Total Vista Security

View previous topic View next topic Go down

Total Vista Security

Post by Kantwell on Sat Apr 17, 2010 12:59 pm

Hi, all. The other day my laptop was apparently hijacked by one of those fake security programs, this one going under "Total Vista Security." It's blocked me from the internet, so I am posting this topic from a library computer. My operating system is Windows Vista Home Premium, if that's important. (McAfee and Super Anti Spyware don't seem to do any good.) Any help would be much appreciated!

Kantwell
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-04-17
OS OS : Windows Vista Home Premium
Points Points : 24333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security

Post by Belahzur on Sat Apr 17, 2010 3:17 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Vista Security

Post by Kantwell on Mon Apr 19, 2010 5:15 pm

Thanks very much for the reply. (I should point out that, oddly, my internet has started working again, and that the phony anti-virus pop-ups I’d been receiving earlier have ceased. However, it has now become very hard to run programs. When I try to start one, it will give me the “Choose the program you want to use to open this file” window—and choosing the program from the list that I’m trying to start does not always start said program.)



OTL logfile created on: 4/19/2010 3:35:43 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Greg\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 387.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 81.11 Gb Total Space | 9.48 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.40 Gb Free Space | 53.97% Space Free | Partition Type: NTFS
Drive E: | 0.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG-PC
Current User Name: Greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/19 14:46:50 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
PRC - [2009/11/02 20:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/28 22:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 14:46:50 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/24 08:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/28 22:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2009/12/16 17:27:00 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 17:26:58 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 17:26:56 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/10/04 21:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/05/15 00:31:12 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/05/15 00:31:12 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/05/15 00:31:12 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/08 01:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/20 15:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 15:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 15:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/17 19:52:38 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/11 19:10:40 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/11 19:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/11 19:10:38 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/11 19:10:38 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/06 21:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 19:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 19:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\dsproct.sys -- (DSproct)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/02/20 20:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/01/06 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.159.184.225 207.159.171.89
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Greg\AppData\Local\av.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/19 15:33:56 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2010/04/19 14:17:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Camelback Pacific
[2010/04/19 14:15:56 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\to Mystic CT
[2010/04/19 14:15:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\MFSC poster
[2010/04/19 14:15:03 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Atii and Chrono
[2010/04/19 14:14:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\School Daze cover
[2010/04/19 14:13:44 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\C&HR 2-8-4 Berk 4601
[2010/04/14 22:20:57 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 22:20:31 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 22:20:29 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 22:20:05 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/10 00:13:33 | 000,000,000 | ---D | C] -- C:\gmax
[2010/03/31 17:06:48 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Diner details
