Removal of Fake Data Recovery virus! Please Help

View previous topic View next topic Go down

Removal of Fake Data Recovery virus! Please Help

Post by laguera16 on Fri 23 Sep 2011, 2:13 am

Hi I just received a fake Data Recovery Virus need help deleting this thanks..

laguera16

Rookie Surfer
Rookie Surfer

Posts : 77
Joined : 2009-03-05
Operating System : windows

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by laguera16 on Fri 23 Sep 2011, 2:24 am

here is my mbam log

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 7766

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18372

9/22/2011 8:06:47 AM
mbam-log-2011-09-22 (08-06-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 432068
Time elapsed: 3 hour(s), 33 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\documents and settings\all users\application data\1kalmig2kb7fzp.exe (Trojan.FakeAlert) -> 3308 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1kAlMiG2Kb7FzP (Trojan.FakeAlert) -> Value: 1kAlMiG2Kb7FzP -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\1kalmig2kb7fzp.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\system volume information\_restore{4e015214-6bb0-4181-b365-456cf1dec069}\RP1024\A0101068.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4e015214-6bb0-4181-b365-456cf1dec069}\RP960\A0094509.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-dc3e0b8f38\application data\Sun\Java\deployment\cache\6.0\24\46f6f818-307ae6a2 (Trojan.Agent) -> Quarantined and deleted successfully.

laguera16

Rookie Surfer
Rookie Surfer

Posts : 77
Joined : 2009-03-05
Operating System : windows

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by Belahzur on Sun 25 Sep 2011, 5:07 am

Hello.
Please read this topic
[You must be registered and logged in to see this link.]

Post the requested logs when done.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by laguera16 on Sun 25 Sep 2011, 10:50 am

OTL logfile created on: 9/24/2011 3:53:26 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 26.14% Memory free
3.72 Gb Paging File | 2.24 Gb Available in Paging File | 60.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.53 Gb Total Space | 101.28 Gb Free Space | 44.51% Space Free | Partition Type: NTFS
Drive D: | 5.34 Gb Total Space | 3.40 Gb Free Space | 63.66% Space Free | Partition Type: FAT32

Computer Name: YOUR-DC3E0B8F38 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/24 15:41:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads\OTL(1).com
PRC - [2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/03/20 14:44:42 | 003,140,288 | ---- | M] (Hawkes Learning Systems ) -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
PRC - [2011/02/16 15:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/02/10 07:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/02/10 06:57:40 | 001,035,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2010/11/30 20:58:49 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/11/30 20:34:29 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/03/17 13:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\verizon\McciTrayApp.exe
PRC - [2010/03/04 16:22:58 | 000,883,168 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/06 16:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/30 18:54:21 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/02/23 14:04:42 | 000,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2007/11/15 22:51:42 | 000,059,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/08/09 09:15:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/09 18:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/10/28 11:08:31 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/06/30 22:00:24 | 000,065,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2003/06/26 20:09:56 | 000,135,214 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVComS.exe
PRC - [2003/04/18 16:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/15 18:57:32 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 11:18:40 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
MOD - [2011/07/08 09:34:04 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/20 14:44:40 | 000,598,616 | ---- | M] () -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\mia.lib
MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/12/29 22:39:40 | 000,101,888 | ---- | M] () -- C:\WINDOWS\temp\mia7\mEXEFunc.dll
MOD - [2010/11/30 20:34:51 | 000,174,432 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2010/11/30 20:34:32 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2010/11/30 20:34:30 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2010/11/30 20:34:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2010/11/30 20:34:29 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2010/06/23 18:03:32 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/06/10 18:07:15 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2010/03/04 16:22:58 | 000,883,168 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2010/02/05 11:14:43 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/10/16 08:39:29 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2009/05/26 21:06:28 | 000,913,408 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/02/23 14:04:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\bwfiles.dll
MOD - [2008/02/23 14:04:42 | 000,049,152 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll
MOD - [2008/02/23 14:04:42 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2008/02/23 14:04:42 | 000,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MOD - [2005/08/02 16:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll
MOD - [2004/08/10 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/01/05 00:30:18 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/04/18 16:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/02/16 15:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/11/30 20:58:49 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/15 22:52:24 | 002,124,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2007/11/15 22:51:56 | 000,245,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2007/11/15 22:51:42 | 000,059,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/08/09 09:15:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2003/04/18 16:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe -- (HawkesUpdater)


