Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Vista help


bellabear
 Share

Recommended Posts

I posted this in the wrong section the first time I'm so computer challenged I didn't realize this message meant I had a virus :)

so here is my original post

New Member

*

Group: Members

Posts: 1

Joined: Today, 09:03 PM

Member No.: 60,076

I'm not really computer savy so I'm hopefully posting this in the right category. I have a Dell laptop with Vista that is my only computer. I have been having problems lately - it will all of a sudden say I have added hardware when I have not. After it says that I can't get online for days then all of a sudden it's gone and everything works fine. I use verizon and their diagnostic tool says that my configuration test doesn't pass and it gives this error

C:/Windows/system32/drivers/AVGIDSEH.sys

I have no idea what this means or if it can be fixed. I would appreciate any help I can get - with instruction I can find my away around pretty good but I really need instruction. I have Ad aware and Avast and they have found nothing that they say is malicious.

HELP - please :)

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

OTL logfile created on: 11/22/2010 7:43:49 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mikkii\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218.20 Gb Total Space | 181.50 Gb Free Space | 83.18% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 8.61 Gb Free Space | 58.77% Space Free | Partition Type: NTFS

Computer Name: MIKKII-PC | User Name: Mikkii | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 07:43:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mikkii\Downloads\OTL.exe

PRC - [2010/11/22 00:22:14 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/11/22 00:22:10 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/09/03 14:08:10 | 002,618,368 | ---- | M] () -- C:\Users\Mikkii\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe

PRC - [2010/08/10 19:35:14 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2010/05/21 10:13:54 | 000,166,944 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe

PRC - [2010/05/21 10:13:52 | 000,378,088 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RPS.exe

PRC - [2010/05/21 10:12:56 | 000,382,208 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

PRC - [2010/04/01 23:43:40 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/03 15:16:58 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe

PRC - [2010/03/03 15:16:54 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

PRC - [2010/03/03 15:16:52 | 004,281,584 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

PRC - [2010/02/02 03:32:46 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2009/11/02 15:26:48 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Verizon\Verizon Internet Security Suite\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe

PRC - [2009/04/13 08:50:14 | 000,497,496 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe

PRC - [2009/04/13 08:48:12 | 000,828,656 | ---- | M] (Dell Inc.) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/12/14 23:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe

PRC - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe

PRC - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/10/04 13:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/09/04 00:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2008/09/04 00:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2008/09/04 00:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2008/09/04 00:29:10 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2008/08/27 00:29:00 | 001,662,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2008/06/05 19:07:00 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2008/06/05 19:07:00 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/04/19 15:44:18 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe

PRC - [2007/04/19 15:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe

PRC - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe

========== Modules (SafeList) ==========

MOD - [2010/11/22 07:43:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mikkii\Downloads\OTL.exe

MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/22 00:22:10 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/11/18 06:38:39 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Verizon\Verizon Internet Security Suite\BitDefender\scan.dll -- (scan)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/08/10 19:35:14 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2010/05/21 10:13:54 | 000,166,944 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe -- (Radialpoint Security Services)

SRV - [2010/05/21 10:12:56 | 000,382,208 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe -- (RP_FWS)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 15:16:58 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)

SRV - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/12/19 15:23:43 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)

SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\Verizon\Verizon Internet Security Suite\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)

SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/06/08 11:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)

SRV - [2009/06/08 11:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)

SRV - [2009/04/13 08:48:12 | 000,828,656 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)

SRV - [2009/03/11 08:49:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/01/20 19:16:20 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)

SRV - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)

SRV - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\iastor.sys -- (iaStor)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\avgtdix.sys -- (Avgtdix)

DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)

DRV - [2010/11/15 09:51:52 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/07/13 08:34:44 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)

DRV - [2010/07/12 03:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (avgfwfd)

DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon\Verizon Internet Security Suite\BitDefender\trufos.sys -- (trufos)

DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon\Verizon Internet Security Suite\BitDefender\profos.sys -- (profos)

DRV - [2009/11/02 15:27:00 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon\Verizon Internet Security Suite\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)

DRV - [2009/11/02 15:27:00 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon\Verizon Internet Security Suite\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)

DRV - [2009/11/02 15:27:00 | 000,027,800 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon\Verizon Internet Security Suite\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)

DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\system32\drivers\bdfsfltr.sys -- (bdfsfltr)

DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)

DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_VISTA)

DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2008/12/14 23:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2008/12/09 00:25:14 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/09/18 12:09:12 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)

DRV - [2008/09/04 00:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/09/02 04:19:22 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)

DRV - [2008/09/01 05:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

DRV - [2008/07/04 00:35:48 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)

DRV - [2008/06/12 00:59:32 | 000,017,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)

DRV - [2008/06/12 00:59:28 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)

DRV - [2008/06/12 00:59:26 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)

DRV - [2008/06/12 00:59:24 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)

DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: "IMBooster4web-en Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006

FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..network.proxy.backup.ftp: ""

FF - prefs.js..network.proxy.backup.ftp_port: 0

FF - prefs.js..network.proxy.backup.gopher: ""

FF - prefs.js..network.proxy.backup.gopher_port: 0

FF - prefs.js..network.proxy.backup.socks: ""

FF - prefs.js..network.proxy.backup.socks_port: 0

FF - prefs.js..network.proxy.backup.ssl: ""

FF - prefs.js..network.proxy.backup.ssl_port: 0

FF - prefs.js..network.proxy.ftp: "128.195.54.161 "

FF - prefs.js..network.proxy.gopher: "128.195.54.161 "

FF - prefs.js..network.proxy.http: "128.195.54.161 "

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "128.195.54.161 "

FF - prefs.js..network.proxy.ssl: "128.195.54.161 "

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 13:29:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 19:16:53 | 000,000,000 | ---D | M]

[2009/04/19 21:47:32 | 000,000,000 | ---D | M] -- C:\Users\Mikkii\AppData\Roaming\Mozilla\Extensions

[2010/11/17 17:12:33 | 000,000,000 | ---D | M] -- C:\Users\Mikkii\AppData\Roaming\Mozilla\Firefox\Profiles\rjrnacy4.default\extensions

[2010/11/17 19:17:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mikkii\AppData\Roaming\Mozilla\Firefox\Profiles\rjrnacy4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/17 19:17:01 | 000,000,000 | ---D | M] -- C:\Users\Mikkii\AppData\Roaming\Mozilla\Firefox\Profiles\rjrnacy4.default\extensions\moveplayer@movenetworks.com

[2009/08/12 02:58:06 | 000,000,894 | ---- | M] () -- C:\Users\Mikkii\AppData\Roaming\Mozilla\Firefox\Profiles\rjrnacy4.default\searchplugins\conduit.xml

[2009/10/22 00:54:53 | 000,003,915 | ---- | M] () -- C:\Users\Mikkii\AppData\Roaming\Mozilla\Firefox\Profiles\rjrnacy4.default\searchplugins\sweetim.xml

[2010/11/17 16:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/02/09 20:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkcontent@iminent

[2010/01/24 14:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com

[2009/12/19 15:23:20 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - Reg Error: Value error. File not found

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Mikkii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Mikkii\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-3894260281-2026575353-562149296-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Mikkii\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Mikkii\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{5419301c-32e2-11de-a6b9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{5419301c-32e2-11de-a6b9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found

O33 - MountPoints2\{ea09d3c6-57b3-11de-85b5-00242bfef952}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 23:21:21 | 000,000,000 | ---D | C] -- C:\Users\Mikkii\AppData\Roaming\Malwarebytes

[2010/11/20 23:21:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/20 23:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/11/20 23:21:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/20 23:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/18 21:36:34 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2010/11/18 21:36:33 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2010/11/18 21:36:29 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2010/11/18 21:36:25 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2010/11/18 21:36:19 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2010/11/18 21:35:54 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2010/11/18 21:35:54 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2010/11/18 21:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/11/18 21:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/11/17 16:44:02 | 000,000,000 | ---D | C] -- C:\Users\Mikkii\AppData\Roaming\DMCache

[2010/11/17 16:05:56 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

[2010/11/12 00:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar

[2010/11/12 00:06:59 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2010/11/12 00:05:14 | 000,000,000 | ---D | C] -- C:\Users\Mikkii\AppData\Local\Sunbelt Software

[2010/11/11 22:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010/11/11 22:55:51 | 000,000,000 | ---D | C] -- C:\Users\Mikkii\AppData\Local\OpenCandy

[2010/11/11 22:55:39 | 000,000,000 | ---D | C] -- C:\Users\Mikkii\AppData\Roaming\OpenCandy

[2010/11/11 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\Mikkii\AppData\Roaming\CBS Interactive

[2010/11/11 22:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2010/11/10 00:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/11/10 00:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/11/01 17:22:59 | 000,000,000 | ---D | C] -- C:\Users\Mikkii\AppData\Roaming\AVG10

[2010/11/01 17:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10

[2010/11/01 17:14:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG

[2010/11/01 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/11/01 15:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2010/10/27 07:23:38 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/10/27 07:23:35 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/10/27 07:23:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2009/03/28 02:27:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll

[2009/03/28 02:27:26 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll

[2009/03/28 02:27:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll

[2009/03/28 02:27:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll

[2009/03/28 02:27:25 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll

[2009/03/28 02:27:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll

[2009/03/28 02:27:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll

[2009/03/28 02:27:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll

[2009/03/28 02:27:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll

[2009/03/28 02:27:21 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll

[2009/03/28 02:27:20 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll

[2009/03/28 02:27:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/11/22 07:06:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/22 06:45:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/22 00:16:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/22 00:16:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/21 17:50:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/21 16:34:43 | 000,006,756 | ---- | M] () -- C:\Users\Mikkii\AppData\Local\d3d9caps.dat

[2010/11/21 15:48:52 | 331,075,443 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/11/21 14:47:17 | 000,669,814 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/11/21 14:47:17 | 000,128,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/11/21 14:36:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/11/20 23:21:13 | 000,000,844 | ---- | M] () -- C:\Users\Mikkii\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/11/20 23:21:13 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/18 21:36:35 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/11/18 21:36:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2010/11/17 22:39:48 | 000,000,540 | ---- | M] () -- C:\Windows\System32\PDBootState

[2010/11/15 09:51:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/11/11 23:00:48 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/11/11 23:00:48 | 000,001,957 | ---- | M] () -- C:\Users\Mikkii\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/11 22:55:52 | 000,001,121 | ---- | M] () -- C:\Users\Mikkii\Downloads\Desktop\CNET TechTracker.lnk

[2010/11/11 22:55:52 | 000,001,095 | ---- | M] () -- C:\Users\Mikkii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk

[2010/11/11 22:55:46 | 000,001,033 | ---- | M] () -- C:\Users\Mikkii\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/11/11 22:55:46 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/11/11 22:29:17 | 000,001,065 | ---- | M] () -- C:\Users\Mikkii\Downloads\Desktop\Revo Uninstaller.lnk

[2010/11/11 20:24:08 | 001,601,484 | ---- | M] () -- C:\AVGInstLog.cab

[2010/11/10 09:11:10 | 000,001,750 | ---- | M] () -- C:\Users\Mikkii\Downloads\Desktop\Mozilla Firefox.lnk

[2010/11/10 09:10:02 | 000,002,129 | ---- | M] () -- C:\Users\Mikkii\Downloads\Desktop\QuickBooks Simple Start 2009.lnk

[2010/11/01 18:44:04 | 098,169,251 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/10/31 21:40:52 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2010/10/31 21:40:52 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2010/10/26 05:59:44 | 000,036,352 | ---- | M] () -- C:\Users\Mikkii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/11/20 23:21:13 | 000,000,844 | ---- | C] () -- C:\Users\Mikkii\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/11/20 23:21:13 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/18 21:36:35 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/11/12 00:44:08 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2010/11/11 23:00:48 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/11/11 23:00:48 | 000,001,957 | ---- | C] () -- C:\Users\Mikkii\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/11 22:56:28 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/11 22:56:24 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/11 22:55:52 | 000,001,121 | ---- | C] () -- C:\Users\Mikkii\Downloads\Desktop\CNET TechTracker.lnk

[2010/11/11 22:55:52 | 000,001,095 | ---- | C] () -- C:\Users\Mikkii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk

[2010/11/11 22:55:46 | 000,001,033 | ---- | C] () -- C:\Users\Mikkii\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/11/11 22:55:46 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/11/11 22:29:17 | 000,001,065 | ---- | C] () -- C:\Users\Mikkii\Downloads\Desktop\Revo Uninstaller.lnk

[2010/11/11 16:30:57 | 331,075,443 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/11/10 09:11:10 | 000,001,750 | ---- | C] () -- C:\Users\Mikkii\Downloads\Desktop\Mozilla Firefox.lnk

[2010/11/10 09:10:02 | 000,002,129 | ---- | C] () -- C:\Users\Mikkii\Downloads\Desktop\QuickBooks Simple Start 2009.lnk

[2010/11/07 21:49:16 | 001,601,484 | ---- | C] () -- C:\AVGInstLog.cab

[2010/11/01 18:44:04 | 098,169,251 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/10/30 13:25:01 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2010/10/30 13:25:01 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2010/09/03 00:43:54 | 000,004,795 | ---- | C] () -- C:\Users\Mikkii\AppData\Roaming\Rim.Desktop.Exception.log

[2010/09/03 00:41:55 | 000,001,649 | ---- | C] () -- C:\Users\Mikkii\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

[2010/02/16 22:27:02 | 000,004,015 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/01/25 00:27:39 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI

[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys

[2009/08/18 17:28:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/07/27 21:05:13 | 000,262,144 | ---- | C] () -- C:\Users\Mikkii\AppData\Roaming\DataSafeDotNet.exe

[2009/05/25 20:45:56 | 000,006,756 | ---- | C] () -- C:\Users\Mikkii\AppData\Local\d3d9caps.dat

[2009/03/30 17:31:09 | 000,036,352 | ---- | C] () -- C:\Users\Mikkii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/28 03:22:53 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

[2009/03/28 02:32:21 | 000,000,364 | ---- | C] () -- C:\Windows\Lexstat.ini

[2009/03/28 02:27:27 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll

[2009/03/28 02:27:26 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll

[2009/03/22 19:03:15 | 000,000,063 | ---- | C] () -- C:\Windows\st_affiliate.ini

[2009/03/20 11:13:05 | 000,010,704 | ---- | C] () -- C:\Users\Mikkii\AppData\Roaming\wklnhst.dat

[2009/03/11 11:11:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll

[2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\txmlutil.dll

[2007/02/07 18:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini

[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

[2007/01/22 09:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/06/07 14:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll

[2006/03/27 12:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll

[2006/03/07 12:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll

[2006/01/10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll

[2006/01/10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Unicode (All) ==========

[2010/01/24 17:30:31 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????4???????????????????????) -- C:\Windows\System32\?????????????????????????

???????????????????

[2009/07/07 01:25:16 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????4???????????????????????) -- C:\Windows\System32\?????????????????????????

???????????????????

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 11/22/2010 7:43:49 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mikkii\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218.20 Gb Total Space | 181.50 Gb Free Space | 83.18% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 8.61 Gb Free Space | 58.77% Space Free | Partition Type: NTFS

Computer Name: MIKKII-PC | User Name: Mikkii | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3894260281-2026575353-562149296-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{105F4C58-8E78-4562-AA83-BBE9F7903DE9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9197F310-ACAD-47FB-89E1-59C206B5FB39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08F030AA-7CF7-423D-8070-746BF1C7EC9B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |

"{098CEB57-97C3-462C-BDDF-D9247EFE1470}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{0BB12215-746F-4012-830B-69F7A0FC3099}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |

"{11FF587A-7D74-4AC6-8E29-CF00B49FC0B9}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |

"{301D5816-C502-4F98-98EA-C3F249F6ABFE}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |

"{38651308-8A2C-4A95-A300-4E072487A0B4}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |

"{5784910C-49FF-45F0-A00C-A073FB5AF2B8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |

"{6D54CA53-A8E5-4458-806B-85D1FF47E608}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |

"{75144286-BE5F-4C46-84F6-2B695637D755}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{89952193-82C8-4DC8-A910-E1ACF791C9DA}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |

"{96930635-2083-4817-AC54-5889154EE8E1}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |

"{A65B43EB-4680-479A-9E39-9DDA908337A7}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{A6EDBE7E-2232-4AB1-B0C8-3F2E47FD42E4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{B6411DBE-0BC5-47A2-ADF5-366AC3D71FA9}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |

"{CF7F4D5A-EFD7-4C36-8AFB-113F789036A8}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |

"{D39912C4-E13E-4668-BB67-09A18093B74D}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |

"{DBA443FE-695F-4F26-A3D3-082A7CFDFA63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E264EB7F-E0E8-4C50-91A4-75F0F8A46C6E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{EC4E2899-04C6-49E3-9687-FB491BBB082C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{011A2240-08DF-45BB-AA4E-1A78637CCF80}" = RPS CRT

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4502

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{1B626AE0-EE88-4412-AAC0-FB21995A0C57}" = H&R Block Michigan 2009

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17

"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack

"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4A901FC6-0E9B-47C7-9DB0-2AB4AC176467}" = RPS PerfectDiskStub

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6A639C91-E8C1-4F7B-8B5F-C962F30A75D5}" = Verizon Internet Security Suite

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8BF18D7C-15DC-410D-93A3-0AC6D0429B78}" = RPS CRT

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009

"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BDA3089B-BDDD-4786-AE1A-4D474E49E780}" = RPS RpsCore

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery

"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"Ad-Aware" = Ad-Aware

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast5" = avast! Free Antivirus

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"GoToAssist" = GoToAssist 8.0.0.514

"Lexmark 1200 Series" = Lexmark 1200 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.18

"Revo Uninstaller" = Revo Uninstaller 1.90

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3894260281-2026575353-562149296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CNET TechTracker" = CNET TechTracker

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/17/2010 6:04:56 PM | Computer Name = Mikkii-PC | Source = VSS | ID = 8194

Description =

Error - 11/17/2010 6:09:01 PM | Computer Name = Mikkii-PC | Source = VSS | ID = 8194

Description =

Error - 11/17/2010 6:13:35 PM | Computer Name = Mikkii-PC | Source = VSS | ID = 8194

Description =

Error - 11/17/2010 6:38:46 PM | Computer Name = Mikkii-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/17/2010 7:17:02 PM | Computer Name = Mikkii-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/17/2010 8:19:34 PM | Computer Name = Mikkii-PC | Source = Windows Search Service | ID = 3038

Description =

Error - 11/17/2010 8:19:43 PM | Computer Name = Mikkii-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/17/2010 8:20:14 PM | Computer Name = Mikkii-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 11/17/2010 8:20:14 PM | Computer Name = Mikkii-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 11/17/2010 8:23:09 PM | Computer Name = Mikkii-PC | Source = System Restore | ID = 8209

Description =

[ System Events ]

Error - 11/21/2010 6:52:51 PM | Computer Name = Mikkii-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 11/21/2010 6:53:01 PM | Computer Name = Mikkii-PC | Source = DCOM | ID = 10005

Description =

Error - 11/21/2010 6:53:01 PM | Computer Name = Mikkii-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 11/21/2010 6:53:01 PM | Computer Name = Mikkii-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 11/21/2010 8:30:25 PM | Computer Name = Mikkii-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 11/21/2010 8:30:33 PM | Computer Name = Mikkii-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 11/21/2010 9:16:46 PM | Computer Name = Mikkii-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 11/21/2010 10:48:37 PM | Computer Name = Mikkii-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 11/22/2010 12:32:14 AM | Computer Name = Mikkii-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 11/22/2010 7:45:58 AM | Computer Name = Mikkii-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

< End of report >

Link to post
Share on other sites

I am trying to do this portion

Please Download Rootkit Unhooker Save it to your desktop.

* extract RKUnhooker to your desktop

Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -

you can get a free one from here - http://www.7-zip.org/

* Now double-click on RKUnhookerLE.exe to run it.

* Click the Report tab, then click Scan.

* Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.

* Wait till the scanner has finished and then click File, Save Report.

* Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

I did this portion as it would not allow me to do RKUnhookerLE.exe so I did download the

Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -

you can get a free one from here - http://www.7-zip.org/

it still will not allow me to open the RKUnhookerLE.exe - it just flashes my screen is all it does

Link to post
Share on other sites

Hi, can you please let me know if you have set a proxy server for firefox to use?

Also, can you please post me the RKU log?

It will not let me do the RKU portion at all - my screen flashes even after I downloaded the 7 zip program.

I don't know how to tell you if I have set a proxy server for firefox to use.

Link to post
Share on other sites

Hi, lets just skip RKU for now then.

If you don't know how to set a proxy for firefox, its unlikely you did that, so lets assume its a malicious one. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi, lets just skip RKU for now then.

If you don't know how to set a proxy for firefox, its unlikely you did that, so lets assume its a malicious one. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

I disabled everything in my tray. Yet hen I went to download ComboFix it says that Bit defender must be turned off. I don't even show Bit defender as being on my computer anymore. I uninstalled it MONTHS ago and it hasn't shown up in my Control panel under programs in a long time. How do I get this turned off - The message I got says do not hit OK until I do this as it may cause machine damage....YEEKS

Link to post
Share on other sites

Hi, I see Avast, AVG and some BitDefender leftovers. Which Antivirus are you actually using?

AVG and Bitdefender were removed - AVG really messed my computer up right from install so I uninstalled - same with bitdefender. I then still showed them under programs though so I installed Revo Uninstaller (The Hunter) and supposedly they are supposed to be gone. They no longer show under my programs installed portion under Control Panel.

I hope that makes sense - I'm really not a true blonde but sometimes with this computer stuff I feel like the peroxide is taking over :D YEEKS

I appreciate all your hard work.

Whoops - just re read this forgot to say I'm supposed to be using Avast. I do scan with ad aware every day as well. Then my DSL is verizon and they have their security pack on there too.

Link to post
Share on other sites

I'm really not a true blonde but sometimes with this computer stuff I feel like the peroxide is taking over YEEKS
Well, I am a legit blonde, but I can assure you some of the stuff is still there. :D

Please run AVG remover to get rid of all AVG leftovers.

Since the Verizon security pack also contains an antivirus, best is to either uninstall that or Avast (whichever you prefer).

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

When done, let me know how things are running.

Link to post
Share on other sites

Well, I am a legit blonde, but I can assure you some of the stuff is still there. :D

Please run AVG remover to get rid of all AVG leftovers.

Since the Verizon security pack also contains an antivirus, best is to either uninstall that or Avast (whichever you prefer).

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

When done, let me know how things are running.

I ran AVG remover. Question for you which would you go with Avast or Verizon? How do I get rid of the Bit Defender left overs? :D

I do so appreciate your help :D

Link to post
Share on other sites

I'd go with avast, and I suspect that Verizon is in fact BitDefencer (large companies like Verizon often have contracts with AV companies that allow them to "rename" the product for their customers).

However, that is my personal preference, if you like Verizon better, there is nothing wrong with it (although in my experience avast has a better detection rate).

Link to post
Share on other sites

I'd go with avast, and I suspect that Verizon is in fact BitDefencer (large companies like Verizon often have contracts with AV companies that allow them to "rename" the product for their customers).

However, that is my personal preference, if you like Verizon better, there is nothing wrong with it (although in my experience avast has a better detection rate).

GREAT thanks!!!!!! so much :D

Link to post
Share on other sites

Same to you. :D However, we are not done yet, still some updating to do.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

How is your original problem now? Did you get any more of those error messages? If not, please monitor your computers behavior a bit more to see if it doesn't return (since you mentioned it was at random).

Link to post
Share on other sites

Same to you. :D However, we are not done yet, still some updating to do.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

How is your original problem now? Did you get any more of those error messages? If not, please monitor your computers behavior a bit more to see if it doesn't return (since you mentioned it was at random).

I got rid of Verizon and only running Avast. Running windows firewall (is that good enough)? If not what should I be running?

I am currently trying to run the MBAM - it did not ask to update and it's been running for an hour and 17 minutes (it currently says not responding) in the upper box along the top) now it's running again and is at 1 hour and 22 minutes.

Link to post
Share on other sites

SHEW I got scared :D

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5160

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

11/23/2010 1:57:14 PM

mbam-log-2010-11-23 (13-57-14).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 271653

Time elapsed: 1 hour(s), 54 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

The good thing is that nothing was found. :D Lets do one last scan for leftovers. Do you have any problem left?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

The good thing is that nothing was found. :D Lets do one last scan for leftovers. Do you have any problem left?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
      so far so good. I will run this scan now.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.