[2010/03/31 16:50:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Coyote and Horned Toad stuff
[2010/03/31 12:06:08 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 12:06:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 12:06:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 12:06:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 12:06:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 12:06:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 12:05:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 12:05:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 12:05:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 12:05:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 12:05:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 12:05:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 12:05:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 12:05:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 12:05:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/25 17:40:33 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Steam truck
[2 C:\Users\Greg\Desktop\*.tmp files -> C:\Users\Greg\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/19 15:40:40 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CED1C7EC-6F41-4882-9EB1-31CF2D12CE34}.job
[2010/04/19 15:40:21 | 004,194,304 | -HS- | M] () -- C:\Users\Greg\NTUSER.DAT
[2010/04/19 15:26:18 | 000,001,356 | ---- | M] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
[2010/04/19 15:23:37 | 000,507,713 | ---- | M] () -- C:\Users\Greg\Desktop\GoS award comp.png
[2010/04/19 15:22:09 | 000,517,864 | ---- | M] () -- C:\Users\Greg\Desktop\GoS award crop2.png
[2010/04/19 15:19:23 | 000,055,828 | ---- | M] () -- C:\Users\Greg\Desktop\GoS award text2.png
[2010/04/19 14:58:23 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/19 14:58:23 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/19 14:58:23 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/19 14:54:20 | 000,020,035 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/04/19 14:53:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 14:53:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 14:53:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/19 14:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/19 14:46:50 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2010/04/19 14:46:09 | 000,024,064 | ---- | M] () -- C:\Users\Greg\Desktop\Download OTL by OldTimer to your Desktop.doc
[2010/04/19 14:22:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/19 14:22:24 | 000,524,288 | -HS- | M] () -- C:\Users\Greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 14:22:24 | 000,065,536 | -HS- | M] () -- C:\Users\Greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/19 14:22:19 | 003,242,750 | -H-- | M] () -- C:\Users\Greg\AppData\Local\IconCache.db
[2010/04/19 14:06:03 | 000,515,621 | ---- | M] () -- C:\Users\Greg\Desktop\GoS award crop.png
[2010/04/19 14:05:05 | 000,054,556 | ---- | M] () -- C:\Users\Greg\Desktop\GoS award text.png
[2010/04/19 13:45:34 | 000,658,725 | ---- | M] () -- C:\Users\Greg\Desktop\GoS award bgtexture.png
[2010/04/19 13:31:39 | 000,009,898 | -HS- | M] () -- C:\Users\Greg\AppData\Local\3367619789
[2010/04/19 13:31:39 | 000,009,898 | -HS- | M] () -- C:\ProgramData\3367619789
[2010/04/19 12:57:51 | 000,122,880 | ---- | M] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 12:55:37 | 000,020,261 | ---- | M] () -- C:\Users\Greg\Desktop\GoS award.png
[2010/04/19 12:53:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/19 12:46:14 | 000,010,993 | ---- | M] () -- C:\Users\Greg\Documents\GoS Master Mechanic contest award 2.docx
[2010/04/19 02:15:31 | 000,126,802 | ---- | M] () -- C:\Users\Greg\Documents\ES-2(autosave)2.skp
[2010/04/19 01:59:24 | 000,130,011 | ---- | M] () -- C:\Users\Greg\Documents\ES-2(autosave)2.skb
[2010/04/19 00:50:35 | 000,130,216 | ---- | M] () -- C:\Users\Greg\Documents\ES-2(autosave).skp
[2010/04/18 23:59:26 | 000,130,931 | ---- | M] () -- C:\Users\Greg\Documents\ES-2(autosave).skb
[2010/04/18 12:17:44 | 000,012,982 | ---- | M] () -- C:\Users\Greg\Documents\chat topics.docx
[2010/04/18 11:56:17 | 000,009,898 | -HS- | M] () -- C:\ProgramData\jrNYi6G
[2010/04/18 11:56:06 | 000,009,898 | -HS- | M] () -- C:\Users\Greg\AppData\Local\jrNYi6G
[2010/04/18 00:49:23 | 000,121,784 | ---- | M] () -- C:\Users\Greg\Documents\ES-2.skp
[2010/04/18 00:49:15 | 000,120,746 | ---- | M] () -- C:\Users\Greg\Documents\ES-2.skb
[2010/04/17 18:49:48 | 012,832,526 | ---- | M] () -- C:\Users\Greg\Documents\50'boxcar.skp
[2010/04/17 18:49:32 | 012,852,859 | ---- | M] () -- C:\Users\Greg\Documents\50'boxcar.skb
[2010/04/15 14:33:11 | 000,000,162 | -H-- | M] () -- C:\Users\Greg\Desktop\~$o Alex.docx
