Trojan

Page 1 of 4 1, 2, 3, 4  Next

View previous topic View next topic Go down

Trojan

Post by Itachi21 on Wed 27 Oct 2010, 8:14 am

A Trojan is causing my fiance's computer to keep restarting every time I log onto her account. I can't access her computer and I am doing the GeekPolice academy but I haven't gotten to that part yet.

It sets it to a blue screen when I log onto her account.

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Wed 27 Oct 2010, 10:45 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Wed 27 Oct 2010, 2:24 pm

The problem is the computer wont let me run any program cause by the time it does it goes to what I call the Blue Screen of Death and then restarts.

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Thu 28 Oct 2010, 11:33 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Fri 29 Oct 2010, 12:19 am

I can't get it to stay long enough to execute the rkill program. What is safe mode, and should I do that instead to run rkill to stop the Trojan?

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Fri 29 Oct 2010, 2:34 pm

bump

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Sat 30 Oct 2010, 4:22 am

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Try RKill now, plus OTL.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sat 30 Oct 2010, 5:40 am

Ok rkill didnt run under any of the 3 names. I did get OTL to run and here are the results.

OTL logfile created on: 10/29/2010 2:34:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Amanda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 180.05 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.15% Space Free | Partition Type: FAT32

Computer Name: MITTENSANGEL | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 14:11:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 14:11:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/07/01 08:25:59 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/06/04 00:27:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/11 23:01:32 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/02/17 16:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/12/26 03:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/11/06 23:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/07 04:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 250(UVC)
DRV:64bit: - [2009/10/07 04:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 04:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/18 10:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z006&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z006&form=ZGAADF&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/18 12:32:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/18 12:32:04 | 000,000,000 | ---D | M]

[2010/10/20 12:27:34 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2010/10/20 12:27:34 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/06/12 14:43:11 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/20 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions
[2010/08/25 12:49:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/04 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\searchtoolbar@zugo.com
[2010/07/25 19:24:14 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\sudoku@matt.fraser
[2010/07/20 15:21:37 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\textlinks@playsushi.com
[2010/09/28 14:46:27 | 000,002,565 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\askcom.xml
[2010/10/04 11:55:54 | 000,001,919 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\bing-zugo.xml
[2010/09/18 12:26:54 | 000,002,155 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\MyStart Search.xml
[2010/07/30 14:10:17 | 000,010,025 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\mywebsearch.xml
[2010/07/28 19:02:26 | 000,004,140 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\youtube.xml
[2010/06/11 22:49:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files (x86)\PlaySushi\PSText.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Amanda\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files (x86)\PlaySushi\PSText.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Amanda\AppData\Roaming\hotfix.exe) - C:\Users\Amanda\AppData\Roaming\hotfix.exe ()
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{315fe9b1-6fa0-11df-bde8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{315fe9b1-6fa0-11df-bde8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{315fe9b1-6fa0-11df-bde8-806e6f6e6963}\Shell\LVIPCAP\command - "" = Tool - Amcap&8.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 14:22:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010/10/26 17:19:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/10/21 21:26:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/20 12:27:32 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\IMVU
[2010/10/20 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\IMVUClient
[2010/10/14 13:53:56 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 13:53:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 13:53:55 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 13:53:53 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 13:53:51 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 13:53:49 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 13:53:48 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 13:53:48 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 13:53:48 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 13:53:42 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 13:53:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 13:53:41 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 13:53:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 13:53:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 13:53:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 13:53:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 13:53:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 13:53:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 13:53:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 13:53:40 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 13:53:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 13:53:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 13:53:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 13:53:37 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 13:53:34 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 13:53:33 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 13:53:32 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 13:53:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010/10/09 15:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/10/09 15:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/09 15:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/09 10:55:15 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\DivX
[2010/10/09 10:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/10/09 10:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/10/09 10:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/10/09 10:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/09 10:51:40 | 000,876,824 | ---- | C] (DivX, Inc. ) -- C:\Users\Amanda\Desktop\DivXInstaller.exe
[2010/10/04 11:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2010/09/30 18:25:26 | 006,379,288 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvuvc64.sys
[2010/09/30 18:25:26 | 000,767,000 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll
[2010/09/30 18:25:26 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll
[2010/09/30 18:25:26 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll
[2010/09/30 18:25:26 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll
[2010/09/30 18:25:26 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll
[2010/09/30 18:25:26 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll
[2010/09/30 18:25:19 | 000,327,704 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2010/09/30 18:25:19 | 000,271,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvpopf64.sys
[2010/09/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2010/09/30 18:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/09/29 15:52:13 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\SightSpeed Recordings

========== Files - Modified Within 30 Days ==========

[2010/10/29 14:27:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/29 14:27:18 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/29 14:27:18 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/29 14:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/29 14:19:17 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 14:18:15 | 000,001,507 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/10/29 14:11:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010/10/28 09:29:28 | 347,242,909 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/26 17:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-535494546-3647714240-3240444239-1001UA.job
[2010/10/26 17:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-535494546-3647714240-3240444239-1001Core.job
[2010/10/21 21:22:58 | 000,000,187 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\34718.bat
[2010/10/21 21:22:57 | 000,514,560 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\hotfix.exe
[2010/10/21 19:35:30 | 000,000,500 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2010/10/21 17:13:02 | 000,002,410 | ---- | M] () -- C:\Users\Amanda\Desktop\Google Chrome.lnk
[2010/10/20 12:39:15 | 000,000,926 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2010/10/20 12:27:28 | 000,001,888 | ---- | M] () -- C:\Users\Amanda\Desktop\IMVU.lnk
[2010/10/20 12:25:55 | 000,077,416 | ---- | M] () -- C:\Users\Amanda\Desktop\InstallIMVU_444.0_st.exe
[2010/10/20 11:19:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 11:19:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 15:40:31 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/09 15:46:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010/10/09 10:55:36 | 000,001,618 | ---- | M] () -- C:\Users\Amanda\Desktop\DivX Movies.lnk
[2010/10/09 10:55:14 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/10/09 10:54:47 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/10/09 10:51:41 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Users\Amanda\Desktop\DivXInstaller.exe
[2010/10/01 13:40:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/09/30 19:06:58 | 000,001,163 | ---- | M] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/30 19:06:58 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/30 18:27:10 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2010/09/30 18:23:28 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk

========== Files Created - No Company Name ==========

[2010/10/21 21:26:21 | 347,242,909 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/21 21:22:58 | 000,000,187 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\34718.bat
[2010/10/21 21:22:57 | 000,514,560 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\hotfix.exe
[2010/10/20 12:39:15 | 000,000,926 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2010/10/20 12:27:28 | 000,001,888 | ---- | C] () -- C:\Users\Amanda\Desktop\IMVU.lnk
[2010/10/20 12:25:55 | 000,077,416 | ---- | C] () -- C:\Users\Amanda\Desktop\InstallIMVU_444.0_st.exe
[2010/10/09 15:46:30 | 000,000,500 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2010/10/09 15:46:27 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010/10/09 10:55:36 | 000,001,618 | ---- | C] () -- C:\Users\Amanda\Desktop\DivX Movies.lnk
[2010/10/09 10:55:14 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/10/09 10:54:47 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/09/30 19:06:58 | 000,001,163 | ---- | C] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/30 19:06:58 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/30 18:27:10 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2010/09/30 18:25:19 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2010/09/30 18:25:19 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2010/09/30 18:23:28 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sat 30 Oct 2010, 5:41 am

OTL Extras logfile created on: 10/29/2010 2:34:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Amanda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 180.05 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.15% Space Free | Partition Type: FAT32

Computer Name: MITTENSANGEL | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Dell Dock" = Dell Dock
"DivX Setup.divx.com" = DivX Setup
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.5.9
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSC" = McAfee SecurityCenter
"Network Play System (Patching)" = Network Play System (Patching)
"NSS" = Norton Security Scan
"PhotoMail" = PhotoMail Maker
"Playsushi" = Playsushi
"Search Toolbar" = Search Toolbar
"The Sims" = The Sims
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 3:46:18 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2010 9:21:32 PM | Computer Name = MittensAngel | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 9/30/2010 5:32:39 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/30/2010 7:06:21 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3909,
time stamp: 0x4c8fdc89 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0xee8 Faulting application start time: 0x01cb60f0bfad9be6 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 568956aa-cce7-11df-b371-a4badbc7e273

Error - 9/30/2010 7:21:26 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 1:41:23 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 2:22:12 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: YAHOOM~1.EXE, version: 10.0.0.1270, time
stamp: 0x4c053ffe Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4c0540c3 Exception code: 0xc0000005 Fault offset: 0x6109427d Faulting process
id: 0x5f0 Faulting application start time: 0x01cb60f439af9ecb Faulting application
path: C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE Faulting module path: ymsdk.dll Report
Id: cecfc335-cd88-11df-b371-a4badbc7e273

Error - 10/1/2010 7:57:45 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/2/2010 7:38:52 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

Error - 10/2/2010 8:04:05 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 10/7/2010 11:10:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:10:15 AM - Error connecting to the internet. 11:10:15 AM - Unable
to contact server..

Error - 10/9/2010 3:15:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 3:15:05 AM - Error connecting to the internet. 3:15:05 AM - Unable
to contact server..

Error - 10/9/2010 4:15:43 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 4:15:36 AM - Error connecting to the internet. 4:15:36 AM - Unable
to contact server..

Error - 10/9/2010 5:16:02 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 5:16:00 AM - Error connecting to the internet. 5:16:00 AM - Unable
to contact server..

Error - 10/9/2010 6:16:09 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 6:16:08 AM - Error connecting to the internet. 6:16:08 AM - Unable
to contact server..

Error - 10/9/2010 7:32:49 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:49 AM - Error connecting to the internet. 7:32:49 AM - Unable
to contact server..

Error - 10/9/2010 7:33:03 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:54 AM - Error connecting to the internet. 7:32:54 AM - Unable
to contact server..

Error - 10/10/2010 12:04:32 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 12:04:21 AM - Error connecting to the internet. 12:04:21 AM - Unable
to contact server..

Error - 10/12/2010 11:33:36 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:36 AM - Error connecting to the internet. 11:33:36 AM - Unable
to contact server..

Error - 10/12/2010 11:33:57 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:41 AM - Error connecting to the internet. 11:33:41 AM - Unable
to contact server..

[ System Events ]
Error - 10/15/2010 7:43:13 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 7:55:15 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:07:20 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:19:23 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:31:25 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:39:41 PM | Computer Name = MittensAngel | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did
not allow the name to be claimed by this computer.

Error - 10/15/2010 9:55:26 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/21/2010 9:24:13 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:23:11 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:26:34 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:25:13 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:27:01 PM | Computer Name = MittensAngel | Source = BugCheck | ID = 1001
Description =


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Dell Dock" = Dell Dock
"DivX Setup.divx.com" = DivX Setup
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.5.9
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSC" = McAfee SecurityCenter
"Network Play System (Patching)" = Network Play System (Patching)
"NSS" = Norton Security Scan
"PhotoMail" = PhotoMail Maker
"Playsushi" = Playsushi
"Search Toolbar" = Search Toolbar
"The Sims" = The Sims
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 3:46:18 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2010 9:21:32 PM | Computer Name = MittensAngel | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 9/30/2010 5:32:39 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/30/2010 7:06:21 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3909,
time stamp: 0x4c8fdc89 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0xee8 Faulting application start time: 0x01cb60f0bfad9be6 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 568956aa-cce7-11df-b371-a4badbc7e273

Error - 9/30/2010 7:21:26 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 1:41:23 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 2:22:12 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: YAHOOM~1.EXE, version: 10.0.0.1270, time
stamp: 0x4c053ffe Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4c0540c3 Exception code: 0xc0000005 Fault offset: 0x6109427d Faulting process
id: 0x5f0 Faulting application start time: 0x01cb60f439af9ecb Faulting application
path: C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE Faulting module path: ymsdk.dll Report
Id: cecfc335-cd88-11df-b371-a4badbc7e273

Error - 10/1/2010 7:57:45 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/2/2010 7:38:52 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

Error - 10/2/2010 8:04:05 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 10/7/2010 11:10:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:10:15 AM - Error connecting to the internet. 11:10:15 AM - Unable
to contact server..

Error - 10/9/2010 3:15:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 3:15:05 AM - Error connecting to the internet. 3:15:05 AM - Unable
to contact server..

Error - 10/9/2010 4:15:43 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 4:15:36 AM - Error connecting to the internet. 4:15:36 AM - Unable
to contact server..

Error - 10/9/2010 5:16:02 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 5:16:00 AM - Error connecting to the internet. 5:16:00 AM - Unable
to contact server..

Error - 10/9/2010 6:16:09 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 6:16:08 AM - Error connecting to the internet. 6:16:08 AM - Unable
to contact server..

Error - 10/9/2010 7:32:49 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:49 AM - Error connecting to the internet. 7:32:49 AM - Unable
to contact server..

Error - 10/9/2010 7:33:03 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:54 AM - Error connecting to the internet. 7:32:54 AM - Unable
to contact server..

Error - 10/10/2010 12:04:32 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 12:04:21 AM - Error connecting to the internet. 12:04:21 AM - Unable
to contact server..

Error - 10/12/2010 11:33:36 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:36 AM - Error connecting to the internet. 11:33:36 AM - Unable
to contact server..

Error - 10/12/2010 11:33:57 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:41 AM - Error connecting to the internet. 11:33:41 AM - Unable
to contact server..

[ System Events ]
Error - 10/15/2010 7:43:13 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 7:55:15 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:07:20 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:19:23 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:31:25 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:39:41 PM | Computer Name = MittensAngel | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did
not allow the name to be claimed by this computer.

Error - 10/15/2010 9:55:26 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/21/2010 9:24:13 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:23:11 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:26:34 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:25:13 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:27:01 PM | Computer Name = MittensAngel | Source = BugCheck | ID = 1001
Description =


< End of report >

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Sat 30 Oct 2010, 10:47 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O20 - HKCU Winlogon: Shell - (C:\Users\Amanda\AppData\Roaming\hotfix.exe) - C:\Users\Amanda\AppData\Roaming\hotfix.exe ()
    [2010/10/21 21:22:58 | 000,000,187 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\34718.bat
    [2010/10/21 21:22:57 | 000,514,560 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\hotfix.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sun 31 Oct 2010, 2:51 am

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Amanda\AppData\Roaming\hotfix.exe deleted successfully.
C:\Users\Amanda\AppData\Roaming\hotfix.exe moved successfully.
C:\Users\Amanda\AppData\Roaming\34718.bat moved successfully.
File C:\Users\Amanda\AppData\Roaming\hotfix.exe not found.

OTL by OldTimer - Version 3.2.17.1 log created on 10302010_115123

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Sun 31 Oct 2010, 10:01 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon 01 Nov 2010, 12:30 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5005

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/31/2010 9:22:57 AM
mbam-log-2010-10-31 (09-22-57).txt

Scan type: Quick scan
Objects scanned: 141805
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Amanda\Desktop\IWON.exe (Adware.Iwon) -> Quarantined and deleted successfully.
C:\Users\Amanda\Desktop\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-535494546-3647714240-3240444239-1001\$RY02VLS.exe (Rogue.RegAlive) -> Quarantined and deleted successfully.
C:\Users\Amanda\AppData\Local\Temp\c52aa22e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Mon 01 Nov 2010, 12:22 pm

Hello.
Okay good, now we need to do a few more checks.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Wed 03 Nov 2010, 4:25 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 146):
0x0285F000 \SystemRoot\system32\ntoskrnl.exe
0x02816000 \SystemRoot\system32\hal.dll
0x00BCC000 \SystemRoot\system32\kdcom.dll
0x00CAF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF3000 \SystemRoot\system32\PSHED.dll
0x00D07000 \SystemRoot\system32\CLFS.SYS
0x00E83000 \SystemRoot\system32\CI.dll
0x00F43000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FE7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D65000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D98000 \SystemRoot\System32\drivers\partmgr.sys
0x00E77000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01072000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0118E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01199000 \SystemRoot\system32\drivers\fltmgr.sys
0x011E5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01000000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01015000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0124E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01450000 \SystemRoot\System32\Drivers\msrpc.sys
0x014AE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C8000 \SystemRoot\System32\Drivers\cng.sys
0x0153B000 \SystemRoot\System32\drivers\pcw.sys
0x0154C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016F3000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0168B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016D7000 \SystemRoot\System32\Drivers\spldr.sys
0x01556000 \SystemRoot\System32\drivers\rdyboost.sys
0x016DF000 \SystemRoot\System32\Drivers\mup.sys
0x017E5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01590000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015CA000 \SystemRoot\system32\DRIVERS\disk.sys
0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02A00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02A2A000 \SystemRoot\System32\Drivers\Null.SYS
0x02A33000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A3A000 \SystemRoot\System32\drivers\vga.sys
0x02A48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A6D000 \SystemRoot\System32\drivers\watchdog.sys
0x02A7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02A86000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A8F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02A98000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BE0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03802000 \SystemRoot\System32\drivers\tcpip.sys
0x01200000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01022000 \SystemRoot\System32\Drivers\Mpfp.sys
0x02BF1000 \SystemRoot\System32\Drivers\TDI.SYS
0x01430000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015E0000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03A6C000 \SystemRoot\system32\drivers\afd.sys
0x03AF6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B44000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B6A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B80000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B8F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C22000 \SystemRoot\system32\drivers\mfehidk.sys
0x03C6C000 \SystemRoot\System32\drivers\discache.sys
0x03C7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C99000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CAA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04645000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03CD0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D4D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04D93000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04DA0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04600000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04611000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x054B2000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05B5F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05B6C000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x05BD0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05400000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x0544B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0545A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05469000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0546E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05477000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0548D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03DC4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03DDA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0549D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03BBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00C76000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00DCE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x054A9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03EF3000 \SystemRoot\system32\DRIVERS\ks.sys
0x03F36000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03F48000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03FA2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E00000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x03E7B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x03EB8000 \SystemRoot\system32\DRIVERS\drmk.sys
0x03EDA000 \SystemRoot\system32\drivers\ksthunk.sys
0x03FB7000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x03FF1000 \SystemRoot\System32\Drivers\USBD.SYS
0x00070000 \SystemRoot\System32\win32k.sys
0x03FF3000 \SystemRoot\System32\drivers\Dxapi.sys
0x03EE0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02AA3000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x03BED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05BEE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x020DB000 \SystemRoot\system32\drivers\luafv.sys
0x020FE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02113000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02166000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02179000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02000000 \SystemRoot\system32\drivers\HTTP.sys
0x02191000 \SystemRoot\system32\DRIVERS\bowser.sys
0x021AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x021C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02820000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0286E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02891000 \SystemRoot\system32\drivers\peauth.sys
0x02937000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02942000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0296F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02981000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07054000 \SystemRoot\System32\DRIVERS\srv.sys
0x070EA000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x070F4000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0712A000 \SystemRoot\system32\drivers\mfeavfk.sys
0x07142000 \SystemRoot\system32\drivers\mfesmfk.sys
0x0714D000 \SystemRoot\system32\drivers\spsys.sys
0x76FA0000 \Windows\System32\ntdll.dll
0x47CF0000 \Windows\System32\smss.exe
0xFF2C0000 \Windows\System32\apisetschema.dll
0xFF740000 \Windows\System32\autochk.exe

Processes (total 81):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
396 csrss.exe
456 C:\Windows\System32\wininit.exe
464 csrss.exe
528 C:\Windows\System32\winlogon.exe
544 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
1028 C:\Windows\System32\svchost.exe
1100 C:\Program Files\Dell\DellDock\DockLogin.exe
1152 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\spoolsv.exe
1348 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1536 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1572 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
1588 LVPrS64H.exe
1620 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1760 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1800 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
1844 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1972 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
1064 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
1720 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2220 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2348 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
2488 C:\Windows\System32\svchost.exe
2632 WmiPrvSE.exe
672 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
2148 C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
2604 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
848 C:\Program Files\Windows Media Player\wmpnetwk.exe
1488 C:\Windows\System32\SearchIndexer.exe
684 WmiPrvSE.exe
1112 C:\Windows\servicing\TrustedInstaller.exe
3424 C:\Windows\System32\taskhost.exe
3488 C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
3556 C:\Windows\System32\dwm.exe
3628 C:\Windows\explorer.exe
3792 C:\Program Files\DellTPad\Apoint.exe
3816 C:\Program Files\IDT\WDM\sttray64.exe
3832 C:\Program Files\Dell\QuickSet\quickset.exe
3844 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3864 C:\Windows\System32\igfxtray.exe
3880 C:\Windows\System32\hkcmd.exe
3924 C:\Windows\System32\igfxpers.exe
3956 C:\Windows\System32\audiodg.exe
4052 C:\Program Files\DellTPad\ApMsgFwd.exe
3088 C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe
2196 C:\Windows\System32\igfxsrvc.exe
3144 C:\Program Files\DellTPad\hidfind.exe
3196 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
3616 C:\Program Files\DellTPad\ApntEx.exe
3380 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3384 C:\Windows\System32\conhost.exe
4000 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
4108 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4120 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
4144 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
4232 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
4256 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
4728 C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
5116 C:\Windows\System32\svchost.exe
3920 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
3900 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
4660 C:\Windows\System32\wuauclt.exe
3800 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
992 C:\Windows\System32\sppsvc.exe
4968 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3292 C:\Windows\System32\SearchProtocolHost.exe
3440 C:\Windows\System32\SearchFilterHost.exe
4536 C:\Users\Amanda\Desktop\MBRCheck.exe
2160 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-75A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Wed 03 Nov 2010, 11:44 am

Hah, bootkit infection.

Do you have the recovery discs for this machine?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Wed 03 Nov 2010, 1:04 pm

I have the original disks that came with her computer.

Is this going to end up being reformatted? I haven't had a problem so far booting the computer up out of safe mode.

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Thu 04 Nov 2010, 11:35 am

No, we just need to do a repair.

Reboot the machine, after it starts to boot, start tapping the F8 key, under the advanced boot menu, is there an option that says "Repair Your Computer"?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Fri 05 Nov 2010, 6:53 am

yes there is

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Fri 05 Nov 2010, 9:20 am

Select that option, then it will ask what OS you want to repair, select the OS this machine has.

If ask, select the Command Prompt option, and type in this command.

bootrec.exe /fixmbr

Note the space between e and /, press enter. If it comes up with "operation successful", reboot the machine and then re-run MBRCheck.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sat 06 Nov 2010, 11:06 pm

I entered the command prompt with the space and now the computer wont start up in safe mode or normally

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon 08 Nov 2010, 5:37 am

bump

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by Sneakyone on Mon 08 Nov 2010, 5:45 am

Hi,

Your MBR was infected with TDL4 and fixing the MBR that way must have borked your MBR.

Could you please try and boot into Last Known Good Configuration (Same way as Safe Mode) or go into recovery options (usually F11) and perform a system restore.

If you can get into Windows please run this:

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon 08 Nov 2010, 6:21 am

Would before I made the MBR check the best way to do it. So Friday 11/5?

Itachi21

Senior Surfer
Senior Surfer

Posts : 319
Joined : 2008-12-07
Operating System : Windows 7 64 Bit

View user profile

Back to top Go down

Re: Trojan

Post by DragonMaster Jay on Mon 08 Nov 2010, 6:37 am

HI

Do you have the Windows 7 DVD and able to boot from it?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan

Post by Sponsored content Today at 9:44 pm


Sponsored content


Back to top Go down

Page 1 of 4 1, 2, 3, 4  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum