03/10 00:47:48 | 000,492,904 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

PRC - [2009/03/10 00:47:47 | 000,447,848 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

PRC - [2009/03/10 00:47:44 | 004,711,784 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

PRC - [2009/01/07 14:23:50 | 001,496,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe

PRC - [2009/01/07 14:23:48 | 000,440,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

PRC - [2008/12/22 15:55:44 | 001,235,168 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\Unhackme.exe

PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/01 13:00:50 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2007/11/01 12:51:34 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/11/01 12:47:08 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007/11/01 12:40:04 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2007/11/01 12:35:40 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2005/03/10 19:33:40 | 000,106,496 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

PRC - [2005/03/10 18:43:48 | 000,233,472 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinRemote.exe

PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

PRC - [2004/10/14 12:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

PRC - [2004/10/14 08:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010/03/08 04:48:54 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gus\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/03/07 15:47:39 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2009/12/21 11:22:00 | 000,049,040 | ---- | M] () [Auto | Running] -- C:\Program Files\Tether\TBService.exe -- (TetherBerry)

SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/03/10 00:47:47 | 000,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService)

SRV - [2007/11/01 13:00:50 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2007/11/01 12:40:04 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2007/11/01 12:35:40 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/03/07 15:38:54 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)

DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)

DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)

DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)

DRV - [2009/09/25 09:04:42 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/09/25 09:04:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2009/07/31 14:39:56 | 000,045,608 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qrkis.sys -- (qrkis)

DRV - [2009/03/25 05:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2007/08/27 10:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/07/25 15:44:28 | 002,210,048 | ---- | M] (Intel

Link to post
Share on other sites

All processes killed

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temporary Internet Files folder emptied: 204550 bytes

User: Administrator.GUS-B123C432270

->Temporary Internet Files folder emptied: 1952280 bytes

->Flash cache emptied: 405 bytes

User: All Users

->Flash cache emptied: 35 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Gus

->Temp folder emptied: 5469875 bytes

->Temporary Internet Files folder emptied: 31641917 bytes

->Java cache emptied: 17559383 bytes

->FireFox cache emptied: 46953452 bytes

->Flash cache emptied: 42001 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 112094 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 7519718 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 4325370 bytes

%systemroot%\System32 .tmp files removed: 3244561 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 847992 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20895716 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34046 bytes

RecycleBin emptied: 1015 bytes

Total Files Cleaned = 134.00 mb

OTL by OldTimer - Version 3.1.35.0 log created on 03082010_050830

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hello, why did you rerun the OTL fix?

If you have new problems, please post about them here so we can try to fix them together :P Its very hard for me to guess a problem has returned or is not solved only based upon a log without any input from you.

Were you able to do the ESET scan?

Link to post
Share on other sites

HI Elise,

The original OTL looked like it didn't complete properly. I thought I mistyped the scan command. Then I disabled kaspersky during the fix in case it was causing any problems.

I ran the ESET scan overnight. Unfortunately, it didn't give me an option to save the log at the end. It was on step 4 of 4 and it just had a button to uninstall on finish. The end result of the scan was 0 infected files found.

Thanks,

Chad

Link to post
Share on other sites

Good to hear that :D

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :o

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Start OTL and click cleanup, Follow the prompts and allow a reboot..

Hiding Hidden Files

Please set your system to hide all hidden files.

  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
  • Check: Hide file extensions for known file types
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.

Purging System Restore Points

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.