========== Driver Services (SafeList) ==========

DRV - [2010/11/30 20:34:35 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/30 20:34:35 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/11/30 20:34:35 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/11/30 20:34:35 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/03/17 13:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 13:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 13:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/03/12 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/12 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/10/01 17:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/09/27 17:12:30 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/15 22:24:06 | 004,249,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/29 02:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 02:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 09:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 09:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 09:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/06/26 20:05:38 | 000,472,332 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbu09270\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.01
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:5.1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&apn_uid=8E66920D-EDB1-46FB-A400-13F756399FDF&apn_ptnrs=W5&apn_sauid=0913780D-6C74-4F3B-BBCD-CF88C597E413&apn_dtid=YYYYYYYYUS&q="
FF - prefs.js..network.proxy.http: "71.109.175.243 "
FF - prefs.js..network.proxy.type: 1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/30 18:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\firefoxextension\ [2011/08/15 22:59:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins [2011/09/06 22:29:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components [2011/09/06 22:29:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/15 18:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 22:29:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks [2010/02/09 14:12:00 | 000,000,000 | ---D | M]

[2009/03/07 19:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Extensions
[2011/09/23 08:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions
[2010/09/17 09:57:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/23 08:47:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/18 22:02:23 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/06/24 23:32:09 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/09/17 09:57:38 | 000,000,000 | ---D | M] (Celebrity Toolbar) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2011/04/12 17:32:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\engine@conduit.com
[2010/09/17 09:57:44 | 000,000,000 | ---D | M] (Diccionario espaƱol Mexico) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\es-MX@dictionaries.addons.mozilla.org
[2010/09/17 09:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\fsonlinescanner@f-secure.com
[2011/09/23 08:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\staged
[2011/08/04 19:22:31 | 000,000,000 | ---D | M] ("Webroot Toolbar") -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\toolbar@ask.com
[2011/03/13 13:39:27 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\toolbar@shopathome.com
[2009/03/07 21:40:06 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\searchplugins\aim-search.xml
[2011/09/24 08:51:55 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\searchplugins\askcom.xml
[2011/05/10 18:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/17 09:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2008/12/17 20:43:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/15 18:57:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/12/06 05:59:08 | 000,192,512 | ---- | M] () -- C:\Program Files\mozilla firefox\components\mhxpcom.dll
[2011/01/23 12:37:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/01/23 12:37:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/11/30 18:20:29 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/01 10:59:04 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbu09270\tbcore3.dll ()
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbu09270\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbu09270\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cbjaDBsdKJ.exe] "C:\Documents and Settings\All Users\Application Data\cbjaDBsdKJ.exe" File not found
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/08/20 11:25:13 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/08/20 11:25:13 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/08/20 11:25:13 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/08/20 11:25:13 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: dyndns.tv ([ltp] * in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} [You must be registered and logged in to see this link.] (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} [You must be registered and logged in to see this link.] (TTestGenXInstallObject)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [You must be registered and logged in to see this link.] (CSEQueryObject Object)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} [You must be registered and logged in to see this link.] (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} [You must be registered and logged in to see this link.] (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [You must be registered and logged in to see this link.] (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} [You must be registered and logged in to see this link.] (Pearson Installation Assistant 2)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} [You must be registered and logged in to see this link.] (Shutterfly Picture Upload Plugin)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} [You must be registered and logged in to see this link.] (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} [You must be registered and logged in to see this link.] (Domino Web Access 7 Control)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} [You must be registered and logged in to see this link.] (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{054B1DCB-3D33-46DC-A07D-47394FE0DCB4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38310bb8-2726-11e0-bcef-0040ca9ae7a2}\Shell - "" = AutoRun
O33 - MountPoints2\{38310bb8-2726-11e0-bcef-0040ca9ae7a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38310bb8-2726-11e0-bcef-0040ca9ae7a2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{5de3083f-8bca-11df-bcc4-0040ca9ae7a2}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{cc46a592-ca1f-11e0-bd18-0040ca9ae7a2}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{cc46a592-ca1f-11e0-bd18-0040ca9ae7a2}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{da64f0f2-a1e3-11dc-b85b-0040ca9a6dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{da64f0f2-a1e3-11dc-b85b-0040ca9a6dd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da64f0f2-a1e3-11dc-b85b-0040ca9a6dd0}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "AOL TopSpeedMonitor"
MsConfig - Services: "AOL ACS"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\Program Files\BigFix\bigfix.exe - (BigFix Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: Cleanup - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Motive SmartBridge - hkey= - key= - C:\Program Files\verizon\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: msci - hkey= - key= - File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

laguera16

Rookie Surfer
Rookie Surfer

Posts : 77
Joined : 2009-03-05
Operating System : windows

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by laguera16 on Sun 25 Sep 2011, 10:50 am


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 17:31:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Recent
[2011/09/21 17:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Data Recovery
[2011/09/06 22:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/06 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/06 22:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/06 22:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/06 22:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/05 19:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Hawkes Learning Systems
[2011/09/05 19:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PackageAware
[2011/09/05 19:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{93906220-8503-45CF-87CB-5A54C8DE1AB2}
[2011/09/05 19:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hawkes Learning Systems
[2011/09/05 19:44:51 | 000,344,064 | ---- | C] (RSP Software - [You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\rsp_ogg_player_ocx2.dll
[2011/09/05 19:44:51 | 000,344,064 | ---- | C] (RSP Software - [You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\rsp_ogg_player_ocx1.dll
[2011/09/05 19:44:51 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2011/09/05 19:44:51 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2011/09/05 19:44:50 | 000,372,736 | ---- | C] (Aivosto Oy) -- C:\WINDOWS\System32\vbwExtender.ocx
[2011/09/05 19:44:50 | 000,205,848 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2011/09/05 19:44:49 | 001,328,824 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\SPR32X60.ocx
[2011/09/05 19:44:49 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2011/09/05 19:44:48 | 000,159,744 | ---- | C] (RSP Software - [You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\rsp_ogg_vorbis_ocx_320reg.ocx
[2011/09/05 19:44:47 | 000,557,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DAO360.DLL
[2011/09/05 19:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hawkes Learning Systems
[2011/09/05 19:41:06 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmavds32.ax
[2011/09/05 19:41:05 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv9vcm.dll
[2011/09/05 19:41:05 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2011/09/05 19:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{22F0A19A-26CD-4BBE-B95C-B04446B69DDA}
[2011/09/05 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\PackageAware
[2011/08/31 16:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Pictures
[53 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 16:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/23 22:39:29 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/23 15:13:45 | 000,028,982 | ---- | M] () -- C:\WINDOWS\hpoins03.dat
[2011/09/23 09:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/22 20:10:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/22 08:22:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/22 08:19:58 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/22 08:19:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/22 08:19:49 | 2012,794,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/22 08:05:14 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011/09/22 08:04:57 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011/09/21 18:33:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 17:34:59 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2011/09/21 17:25:17 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.lic
[2011/09/21 17:17:38 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Recovery.lnk
[2011/09/21 12:20:21 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Microsoft Office Word 2007.lnk
[2011/09/20 22:01:40 | 000,788,021 | ---- | M] () -- C:\logfile
[2011/09/19 11:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/15 21:57:35 | 000,242,300 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Mom and Pop 2011 pic.JPG
[2011/09/12 19:23:04 | 011,678,720 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/09/08 13:33:54 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/08 10:45:22 | 002,352,169 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\IMG_3687.jpg
[2011/09/06 17:35:57 | 022,925,312 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/09/05 19:44:53 | 000,000,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Essential Calculus.lnk
[2011/09/02 17:12:57 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[53 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | ---- | C] () -- C:\WINDOWS\System32\nomenebu
[2011/09/21 17:25:17 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.lic
[2011/09/21 17:17:39 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011/09/21 17:17:39 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011/09/21 17:17:38 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Recovery.lnk
[2011/09/21 17:17:31 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2011/09/15 21:57:35 | 000,242,300 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Mom and Pop 2011 pic.JPG
[2011/09/12 19:39:16 | 002,352,169 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\IMG_3687.jpg
[2011/09/06 22:18:29 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/05 19:44:53 | 000,000,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Essential Calculus.lnk
[2011/08/12 11:14:41 | 000,012,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\v528oxe2480s33lio720x04eb6dr
[2011/08/12 11:14:40 | 000,012,124 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\v528oxe2480s33lio720x04eb6dr
[2010/12/11 20:02:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/11 20:02:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 13:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/11/02 19:47:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/16 18:47:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\housecall.guid.cache
[2009/09/18 17:52:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2009/05/25 11:48:36 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2008/12/22 12:49:58 | 000,000,015 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/12/09 22:07:10 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/11 14:15:10 | 000,000,031 | ---- | C] () -- C:\WINDOWS\uccspecc.sys
[2008/02/23 14:09:26 | 000,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/02/23 14:06:48 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\AthUnIns.exe
[2008/02/23 14:04:42 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2008/02/23 14:03:22 | 000,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/01/19 00:32:55 | 000,002,216 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/16 14:22:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/03/28 19:09:53 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/04 00:28:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/05 21:34:45 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 23:16:52 | 000,005,092 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
[2006/12/10 16:56:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/09 14:02:32 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2006/12/09 14:02:32 | 000,029,089 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2006/12/09 14:01:22 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\fusioncache.dat
[2006/12/09 13:51:26 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2006/12/09 13:51:26 | 000,028,982 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2006/12/05 18:02:46 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/12/03 18:03:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/03 18:03:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/06 15:35:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\nicmgr.exe
[2006/10/06 15:35:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\nicmgr.dll
[2006/08/09 09:15:09 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/08/09 09:12:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/09 09:12:19 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2006/08/09 09:12:19 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/08/09 09:12:19 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2006/08/09 09:12:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006/08/09 09:12:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/08/09 09:12:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/08/09 09:11:49 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/08/09 09:11:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/09 09:11:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/09 09:06:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/09 08:38:25 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/09 08:38:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/09 08:38:23 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/09 08:38:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/09 08:38:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/09 08:38:20 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/09 08:38:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/09 08:38:19 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/09 08:38:16 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/09 08:38:16 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/09 08:38:16 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 02:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 02:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 02:24:58 | 000,001,270 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 02:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 02:23:22 | 000,456,198 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 02:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 02:23:22 | 000,076,304 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 02:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 02:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 02:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 02:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 02:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 02:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 02:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 02:23:08 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/06/16 19:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:30:47 | 000,349,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/02 15:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 15:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/01/05 00:30:18 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/26 16:47:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2009/03/07 19:14:33 | 000,156,034 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\FHSetup.exe
[2010/09/30 10:56:26 | 008,534,336 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Firefox Setup 3.6.10.exe
[2010/08/09 14:45:40 | 008,573,648 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Firefox Setup 3.6.8.exe
[2009/03/07 19:18:52 | 007,522,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Firefox%20Setup%203.0.7.exe
[2008/12/25 14:11:04 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\FixVundo.exe
[2009/09/01 18:37:51 | 000,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\GooredFix.exe
[2007/08/01 16:03:51 | 000,704,472 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\installer-31925-19-Messenger-Plus-Extension-4-20-262-English.exe
[2009/07/16 11:14:30 | 000,482,336 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\RealPlayerSPBeta.exe
[2009/10/04 22:33:09 | 002,069,088 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\RegCureSetup_RW.exe
[2009/10/13 11:34:27 | 041,688,928 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SpySweeperRegSetup_EN.exe
[2009/03/07 19:23:23 | 006,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\sunbelt-personal-firewall.exe
[2008/12/25 13:54:36 | 005,780,000 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SUPERAntiSpyware.exe
[2008/05/30 11:40:47 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\wmp11-windowsxp-x86-enu.exe
[2009/03/07 19:25:17 | 014,824,216 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\ymsgr900_2136_us.exe

< %USERPROFILE%\*.exe >
[2007/12/07 23:52:35 | 000,439,296 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\GoToAssist_phone__317_en.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/15 18:57:36 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/15 18:57:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/15 18:57:23 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2009/11/06 13:00:20 | 000,016,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SsiEfr.exe
[2009/11/06 13:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[53 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/08/18 21:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/07 19:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Agnitum
[2010/10/20 21:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2010/11/28 14:12:38 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2006/08/09 09:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\AMD Live!
[2009/08/30 10:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\American Airlines DealFinder
[2011/09/06 22:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/08/12 16:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\ARO 2011
[2011/05/30 13:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/07/18 12:09:45 | 000,000,000 | ---D | M] -- C:\Program Files\Asoftech
[2010/09/07 09:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Wizard 3.1
[2008/09/20 13:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2006/08/09 09:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2011/09/06 22:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/11/29 18:01:58 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/02/04 12:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\Celebrity Toolbar
[2009/09/15 19:12:24 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/08/12 11:54:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/06/17 02:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/06/03 14:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/06/03 21:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2006/08/09 08:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/03/09 20:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2009/03/05 18:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\Crawler
[2006/08/09 09:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/12/06 17:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2008/04/15 17:30:55 | 000,000,000 | ---D | M] -- C:\Program Files\detest5
[2006/08/09 08:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2006/08/09 09:07:18 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2008/02/23 14:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2009/04/05 13:56:14 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2007/01/13 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Flock
[2007/12/24 15:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway Games
[2009/03/05 10:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/08/09 09:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\gtw_logo
[2011/09/05 19:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Hawkes Learning Systems
[2009/08/06 08:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/12/31 23:13:22 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2009/07/25 13:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2010/07/18 12:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/07 20:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/09/06 22:31:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2006/12/31 00:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011/09/06 22:31:36 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/15 13:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/11/25 17:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2009/07/25 13:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/02/23 14:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/09/21 18:34:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/08/09 09:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/06/21 22:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2006/08/09 09:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/08/13 23:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/03/29 10:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/06/12 16:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/05/08 16:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/08/09 09:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2011/03/04 16:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/08/30 16:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/08/30 16:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2007/01/15 17:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2011/09/05 12:03:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/10/20 18:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/17 10:09:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/06/12 16:34:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/06/12 16:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/03/04 22:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/03/04 22:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/03/05 19:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/03/04 22:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/10 19:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/09/23 22:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/03/07 20:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/08/29 10:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/09/02 17:12:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/12/11 22:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2009/04/05 13:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Games
[2006/06/17 02:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/04/22 16:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2006/12/04 23:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/03/07 20:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/03/27 15:54:34 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2007/12/24 15:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2006/06/17 02:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/12/22 12:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2006/06/17 02:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 18:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/12/10 16:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Overland
[2007/12/24 15:12:17 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2007/05/25 12:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoWorks
[2008/01/03 18:11:07 | 000,000,000 | ---D | M] -- C:\Program Files\Picaboo
[2008/07/12 19:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2006/12/05 18:00:07 | 000,000,000 | ---D | M] -- C:\Program Files\PlayLinc
[2010/12/12 13:32:31 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2007/03/04 12:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2011/09/06 22:29:17 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/11 13:13:52 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/08/09 09:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/07/20 15:16:16 | 000,000,000 | ---D | M] -- C:\Program Files\Recuva
[2009/03/07 20:26:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/09/18 19:06:21 | 000,000,000 | ---D | M] -- C:\Program Files\RegCleaner
[2009/09/18 18:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\RegistryPatrol3.0
[2011/09/24 08:52:34 | 000,000,000 | ---D | M] -- C:\Program Files\SelectRebates
[2007/05/04 18:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\Serious Magic
[2008/12/09 22:51:04 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2009/09/04 11:13:02 | 000,000,000 | ---D | M] -- C:\Program Files\Southwest Airlines
[2007/12/06 18:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\SplashData
[2011/08/12 16:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/07/18 09:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Photo Recovery
[2010/11/30 20:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/11/30 20:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/09/18 19:21:04 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2006/06/17 02:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2011/08/12 16:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/06/03 21:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrentBar
[2010/05/10 12:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\verizon
[2006/12/05 17:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\VZBB Toolbar
[2010/11/30 20:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2007/01/19 20:13:56 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2006/08/09 09:09:29 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/03/06 18:16:44 | 000,000,000 | ---D | M] -- C:\Program Files\WinClamAVShield
[2010/12/16 19:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/11/30 11:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/06/12 16:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/06/12 16:35:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2008/05/28 16:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/05/28 16:52:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/06/17 02:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/06/17 02:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/06/17 02:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2006/06/17 02:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/04/28 19:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/01/20 14:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\Zune


< MD5 for: AGP440.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SDTemp\Download.old\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2009/10/13 12:21:20 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2009/10/13 12:21:20 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2009/10/13 12:21:20 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SDTemp\Download.old\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2004/08/10 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SDTemp\Download.old\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SDTemp\Download.old\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 01:21:34

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/15 18:57:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/15 18:57:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/15 18:57:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Flock\FLSET.exe" HIDE [2006/05/02 15:38:24 | 000,064,093 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Flock\flock\flock.exe" -silent -nosplash -setDefaultBrowser\
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Flock\FLSET.EXE" SHOW [2006/05/02 15:38:24 | 000,064,093 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\shell\open\command\\: C:\PROGRA~1\Flock\flock\flock.exe [2006/12/19 06:17:00 | 007,042,624 | ---- | M] (Flock Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\shell\properties\command\\: C:\PROGRA~1\Flock\flock\flock.exe -chrome "chrome://browser/content/pref/pref.xul" [2006/12/19 06:17:00 | 007,042,624 | ---- | M] (Flock Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN.EXE" [2011/07/19 11:33:01 | 000,102,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/15 18:57:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/15 18:57:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/15 18:57:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/15 18:57:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Flock\FLSET.exe" HIDE [2006/05/02 15:38:24 | 000,064,093 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Flock\flock\flock.exe" -silent -nosplash -setDefaultBrowser\
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Flock\FLSET.EXE" SHOW [2006/05/02 15:38:24 | 000,064,093 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\shell\open\command\\: C:\PROGRA~1\Flock\flock\flock.exe [2006/12/19 06:17:00 | 007,042,624 | ---- | M] (Flock Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\flock.exe\shell\properties\command\\: C:\PROGRA~1\Flock\flock\flock.exe -chrome "chrome://browser/content/pref/pref.xul" [2006/12/19 06:17:00 | 007,042,624 | ---- | M] (Flock Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN.EXE" [2011/07/19 11:33:01 | 000,102,400 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

laguera16

Rookie Surfer
Rookie Surfer

Posts : 77
Joined : 2009-03-05
Operating System : windows

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by laguera16 on Sun 25 Sep 2011, 11:00 am

AswMBR Log

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-24 16:56:44
-----------------------------
16:56:44.609 OS Version: Windows 5.1.2600 Service Pack 2
16:56:44.609 Number of processors: 2 586 0x4B02
16:56:44.609 ComputerName: YOUR-DC3E0B8F38 UserName: Owner
16:56:48.421 Initialize success
16:59:29.796 AVAST engine defs: 11092401
16:59:49.000 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"



laguera16

Rookie Surfer
Rookie Surfer

Posts : 77
Joined : 2009-03-05
Operating System : windows

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by laguera16 on Sun 25 Sep 2011, 11:02 am

Spyware information Log
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
OneCare Advisor (Windows Live Toolbar)
McAfee Security Scan Plus
Trend Micro Titanium
Trend Micro™ Titanium™
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````

laguera16

Rookie Surfer
Rookie Surfer

Posts : 77
Joined : 2009-03-05
Operating System : windows

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by Belahzur on Tue 27 Sep 2011, 4:43 am

Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by laguera16 on Sun 02 Oct 2011, 5:52 am

Combo fix log
ComboFix 11-10-01.03 - Owner 10/01/2011 10:58:08.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.496 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads\Belahuzur.exe
AV: Trend Micro Titanium *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Lizette\My Documents\~WRL1112.tmp
c:\documents and settings\Lizette\Start Menu\Programs\System Recovery
c:\documents and settings\Lizette\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\Lizette\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\documents and settings\Lizette\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Lizette\WINDOWS
c:\documents and settings\Omar\WINDOWS
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\System Recovery
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Owner.YOUR-DC3E0B8F38\WINDOWS
c:\documents and settings\yanette\g2mdlhlpx.exe
c:\documents and settings\yanette\WINDOWS
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\program files\Internet Explorer\SET287.tmp
c:\program files\Internet Explorer\SET288.tmp
c:\program files\Internet Explorer\SET289.tmp
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\windows\bwUnin-6.1.4.36-8876480L.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Recovery
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
c:\windows\system32\service
c:\windows\system32\service\01122009_TIS17_SfFniAU.log
c:\windows\system32\service\04052010_TIS17_SfFniAU.log
c:\windows\system32\service\06102009_TIS17_SfFniAU.log
c:\windows\system32\service\08112009_TIS17_SfFniAU.log
c:\windows\system32\service\15042010_TIS17_SfFniAU.log
c:\windows\system32\service\18032010_TIS17_SfFniAU.log
c:\windows\system32\service\20042010_TIS17_SfFniAU.log
c:\windows\system32\service\23082010_TIS17_SfFniAU.log
c:\windows\system32\service\23092009_TIS17_SfFniAU.log
c:\windows\system32\service\29082010_TIS17_SfFniAU.log
c:\windows\system32\Thumbs.db
c:\windows\TEMP\mia9\mEXEFunc.dll
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-09-25 23:27 . 2011-09-25 23:27 -------- d-----w- c:\program files\iPod
2011-09-25 23:27 . 2011-09-25 23:28 -------- d-----w- c:\program files\iTunes
2011-09-25 23:27 . 2011-09-25 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-09-07 05:25 . 2011-09-07 05:25 -------- d-----w- c:\program files\Bonjour
2011-09-06 02:41 . 2009-04-07 10:59 424960 ----a-w- c:\windows\system32\wmavds32.ax
2011-09-06 02:41 . 2003-06-23 08:44 1415680 ----a-w- c:\windows\system32\wmv9vcm.dll
2011-09-06 02:41 . 2001-03-26 10:41 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2011-09-06 02:40 . 2011-09-06 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{22F0A19A-26CD-4BBE-B95C-B04446B69DDA}
2011-09-06 02:40 . 2011-09-06 02:40 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\PackageAware
2011-09-02 23:51 . 2011-07-19 18:34 369152 ----a-w- c:\program files\MSN\MSNCoreFiles\Calendar.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 00:00 . 2010-12-01 03:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 16:34 . 2011-05-13 01:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-16 01:57 . 2011-05-11 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-06 12:59 . 2010-01-31 21:47 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbu09270\tbhelper.dll" [2009-05-07 355840]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbu09270\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 20:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbu09270\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbu09270\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 23:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-23 16384]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-03 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-11-16 166304]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-07-01 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-07-01 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 185896]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
c:\documents and settings\Lizette\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-8-21 147456]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-2-23 169472]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-08-09 16:00 169984 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 08:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 19:33 438359 -c--a-w- c:\progra~1\verizon\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 -c--a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\verizon\\McciTrayApp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [11/30/2010 8:44 PM 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/30/2010 8:46 PM 64080]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [11/30/2010 8:58 PM 1201640]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [9/5/2011 7:48 PM 8192]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-10-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 20:29]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;;*.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
Trusted Zone: dyndns.tv\ltp
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 71.109.175.243
FF - prefs.js: network.proxy.type - 1
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-cbjaDBsdKJ.exe - c:\documents and settings\All Users\Application Data\cbjaDBsdKJ.exe
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Cleanup - c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\200612316565_mcappins.exe
MSConfigStartUp-msci - c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\200612316564_mcinfo.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-10-01 11:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,0b,14,b2,d1,94,cf,42,82,cb,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]
@DACL=(02 0000)
@="{571715D7-3395-4DF0-B43C-784836209E60}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1604)
c:\program files\Common Files\Motive\McciContextHook_DSR.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\LVComS.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2011-10-01 11:46:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-01 18:46
ComboFix2.txt 2009-10-17 00:14
.
Pre-Run: 110,334,365,696 bytes free
Post-Run: 112,438,636,544 bytes free
.
Current=7 Default=7 Failed=3 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 3D166410805C32E028FF82F5C3ECB0C0

laguera16

Rookie Surfer
Rookie Surfer

Posts : 77
Joined : 2009-03-05
Operating System : windows

View user profile

Back to top Go down

Re: Removal of Fake Data Recovery virus! Please Help

Post by Sponsored content Today at 7:48 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum