Jump to content

Recommended Posts

Using Vista OS. one of users cannot run many or most applications including MBAM, skype, overdrive, and itunes. Went to another user on same computer and all run OK so it is isolated to single User ID. Running full scan using MBAM yielded the following log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6696

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19048

5/27/2011 11:53:30 PM

mbam-log-2011-05-27 (23-53-30).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 461958

Time elapsed: 3 hour(s), 44 minute(s), 20 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\Users\Gail\AppData\Local\san.exe (Trojan.ExeShell.Gen) -> 6408 -> Failed to unload process.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Gail\AppData\Local\san.exe (Trojan.ExeShell.Gen) -> Delete on reboot.

Followed directions and quarantened the trojan, rebooted and result was more of the same.

Forum moderator recommended run "shell.reg" and got the following message on an unaffected user:

"Cannot import XC:\users\business be there\downloads\shell.reg: Not all data successfully written to the registry. Some keys are open by the system or other processes."

Applications seem to go into a loop. Programs like Skype will not run, returning this message: "C;\program file\skype\phone\skype.exe. Application not found." Skye will run on other users.

If try to run iTunes, get the following: "Choose the program to open this file." -- And it shows Internet Explorer as the only option. If I run Internet Explorer at that point, it goes into a loop, returning to the same message "Choose...".

Did another full scan with MBAM and that is showing no infections. Can't figure what to do next - one suggestion was Combofix but not sure I should do that.

Thanks for any help you can provide.

Link to post
Share on other sites

Hello, lets see what we can do about this. First of all, it is very important you run the following steps from the affected userprofile!

Right click the OTL download link and select "Save link/target as...". Save the file as OTL.com to the desktop of your affected userprofile.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL

OTL logfile created on: 5/29/2011 12:45:14 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Gail\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 76.06% Memory free

7.21 Gb Paging File | 5.93 Gb Available in Paging File | 82.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.04 Gb Total Space | 165.58 Gb Free Space | 57.49% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.65 Gb Free Space | 56.54% Space Free | Partition Type: NTFS

Computer Name: SIMEON2640-PC | User Name: Gail | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 12:43:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.com

PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2011/02/26 20:14:02 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2010/12/26 20:42:53 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe

PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

PRC - [2009/05/30 21:21:49 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe

PRC - [2009/02/09 21:33:14 | 000,128,848 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe

PRC - [2009/01/23 11:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2004/04/18 09:57:58 | 000,663,635 | ---- | M] (Wireless Security Corporation) -- C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe

========== Modules (SafeList) ==========

MOD - [2011/05/29 12:43:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.com

MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj02.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)

SRV - [2009/05/30 21:21:49 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)

SRV - [2009/01/23 11:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2004/04/18 09:57:58 | 000,663,635 | ---- | M] (Wireless Security Corporation) [Auto | Running] -- C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe -- (WSCNetManager)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2008/07/26 11:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)

DRV - [2008/07/26 11:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008/07/26 11:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/10/29 05:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/08/20 01:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2007/08/20 01:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2004/04/18 09:57:58 | 000,076,640 | ---- | M] (Wireless Security Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WscNetDr.sys -- (WscNetDr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com

IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf2.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2857573

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"

FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="

FF - prefs.js..browser.search.order.1: "Fast Browser Search"

FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.startsearcher.com"

FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={92C31287-CAC7-EFA6-7B83-043B9D245C30}&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/18 09:11:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2010/09/29 14:31:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2011/05/28 00:12:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010/12/10 10:57:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 16:25:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 16:25:25 | 000,000,000 | ---D | M]

[2008/09/01 15:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gail\AppData\Roaming\Mozilla\Extensions

[2011/05/22 12:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\t67wgkiw.default\extensions

[2009/07/01 08:47:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\t67wgkiw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/07/27 17:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\t67wgkiw.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}

[2009/07/27 17:16:29 | 000,005,407 | ---- | M] () -- C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\t67wgkiw.default\searchplugins\fast-browser-search.xml

[2011/03/02 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/14 19:01:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/25 18:50:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/18 18:27:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/02/23 22:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2009/12/18 09:11:31 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2010/09/29 14:31:30 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME

[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/24 00:14:28 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png

[2010/10/24 00:14:28 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110528001233.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf2.dll (Conduit Ltd.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf2.dll (Conduit Ltd.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files\Elf_1.13\prxtbElf2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)

O4 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001..\Run: [iLike] File not found

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{bf245cbe-ed61-11dc-b483-001aa06884df}\Shell - "" = AutoRun

O33 - MountPoints2\{bf245cbe-ed61-11dc-b483-001aa06884df}\Shell\AutoRun\command - "" = F:\LaunchU3.exe

O33 - MountPoints2\{e1457a90-2760-11de-b7a9-001aa06884df}\Shell - "" = AutoRun

O33 - MountPoints2\{e1457a90-2760-11de-b7a9-001aa06884df}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001..exefile [open] -- "C:\Users\Gail\AppData\Local\san.exe" -a "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\...exe [@ = exefile] -- "C:\Users\Gail\AppData\Local\san.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 12:43:36 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.com

[2011/05/29 00:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/05/28 23:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO

[2011/05/25 19:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/05/25 19:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/05/25 19:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/05/25 19:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/05/22 12:55:42 | 000,000,000 | ---D | C] -- C:\Users\Gail\Documents\My Digital Editions

[2011/05/22 12:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2011/05/20 11:51:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\plants

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 12:43:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.com

[2011/05/29 12:43:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4200203018-2206613247-3673778174-1000UA.job

[2011/05/29 12:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/29 12:30:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/29 12:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/29 12:29:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2011/05/29 10:16:16 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4D4EE44C-7601-4C1B-8B68-BD1694A817E2}.job

[2011/05/29 09:53:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/29 09:53:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/29 08:25:49 | 000,000,151 | ---- | M] () -- C:\Users\Gail\Desktop\Facebook (2).url

[2011/05/29 00:31:24 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2011/05/29 00:30:39 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job

[2011/05/29 00:30:32 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/28 23:37:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/05/28 21:05:43 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A14F5039-ADD9-42D8-A3C3-E09D7556BDFC}.job

[2011/05/28 19:43:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4200203018-2206613247-3673778174-1000Core.job

[2011/05/28 08:30:30 | 000,599,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/28 08:30:30 | 000,103,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/28 00:04:27 | 000,000,494 | ---- | M] () -- C:\Users\Gail\Desktop\WhitePages.com - Online Directory Assistance (4).url

[2011/05/28 00:02:32 | 000,000,216 | ---- | M] () -- C:\Users\Gail\Desktop\PAPA JOHNS STERLING, VA - Bing.url

[2011/05/28 00:00:51 | 000,000,293 | ---- | M] () -- C:\Users\Gail\Desktop\Google Maps.url

[2011/05/27 22:56:04 | 000,011,122 | -HS- | M] () -- C:\Users\Gail\AppData\Local\8lvux411nw1454

[2011/05/27 22:56:04 | 000,011,122 | -HS- | M] () -- C:\ProgramData\8lvux411nw1454

[2011/05/26 08:58:10 | 000,000,260 | ---- | M] () -- C:\Users\Gail\Desktop\WhitePages.com - Online Directory Assistance (3).url

[2011/05/25 19:25:58 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/05/25 19:17:13 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2011/05/25 19:17:13 | 000,001,854 | ---- | M] () -- C:\Users\Gail\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/05/24 13:54:40 | 275,978,558 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/05/22 12:55:29 | 000,001,985 | ---- | M] () -- C:\Users\Gail\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk

[2011/05/20 09:30:30 | 000,056,320 | ---- | M] () -- C:\Users\Gail\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/11 15:00:57 | 000,000,940 | ---- | M] () -- C:\Users\Gail\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2011/05/03 10:05:42 | 000,000,280 | ---- | M] () -- C:\Users\Gail\Desktop\Free People Search WhitePages (2).url

[2011/05/01 21:10:29 | 000,092,593 | ---- | M] () -- C:\Users\Gail\Documents\GABBB.jpg

[2011/04/30 20:36:39 | 000,000,195 | ---- | M] () -- C:\Users\Gail\Desktop\Leila Zackrison M.D..url

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 08:25:49 | 000,000,151 | ---- | C] () -- C:\Users\Gail\Desktop\Facebook (2).url

[2011/05/27 10:14:21 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2011/05/26 09:07:56 | 000,011,122 | -HS- | C] () -- C:\Users\Gail\AppData\Local\8lvux411nw1454

[2011/05/26 09:07:56 | 000,011,122 | -HS- | C] () -- C:\ProgramData\8lvux411nw1454

[2011/05/25 19:25:58 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/05/25 19:17:13 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2011/05/22 12:55:29 | 000,001,985 | ---- | C] () -- C:\Users\Gail\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk

[2011/05/22 12:55:28 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk

[2011/05/01 21:10:29 | 000,092,593 | ---- | C] () -- C:\Users\Gail\Documents\GABBB.jpg

[2011/04/30 20:36:39 | 000,000,195 | ---- | C] () -- C:\Users\Gail\Desktop\Leila Zackrison M.D..url

[2010/10/18 15:58:40 | 000,000,010 | ---- | C] () -- C:\Users\Gail\AppData\Roaming\install

[2010/10/04 08:01:53 | 000,000,680 | ---- | C] () -- C:\Users\Gail\AppData\Local\d3d9caps.dat

[2009/09/17 20:59:36 | 000,000,724 | ---- | C] () -- C:\Users\Gail\AppData\Roaming\wklnhst.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/29 19:49:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/05/29 19:37:32 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2008/11/12 21:33:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2008/11/12 21:33:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2008/03/28 12:46:02 | 000,020,220 | ---- | C] () -- C:\Users\Gail\AppData\Local\internal.grp

[2008/03/06 00:10:00 | 000,004,436 | ---- | C] () -- C:\Windows\ULEAD32.INI

[2008/02/29 11:41:44 | 000,000,074 | ---- | C] () -- C:\Windows\m2kpw.ini

[2008/02/16 11:58:00 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll

[2008/02/16 11:58:00 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv

[2008/02/07 22:25:34 | 000,025,296 | ---- | C] () -- C:\Users\Gail\AppData\Roaming\Comma Separated Values (Windows).ADR

[2008/02/05 18:59:24 | 000,056,320 | ---- | C] () -- C:\Users\Gail\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/05 18:30:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/02/01 16:38:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/02/01 16:38:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/02/01 16:38:40 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/02/01 16:38:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe

[2008/02/01 16:38:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

[2008/02/01 08:55:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2007/03/19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll

[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll

[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll

[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll

[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll

[2007/03/19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll

[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll

[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll

[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll

[2007/03/19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll

[2007/03/19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll

[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,375,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,599,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,103,088 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

----------------------------------------------------------------------------------------------------------

extras

OTL Extras logfile created on: 5/29/2011 12:45:14 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Gail\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 76.06% Memory free

7.21 Gb Paging File | 5.93 Gb Available in Paging File | 82.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.04 Gb Total Space | 165.58 Gb Free Space | 57.49% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.65 Gb Free Space | 56.54% Space Free | Partition Type: NTFS

Computer Name: SIMEON2640-PC | User Name: Gail | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4200203018-2206613247-3673778174-1001\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- "C:\Users\Gail\AppData\Local\san.exe" -a "%1" %*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" %*

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{062E8B3D-28AE-4191-ABCB-1C67E367DCA8}" = lport=445 | protocol=6 | dir=in | app=system |

"{1B2DB2EC-3059-43A9-95AA-2CB83F85FAAE}" = lport=137 | protocol=17 | dir=in | app=system |

"{234C5863-D8B9-42DE-9EE9-3FC4F6A3BEB3}" = rport=445 | protocol=6 | dir=out | app=system |

"{49452E0C-0217-48A0-B3FC-9A72440B43D7}" = rport=137 | protocol=17 | dir=out | app=system |

"{6DED48CB-2873-4543-A1D2-5ED8BB943783}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{70CB0A7C-797B-4227-9621-01A9E3082769}" = rport=138 | protocol=17 | dir=out | app=system |

"{A4DFACAC-6C83-4C6D-BDCE-30EFCEDB7A88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{D156111D-A547-41B6-AF6D-A09B88562858}" = rport=139 | protocol=6 | dir=out | app=system |

"{D3121A62-CD14-4698-801F-515B836ADBEC}" = lport=139 | protocol=6 | dir=in | app=system |

"{F81C01D0-FE31-433E-9D65-6C681FB14310}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1845F5E8-029D-4AE9-8D3E-473949A1A0B0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{48DE6FD8-82A3-4599-AA75-D391C4BE5575}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{512A4C37-E9A5-43C1-9500-3774AFDB6BE7}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{58AD5465-1C5A-4D54-BEDA-DDE1B39C5E6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5B445ECD-0326-4CF2-96B1-CF9E52402FBF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{63597DAD-E9D1-4AA7-BCAC-ADBBE1D7F426}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{66CC559F-8855-4D5C-8140-53B8885B8506}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{673F3B3D-5BC2-4EA0-8996-77DF39242FF3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{73748969-7064-4817-9CF1-F8F60A184948}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{7C13E07F-B09F-4523-89F9-9E37417D61AB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{7EAD79F6-1B23-400F-BBB8-7C108ED2A3D8}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{8EBB95DD-F8A2-44DC-867D-2CF91C3B3FD1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{95515E92-D8B2-401E-8C16-F0E0275B4D2A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{9F53C912-DA29-4AE5-A04C-5336FFD17290}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{A9626720-06B2-4835-8E8C-52B82F0E0C93}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{BA606AB6-F55D-49C0-A91F-04877D08E2A4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{D6BCE41A-41B4-457B-A732-12974AD286C2}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{E121E8A6-B495-445D-A985-3460D9D1472C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{E1E61F42-10D2-46F8-A690-172E6C2CF843}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E7AD5AB6-4737-4FFA-B31B-4781601059B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{ED72FF4A-4A62-410C-B094-51D8F8688264}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"TCP Query User{B29AFF62-369A-4C60-9F65-C7955D940809}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"UDP Query User{72DCDE1D-AFCC-49B0-8705-DCDD7E9D7AF5}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0F907A69-6332-4F87-AD74-3C91A627D2C6}" = H&R Block Virginia 2009

"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010

"{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese

"{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German

"{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese

"{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian

"{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{188F8473-75E0-4210-9E5A-1292A566A506}" = Linksys Wireless Guard

"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light

"{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 24

"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility

"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)

"{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish

"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{352256F0-7853-4193-9A46-9EF1E573A3F1}" = NetLibrary Media Center

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam

"{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6230F503-51D7-4BA2-9007-34ACDD31D182}" = TaxCut Virginia 2007

"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese

"{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish

"{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish

"{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot

"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center

"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation

"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr

"{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai

"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish

"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar

"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager

"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008

"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1

"{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian

"{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static

"{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish

"{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional

"{C7AEF8E5-A62C-4BFD-8044-AF96219AA390}" = H&R Block Virginia 2010

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Please run the following fix and then let me know how things are running.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    O35 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001..exefile [open] -- "C:\Users\Gail\AppData\Local\san.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-4200203018-2206613247-3673778174-1001\...exe [@ = exefile] -- "C:\Users\Gail\AppData\Local\san.exe" -a "%1" %*

    :commands
    [emptytemp]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

OTL stopped working in the middle and a Windows Update was requested. I clicked 'OK' acknowledging that message. Screen with just background wallpaper appeared, no ICONs, no START bar etc. Hit ctl-alt-delete and log off from that user that way and windows screen appeared with all users, so picked infected user and got back to what looks like a normal screen. Tried skype and overdrive and malwarebytes antimaleware and all came up and look to be working normally. Itunes comes up OK but says it is not default and would like to set associations to make it default which I do but it keeps coming up with same message - will try again after reboot.

So it looks like fix worked but not sure what the OTL stopped working and windows update was all about.

Here is the report that OTL generated:

Files\Folders moved on Reboot...

File\Folder C:\Users\Gail\AppData\Local\Temp\Low\~DF596.tmp not found!

C:\Users\Gail\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

The entry stops there. But all things looking normal. Am I OK at this point? What was the OTL stopped working and windows update all about and should I worry about it? Thanks for your help. Very appreciative.

SunnyDay

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

cannot figure out how to tempararily disable McAfee. Instructions in your response pertain to MCAfee Security Center - ours is McAfee Total Protection and instructions for diabling Security Center are not applicable to Total Protection. So I went into McAfee My Accounts and deactivated McAfee for this computer and ran Combofix and it stopped with the following message: "Combofix had detected the following real time scanner to be active: antivirus and antispyware: McAfee Anti-Virus and Anti-Spyware. ... are known to interfere with Combofix's running ... may lead to unpredictable results or possible machine damage. Please diable before clicking OK."

Am still trying to disable but so far can't see how outside of a de-install.

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Restart your computer and tap the F8 key until the Advanced Boot Options menu comes up.

Select Safe Mode with Networking and press enter.

You will see a list of drivers rolling over the screen, after which the welcome screen comes up.

Select your userprofile and after the desktop loads, run combofix.

Link to post
Share on other sites

Ran combofix in safe mode. Did not get Microsoft Windows Recovery Console screen or Info screen with "Congratulations!!! etc", so guess that Microsoft Recovery Console is already installed??? Started back up in regular mode and all things seem same as before, skype and some other applications look to be loading normal -- and same message for iTunes as before but it appears to be coming up OK.

Thanks again for your help...

c:\Combofix/txt Log:

ComboFix 11-05-30.06 - Gail 05/30/2011 17:18:19.1.2 - x86 NETWORK

Microsoft

Link to post
Share on other sites

itunes: "iTunes has detected that it is not the default player for audio files. Would you like to go to the Default Programs control panel to fix this?" Yes or No. I click Yes everytime. Upon which "Set Program Associations" window comes up with all iTunes related stuff checked as 'Current Default' and all Window Media Player unchecked - this includes several items under Extensions and several under Protocols. Save or Cancel. I always pick Save. iTunes looks to be working correctly.

Link to post
Share on other sites

Don't intend to uninstall/reinstall iTunes as that would lose the music etc that is currently been loaded. Problem not overwhelming so we will live with it.

The simplest solution might be just to reinstall iTunes. If you can do that, please try it (first uninstall, then redownload and reinstall).

Link to post
Share on other sites

Hi, lets do some final updating and scanning in that case. :)

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a quick scan. Post me the resulting log.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.