[2010/04/15 01:00:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/15 00:47:01 | 000,016,546 | ---- | M] () -- C:\Users\Greg\Documents\religious History paper 2 re-write.docx
[2010/04/12 23:14:42 | 000,033,686 | ---- | M] () -- C:\Users\Greg\Documents\chatwithArgie041210.docx
[2010/04/12 23:13:45 | 000,088,539 | ---- | M] () -- C:\Users\Greg\Documents\chatwithKarnes041210.docx
[2010/04/12 21:05:41 | 000,016,272 | ---- | M] () -- C:\Users\Greg\Documents\Atwater Moses transcriptions Religious History.docx
[2010/04/12 12:23:39 | 000,010,660 | ---- | M] () -- C:\Users\Greg\Documents\Spirit Tracks cowcatcher.docx
[2010/04/11 23:39:18 | 000,073,062 | ---- | M] () -- C:\Users\Greg\Documents\chatwithKarnesregardingWorldsEnd(041110).docx
[2010/04/10 00:14:38 | 000,000,506 | ---- | M] () -- C:\Users\Greg\Desktop\gmax.lnk
[2010/04/10 00:00:57 | 019,683,840 | ---- | M] () -- C:\Users\Greg\Desktop\gmax12.exe
[2010/04/04 22:23:41 | 000,012,449 | ---- | M] () -- C:\Users\Greg\Documents\gos contest 2 entries.docx
[2010/04/04 21:22:01 | 000,013,129 | ---- | M] () -- C:\Users\Greg\Documents\GSBW locomotive catalogue.docx
[2010/04/04 16:13:08 | 000,014,011 | ---- | M] () -- C:\Users\Greg\Documents\High Iron script 2.docx
[2010/04/01 01:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/31 18:26:30 | 000,010,460 | ---- | M] () -- C:\Users\Greg\Documents\Sorry.docx
[2010/03/31 17:22:14 | 000,094,777 | ---- | M] () -- C:\Users\Greg\Desktop\gatt.wma
[2010/03/31 01:39:00 | 000,010,296 | ---- | M] () -- C:\Users\Greg\Documents\Ah.docx
[2010/03/30 14:24:04 | 000,019,776 | ---- | M] () -- C:\Users\Greg\Documents\Averroes essay2.docx
[2010/03/30 11:11:13 | 000,019,918 | ---- | M] () -- C:\Users\Greg\Documents\Averroes essay.docx
[2010/03/29 19:36:00 | 000,010,421 | ---- | M] () -- C:\Users\Greg\Documents\Atti bio.docx
[2010/03/26 22:43:17 | 004,640,378 | ---- | M] () -- C:\Users\Greg\Desktop\Diagrams.rar
[2010/03/26 22:36:34 | 000,023,714 | ---- | M] () -- C:\Users\Greg\Documents\epic hot box disintegration 032610.docx
[2010/03/24 18:38:02 | 000,071,990 | ---- | M] () -- C:\Users\Greg\Documents\GSBW.skp
[2010/03/23 14:32:51 | 000,045,387 | ---- | M] () -- C:\Users\Greg\Documents\SEEvictorytheme2.wma
[2010/03/23 14:29:05 | 000,054,367 | ---- | M] () -- C:\Users\Greg\Documents\SEEvictorytheme1.wma
[2 C:\Users\Greg\Desktop\*.tmp files -> C:\Users\Greg\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/19 15:33:56 | 000,024,064 | ---- | C] () -- C:\Users\Greg\Desktop\Download OTL by OldTimer to your Desktop.doc
[2010/04/19 15:23:36 | 000,507,713 | ---- | C] () -- C:\Users\Greg\Desktop\GoS award comp.png
[2010/04/19 15:22:08 | 000,517,864 | ---- | C] () -- C:\Users\Greg\Desktop\GoS award crop2.png
[2010/04/19 15:19:23 | 000,055,828 | ---- | C] () -- C:\Users\Greg\Desktop\GoS award text2.png
[2010/04/19 13:46:01 | 000,054,556 | ---- | C] () -- C:\Users\Greg\Desktop\GoS award text.png
[2010/04/19 13:45:45 | 000,515,621 | ---- | C] () -- C:\Users\Greg\Desktop\GoS award crop.png
[2010/04/19 13:45:32 | 000,658,725 | ---- | C] () -- C:\Users\Greg\Desktop\GoS award bgtexture.png
[2010/04/19 12:55:37 | 000,020,261 | ---- | C] () -- C:\Users\Greg\Desktop\GoS award.png
[2010/04/19 12:43:21 | 000,010,993 | ---- | C] () -- C:\Users\Greg\Documents\GoS Master Mechanic contest award 2.docx
[2010/04/19 02:15:31 | 000,130,011 | ---- | C] () -- C:\Users\Greg\Documents\ES-2(autosave)2.skb
[2010/04/19 01:59:24 | 000,126,802 | ---- | C] () -- C:\Users\Greg\Documents\ES-2(autosave)2.skp
[2010/04/18 01:17:13 | 000,130,931 | ---- | C] () -- C:\Users\Greg\Documents\ES-2(autosave).skb
[2010/04/18 01:15:04 | 000,130,216 | ---- | C] () -- C:\Users\Greg\Documents\ES-2(autosave).skp
[2010/04/17 23:56:07 | 000,120,746 | ---- | C] () -- C:\Users\Greg\Documents\ES-2.skb
[2010/04/17 23:18:29 | 000,009,898 | -HS- | C] () -- C:\ProgramData\3367619789
[2010/04/17 23:18:28 | 000,009,898 | -HS- | C] () -- C:\Users\Greg\AppData\Local\3367619789
[2010/04/17 15:37:33 | 012,852,859 | ---- | C] () -- C:\Users\Greg\Documents\50'boxcar.skb
[2010/04/17 15:36:39 | 012,832,526 | ---- | C] () -- C:\Users\Greg\Documents\50'boxcar.skp
[2010/04/16 21:23:18 | 000,121,784 | ---- | C] () -- C:\Users\Greg\Documents\ES-2.skp
[2010/04/16 21:21:49 | 000,009,898 | -HS- | C] () -- C:\ProgramData\jrNYi6G
[2010/04/16 21:21:48 | 000,009,898 | -HS- | C] () -- C:\Users\Greg\AppData\Local\jrNYi6G
[2010/04/15 14:33:11 | 000,000,162 | -H-- | C] () -- C:\Users\Greg\Desktop\~$o Alex.docx
[2010/04/15 00:47:00 | 000,016,546 | ---- | C] () -- C:\Users\Greg\Documents\religious History paper 2 re-write.docx
[2010/04/12 23:14:41 | 000,033,686 | ---- | C] () -- C:\Users\Greg\Documents\chatwithArgie041210.docx
[2010/04/12 23:13:43 | 000,088,539 | ---- | C] () -- C:\Users\Greg\Documents\chatwithKarnes041210.docx
[2010/04/12 12:23:38 | 000,010,660 | ---- | C] () -- C:\Users\Greg\Documents\Spirit Tracks cowcatcher.docx
[2010/04/11 23:29:59 | 000,073,062 | ---- | C] () -- C:\Users\Greg\Documents\chatwithKarnesregardingWorldsEnd(041110).docx
[2010/04/10 00:14:38 | 000,000,506 | ---- | C] () -- C:\Users\Greg\Desktop\gmax.lnk
[2010/04/10 00:00:55 | 019,683,840 | ---- | C] () -- C:\Users\Greg\Desktop\gmax12.exe
[2010/04/08 12:38:41 | 000,016,272 | ---- | C] () -- C:\Users\Greg\Documents\Atwater Moses transcriptions Religious History.docx
[2010/04/04 16:15:15 | 000,012,982 | ---- | C] () -- C:\Users\Greg\Documents\chat topics.docx
[2010/04/04 16:14:11 | 000,013,129 | ---- | C] () -- C:\Users\Greg\Documents\GSBW locomotive catalogue.docx
[2010/03/31 23:44:53 | 000,014,011 | ---- | C] () -- C:\Users\Greg\Documents\High Iron script 2.docx
[2010/03/31 18:35:19 | 000,012,449 | ---- | C] () -- C:\Users\Greg\Documents\gos contest 2 entries.docx
[2010/03/31 18:26:20 | 000,010,460 | ---- | C] () -- C:\Users\Greg\Documents\Sorry.docx
[2010/03/31 01:38:59 | 000,010,296 | ---- | C] () -- C:\Users\Greg\Documents\Ah.docx
[2010/03/30 14:24:03 | 000,019,776 | ---- | C] () -- C:\Users\Greg\Documents\Averroes essay2.docx
[2010/03/30 09:30:26 | 000,019,918 | ---- | C] () -- C:\Users\Greg\Documents\Averroes essay.docx
[2010/03/29 19:35:59 | 000,010,421 | ---- | C] () -- C:\Users\Greg\Documents\Atti bio.docx
[2010/03/27 23:16:48 | 000,094,777 | ---- | C] () -- C:\Users\Greg\Desktop\gatt.wma
[2010/03/26 22:43:00 | 004,640,378 | ---- | C] () -- C:\Users\Greg\Desktop\Diagrams.rar
[2010/03/26 22:36:30 | 000,023,714 | ---- | C] () -- C:\Users\Greg\Documents\epic hot box disintegration 032610.docx
[2010/03/24 18:38:02 | 000,071,990 | ---- | C] () -- C:\Users\Greg\Documents\GSBW.skp
[2010/03/23 14:30:31 | 000,045,387 | ---- | C] () -- C:\Users\Greg\Documents\SEEvictorytheme2.wma
[2010/03/23 14:27:03 | 000,054,367 | ---- | C] () -- C:\Users\Greg\Documents\SEEvictorytheme1.wma
[2010/03/04 19:15:01 | 000,000,552 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d8caps.dat
[2010/02/23 11:48:14 | 000,000,109 | ---- | C] () -- C:\Users\Greg\webct_upload_applet.properties
[2009/12/13 20:24:54 | 000,000,334 | ---- | C] () -- C:\Users\Greg\AppData\Local\syssvc.exe
[2009/11/11 01:31:08 | 000,000,003 | ---- | C] () -- C:\Users\Greg\AppData\Local\Temn.exn
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/10 19:58:30 | 000,561,152 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/10 19:58:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/10 19:58:30 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DVDIFOFilter.dll
[2008/11/29 16:16:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/03 19:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll
[2008/09/28 13:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2008/08/28 07:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll
[2008/08/28 07:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll
[2008/08/28 07:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll
[2008/07/09 10:03:08 | 000,000,372 | ---- | C] () -- C:\Users\Greg\Documents - Shortcut.lnk
[2008/01/23 21:40:22 | 000,000,363 | ---- | C] () -- C:\Users\Greg\Videos - Shortcut (2).lnk
[2008/01/19 16:06:35 | 000,000,363 | ---- | C] () -- C:\Users\Greg\Videos - Shortcut.lnk
[2008/01/02 19:46:57 | 000,001,356 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
[2007/09/01 18:08:05 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/06/14 06:40:39 | 000,040,768 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\nvModes.001
[2007/06/14 06:40:33 | 000,040,768 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\nvModes.dat
[2007/06/13 19:33:30 | 000,122,880 | ---- | C] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/13 19:28:52 | 000,000,020 | -HS- | C] () -- C:\Users\Greg\ntuser.ini
[2007/06/13 19:28:51 | 004,194,304 | -HS- | C] () -- C:\Users\Greg\NTUSER.DAT
[2007/06/13 19:28:51 | 000,524,288 | -HS- | C] () -- C:\Users\Greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/06/13 19:28:51 | 000,524,288 | -HS- | C] () -- C:\Users\Greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/06/13 19:28:51 | 000,262,144 | -H-- | C] () -- C:\Users\Greg\ntuser.dat.LOG1
[2007/06/13 19:28:51 | 000,065,536 | -HS- | C] () -- C:\Users\Greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/06/13 19:28:51 | 000,000,000 | -H-- | C] () -- C:\Users\Greg\ntuser.dat.LOG2
[2007/05/15 00:32:35 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/15 00:32:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:47:56 | 000,380,957 | ---- | C] () -- C:\Windows\System32\expsrv.dll
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >

Kantwell
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-04-17
OS OS : Windows Vista Home Premium
Points Points : 24333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security

Post by Belahzur on Tue Apr 20, 2010 8:14 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Greg\AppData\Local\av.exe" /START "%1" %* File not found
    [2010/04/19 13:31:39 | 000,009,898 | -HS- | M] () -- C:\Users\Greg\AppData\Local\3367619789
    [2010/04/19 13:31:39 | 000,009,898 | -HS- | M] () -- C:\ProgramData\3367619789


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Vista Security

Post by Kantwell on Tue Apr 20, 2010 12:32 pm

Thanks much again. ^^ Here be the log:



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Greg\AppData\Local\3367619789 moved successfully.
C:\ProgramData\3367619789 moved successfully.

OTL by OldTimer - Version 3.2.1.3 log created on 04202010_123145

Kantwell
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-04-17
OS OS : Windows Vista Home Premium
Points Points : 24333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security

Post by Belahzur on Tue Apr 20, 2010 3:48 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Vista Security

Post by Kantwell on Fri Apr 23, 2010 7:58 pm

Ah, thanks! Malwarebytes actually reported "no malicious items detected." Oddly, as well, my laptop appears to be running rather normally all of a sudden...

Here is the log, though:


Malwarebytes' Anti-Malware 1.42
Database version: 3416
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/23/2010 7:56:01 PM
mbam-log-2010-04-23 (19-56-01).txt

Scan type: Quick Scan
Objects scanned: 101253
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kantwell
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-04-17
OS OS : Windows Vista Home Premium
Points Points : 24333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security

Post by Belahzur on Sat Apr 24, 2010 1:19 pm

You have a very old version of MBAM installed, so please do an update.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Vista Security

Post by Kantwell on Thu Apr 29, 2010 6:11 pm

Ookay, very sorry for the mix-up AND the long delay. Here's the new log...:


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/29/2010 5:55:30 PM
mbam-log-2010-04-29 (17-55-30).txt

Scan type: Quick scan
Objects scanned: 121522
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Greg\AppData\Local\temp\bthxjqy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Kantwell
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-04-17
OS OS : Windows Vista Home Premium
Points Points : 24333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Vista Security

Post by Belahzur on Fri Apr 30, 2010 3:15 pm

Hello.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum