Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: PC Shield Virus

  1. #11
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default results from the OTL fix log

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ not found.
    File C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\ not found.
    File C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
    File C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
    Folder C:\Users\Steve\AppData\Local\sryipycgi\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Steve\Desktop\cmd.bat deleted successfully.
    C:\Users\Steve\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Christine
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Emily
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 34012726 bytes
    ->Java cache emptied: 41110830 bytes
    ->Flash cache emptied: 28592 bytes

    User: Matthew
    ->Temp folder emptied: 6796758 bytes
    ->Temporary Internet Files folder emptied: 37925617 bytes
    ->Java cache emptied: 37563189 bytes
    ->Flash cache emptied: 2911 bytes

    User: Public

    User: Steve
    ->Temp folder emptied: 94567824 bytes
    ->Temporary Internet Files folder emptied: 70438133 bytes
    ->Java cache emptied: 53920214 bytes
    ->Flash cache emptied: 10642 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 76255520 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 5167769453 bytes

    Total Files Cleaned = 5,360.00 mb


    OTL by OldTimer - Version 3.2.11.0 log created on 09082010_191429

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\mcafee_soGcPdC92PrPaYt not found!
    File\Folder C:\Windows\temp\mcafee_xUhI0Uhgl5OHdJU not found!
    File\Folder C:\Windows\temp\mcmsc_Fn0TDNX5ASbDFXQ not found!
    File\Folder C:\Windows\temp\mcmsc_I4B2Z5NI4WGJlTA not found!
    File\Folder C:\Windows\temp\mcmsc_nXTarTM8lgi8aEI not found!
    File\Folder C:\Windows\temp\mcmsc_TrgGFxoXCwu3j5w not found!
    File\Folder C:\Windows\temp\sqlite_2LCy1awTtAKeJc6 not found!
    File\Folder C:\Windows\temp\sqlite_GdhalunrKqIVnuC not found!
    File\Folder C:\Windows\temp\sqlite_PuLWf4NYh8B3Y1H not found!
    File\Folder C:\Windows\temp\sqlite_sQPVABCkSOLVimG not found!

    Registry entries deleted on Reboot...

  2. #12
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default MBRCheck Log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Studio 540
    Logical Drives Mask: 0x00000bfc

    Kernel Drivers (total 148):
    0x01E1A000 \SystemRoot\system32\ntoskrnl.exe
    0x02331000 \SystemRoot\system32\hal.dll
    0x00607000 \SystemRoot\system32\kdcom.dll
    0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0064C000 \SystemRoot\system32\PSHED.dll
    0x00660000 \SystemRoot\system32\CLFS.SYS
    0x006BD000 \SystemRoot\system32\CI.dll
    0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EF000 \SystemRoot\system32\drivers\acpi.sys
    0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00958000 \SystemRoot\system32\drivers\pci.sys
    0x00988000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099D000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B1000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x009B9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x009C9000 \SystemRoot\system32\drivers\pciide.sys
    0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009E3000 \SystemRoot\system32\drivers\atapi.sys
    0x007D5000 \SystemRoot\system32\drivers\ataport.SYS
    0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00A65000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00A71000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C0A000 \SystemRoot\system32\drivers\ndis.sys
    0x00AF8000 \SystemRoot\system32\drivers\msrpc.sys
    0x00B48000 \SystemRoot\system32\drivers\NETIO.SYS
    0x00E0C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x00F8C000 \SystemRoot\system32\drivers\volsnap.sys
    0x00FD0000 \SystemRoot\System32\Drivers\spldr.sys
    0x00FD8000 \SystemRoot\System32\Drivers\mup.sys
    0x00DCD000 \SystemRoot\System32\drivers\ecache.sys
    0x00FEA000 \SystemRoot\system32\drivers\disk.sys
    0x00BA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00E00000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00BE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00BF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x009EB000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x01E01000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x0280F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x028F2000 \SystemRoot\System32\drivers\watchdog.sys
    0x02902000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0290E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02954000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02A0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02AFB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x02B0D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x02B1D000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x02B53000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02B6F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x02B7C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x02965000 \SystemRoot\system32\DRIVERS\storport.sys
    0x02BB5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02BC2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02BE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x029C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x027CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x027DE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02C02000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02C1A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C2D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x02C3B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02C47000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02C49000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02C7D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02C88000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x02C98000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x02CE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x02E05000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x02F6D000 \SystemRoot\system32\drivers\portcls.sys
    0x02FA8000 \SystemRoot\system32\drivers\drmk.sys
    0x02FCB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x02FD1000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x02FF5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x02CF4000 \SystemRoot\System32\Drivers\Null.SYS
    0x02D08000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x02D10000 \SystemRoot\System32\drivers\vga.sys
    0x02D1E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02D43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02D4C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02D55000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02D60000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02D71000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x0300C000 \SystemRoot\System32\drivers\tcpip.sys
    0x03182000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x031AE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x031CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x02D7A000 \SystemRoot\System32\Drivers\Mpfp.sys
    0x031CC000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02DB7000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0x031E9000 \SystemRoot\system32\drivers\sosnf64.sys
    0x02DD2000 \SystemRoot\system32\DRIVERS\smb.sys
    0x03203000 \SystemRoot\system32\drivers\afd.sys
    0x0326E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x032B2000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x032BD000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x032DB000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x032EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03305000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03352000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0335E000 \SystemRoot\system32\drivers\mfehidk.sys
    0x033A8000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0340E000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
    0x036AD000 \SystemRoot\system32\drivers\usbaudio.sys
    0x036C6000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x036CF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x036E1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x036F9000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x03704000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x03714000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x0371F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0372A000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x03746000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x03794000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x037A2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x037AE000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x000D0000 \SystemRoot\System32\win32k.sys
    0x037B6000 \SystemRoot\System32\drivers\Dxapi.sys
    0x037C2000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00470000 \SystemRoot\System32\TSDDD.dll
    0x006A0000 \SystemRoot\System32\cdd.dll
    0x037D5000 \SystemRoot\system32\drivers\luafv.sys
    0x14E0E000 \SystemRoot\system32\drivers\spsys.sys
    0x14EA8000 \SystemRoot\system32\DRIVERS\packet.sys
    0x14EB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x14EC9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x14EE1000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
    0x14EED000 \SystemRoot\system32\drivers\HTTP.sys
    0x14F90000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x14FB9000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x14FD7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x033C5000 \SystemRoot\system32\drivers\mrxdav.sys
    0x1520A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x15233000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x1527C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x1529B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x152CD000 \SystemRoot\System32\DRIVERS\srv.sys
    0x15362000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x15E04000 \SystemRoot\system32\drivers\peauth.sys
    0x15EBA000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x15EC5000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x15ED5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x15EF5000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x15F0B000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x15F23000 \SystemRoot\system32\drivers\mfesmfk.sys
    0x76D20000 \WINDOWS\System32\ntdll.dll

    Processes (total 78):
    0 System Idle Process
    4 System
    448 C:\WINDOWS\System32\smss.exe
    580 csrss.exe
    616 C:\WINDOWS\System32\wininit.exe
    636 csrss.exe
    672 C:\WINDOWS\System32\services.exe
    684 C:\WINDOWS\System32\lsass.exe
    692 C:\WINDOWS\System32\lsm.exe
    744 C:\WINDOWS\System32\winlogon.exe
    892 C:\WINDOWS\System32\svchost.exe
    952 C:\WINDOWS\System32\svchost.exe
    992 C:\WINDOWS\System32\svchost.exe
    368 C:\WINDOWS\System32\svchost.exe
    468 C:\WINDOWS\System32\svchost.exe
    628 C:\WINDOWS\System32\svchost.exe
    1036 C:\WINDOWS\System32\audiodg.exe
    1064 C:\WINDOWS\System32\svchost.exe
    1084 C:\WINDOWS\System32\SLsvc.exe
    1132 C:\WINDOWS\System32\svchost.exe
    1288 C:\WINDOWS\System32\svchost.exe
    1500 C:\WINDOWS\System32\spoolsv.exe
    1524 C:\WINDOWS\System32\svchost.exe
    1780 C:\WINDOWS\System32\AERTSr64.exe
    1792 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1808 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1948 C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    1848 C:\WINDOWS\System32\dwm.exe
    2008 C:\WINDOWS\System32\taskeng.exe
    848 C:\WINDOWS\explorer.exe
    2060 C:\WINDOWS\System32\taskeng.exe
    2280 C:\WINDOWS\System32\spool\drivers\x64\3\lxeaserv.exe
    2292 C:\WINDOWS\System32\lxeacoms.exe
    2312 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
    2344 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    2376 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
    2444 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
    2516 C:\WINDOWS\System32\svchost.exe
    2544 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2636 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    2708 C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe
    2844 C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe
    2872 C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe
    2924 C:\WINDOWS\System32\svchost.exe
    2976 C:\WINDOWS\System32\svchost.exe
    3060 C:\WINDOWS\System32\SearchIndexer.exe
    2468 WUDFHost.exe
    2248 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
    3528 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
    3708 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    3960 C:\WINDOWS\notepad.exe
    4068 C:\Program Files\Windows Defender\MSASCui.exe
    4076 C:\WINDOWS\RAVCpl64.exe
    4084 C:\WINDOWS\System32\igfxtray.exe
    4092 C:\WINDOWS\System32\hkcmd.exe
    2088 C:\WINDOWS\System32\igfxpers.exe
    2000 C:\WINDOWS\System32\wpcumi.exe
    3608 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
    2772 C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
    2776 C:\Program Files\Windows Sidebar\sidebar.exe
    3836 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    3636 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    3620 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    3940 C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    3900 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3116 C:\Program Files\iPod\bin\iPodService.exe
    860 C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
    4176 C:\WINDOWS\System32\igfxsrvc.exe
    4868 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4976 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4212 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
    3720 C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
    2728 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    3684 C:\WINDOWS\servicing\TrustedInstaller.exe
    1588 C:\WINDOWS\System32\SearchProtocolHost.exe
    2208 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1176 C:\WINDOWS\System32\SearchFilterHost.exe
    288 C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WM6YSIE6\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5BA

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!

  3. #13
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default MBAM Results from Malwarebytes

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4577

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    9/8/2010 7:55:41 PM
    mbam-log-2010-09-08 (19-55-41).txt

    Scan type: Quick scan
    Objects scanned: 173749
    Time elapsed: 7 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Steve\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

  4. #14
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Steveo4571,

    How are you making out with the new OTL scan log?

    I take it the computer can now access the internet?

    Thanks
    Member of UNITE and ASAP

  5. #15
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default last OTL Scan

    OTL logfile created on: 9/8/2010 8:05:12 PM - Run 2
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.71 Gb Total Space | 262.39 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
    Drive E: | 0.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MELDRUM-STUDIO
    Current User Name: Steve
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
    PRC - C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
    PRC - C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
    PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
    PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
    PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
    PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
    PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\SysWOW64\msi.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\sfc_os.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\sfc.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\msiltcfg.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
    SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
    SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (SOSNFLSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
    SRV - (sosnfusv) -- C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
    SRV - (SOSNFFSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
    SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
    SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
    SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
    SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
    DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
    DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
    DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
    DRV:64bit: - (sosnf64) -- C:\Windows\SysNative\drivers\sosnf64.sys (NetFilterSDK.com)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
    DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
    DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
    DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
    DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
    DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
    DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
    DRV - (Packet) -- C:\WINDOWS\SysWOW64\drivers\packet.sys (SingleClick Systems)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/arizona/home.cox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] File not found
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/08 19:41:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
    [2010/09/08 19:41:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/09/08 19:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/09/08 19:41:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/09/08 19:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/09/08 19:07:48 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/09/07 16:42:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    [2010/08/13 04:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/13 04:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/08/12 13:27:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
    [2010/08/12 13:27:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
    [2010/08/12 13:26:40 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
    [2010/08/12 13:26:37 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2010/08/12 13:26:24 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
    [2010/08/12 13:26:22 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2010/08/12 13:26:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2010/08/12 13:26:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2010/08/12 13:26:21 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2010/08/12 13:26:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2010/08/12 13:26:21 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2010/08/12 13:26:21 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2010/08/12 13:26:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2010/08/12 13:26:21 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2010/08/12 13:26:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2010/08/12 13:26:21 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2010/08/12 13:26:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2010/08/12 13:26:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/08/12 13:26:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/08/12 13:26:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2010/08/12 13:26:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2010/08/12 13:26:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2010/08/12 13:26:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2010/08/12 13:26:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2010/08/12 13:26:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2010/08/12 13:26:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2010/08/12 13:26:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2010/01/19 18:26:58 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Steve\AppData\Roaming\DataSafeDotNet.exe
    [2009/12/06 16:04:11 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
    [2009/12/06 16:04:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
    [2009/12/06 16:04:11 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
    [2009/12/06 16:04:10 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
    [2009/12/06 16:04:10 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
    [2009/12/06 16:04:10 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
    [2009/12/06 16:04:10 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
    [2009/12/06 16:04:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
    [2009/12/06 16:04:10 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/08 20:08:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job
    [2010/09/08 20:08:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
    [2010/09/08 20:05:36 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
    [2010/09/08 20:01:18 | 000,018,367 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
    [2010/09/08 20:00:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/08 20:00:33 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
    [2010/09/08 20:00:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/08 20:00:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/08 20:00:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/08 20:00:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/08 20:00:17 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/08 19:58:50 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/08 19:58:50 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
    [2010/09/08 19:58:48 | 002,227,818 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
    [2010/09/08 19:48:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/08 19:41:39 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
    [2010/09/07 07:12:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    [2010/09/07 07:11:28 | 000,293,376 | ---- | M] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
    [2010/08/29 20:50:25 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TMContainer00000000000000000001.regtrans-ms
    [2010/08/29 20:50:25 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TM.blf
    [2010/08/29 15:09:55 | 000,023,552 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
    [2010/08/29 08:08:41 | 000,096,256 | ---- | M] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
    [2010/08/25 16:12:33 | 000,024,064 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
    [2010/08/23 07:30:11 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/08/23 07:30:11 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/08/23 07:30:11 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/08/21 15:58:02 | 000,192,000 | ---- | M] () -- C:\Users\Steve\Desktop\fall league matt.ppt
    [2010/08/13 05:04:27 | 000,302,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/08/13 04:53:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/08 19:41:39 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/07 16:46:35 | 2110,971,904 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/07 16:41:56 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
    [2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
    [2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/07 16:40:47 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
    [2010/08/29 08:08:40 | 000,096,256 | ---- | C] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
    [2010/08/23 16:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
    [2010/08/23 16:08:59 | 000,023,552 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
    [2010/08/21 15:58:01 | 000,192,000 | ---- | C] () -- C:\Users\Steve\Desktop\fall league matt.ppt
    [2010/08/13 04:53:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/01/20 17:01:41 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
    [2009/12/11 18:36:59 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
    [2009/12/06 17:02:20 | 000,087,148 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
    [2009/12/06 17:02:04 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
    [2009/12/06 16:56:50 | 000,173,995 | ---- | C] () -- C:\ProgramData\lxea.log
    [2009/12/06 16:09:00 | 000,727,073 | ---- | C] () -- C:\ProgramData\lxeascan.log
    [2009/12/06 16:04:12 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
    [2009/12/06 16:04:11 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
    [2009/12/06 16:04:11 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
    [2009/12/06 16:04:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
    [2009/12/06 16:04:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
    [2009/12/06 16:04:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
    [2009/12/06 16:04:10 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
    [2009/12/06 16:04:10 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
    [2009/12/06 16:04:10 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
    [2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
    [2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
    [2009/12/06 16:00:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
    [2009/12/06 16:00:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
    [2009/12/06 16:00:35 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
    [2009/12/03 07:21:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/12/03 07:19:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/09/20 22:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/09/20 18:26:51 | 000,015,360 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
    < End of report >

  6. #16
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi

    Looks good so far. Just some adware left showing.

    Click on the Start button > Control Panel

    Depending on your setings, either
    • click on the Uninstall a program option under the Programs category.
    • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
    Uninstall the following program


    ShopAtHome SelectRebates


    Next, Right click on OTL.exe and select "Run as Administrator"
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    :OTL
    PRC - C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
    O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
    
    :Files
    C:\Program Files\SelectRebates
    
    :Commands
    [Reboot]
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.



    One more scan just to check our handiwork.

    In order to run this scan you will need to open a browser with Aministrator Rights.
    • Right click your browser icon and select "Run as Administrator"
    • Do not use this browser for anything else but running this scan
    • Once the scan has completed and the results saved, close that browser.
    • Open a new browser the normal way and post the Kaspersky log here.


    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    Please go to Kaspersky website and perform an online antivirus scan.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions.
    • You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Change the Files of type to Text file (.txt)
    • Set the Save In to Desktop
    • click the Save button.
    • Please post this log in your next reply.
    Please post back with the OTL fix log and Kaspersky log.

    How is the computer?

    Thanks
    Last edited by oldman960; 2010-09-09 at 06:41.
    Member of UNITE and ASAP

  7. #17
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default OTL and Kaspersky

    I ran the OTL Fix, the computed re-booted but I didn't get a new text file. Was I supposed to?

    Here are the results from the Kaspersky File.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, September 10, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Thursday, September 09, 2010 20:49:17
    Records in database: 4208501
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    L:\

    Scan statistics:
    Objects scanned: 332279
    Threats found: 1
    Infected objects found: 1
    Suspicious objects found: 0
    Scan duration: 05:49:33


    File name / Threat / Threats count
    C:\My Games\Zuma Deluxe\Zuma.exe Infected: Trojan-GameThief.Win32.Magania.dodn 1

    Selected area has been scanned.

  8. #18
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Steveo4571

    If the OTL fix log didn't pop up you should be able to find it here C:\_OTL\MovedFiles

    It will be a .log file with a file name made up of numbers. The numbers represent the date and time stamp the fix was ran. You will have 2 such file, please copy and paste the most recent one into your next reply.


    Are you familar with this program Zuma Deluxe?


    Let's see what other scanners think of that file.
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:


      C:\My Games\Zuma Deluxe\Zuma.exe

    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.


    Please post back with
    • OTL fix log
    • VirScan results

    Any problems with the computer?
    Member of UNITE and ASAP

  9. #19
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default OTL and Zuma Scan

    Here is the OTL scan files. The computer seems to be working ok. It's a little slow but no symptoms of what was happening before. I really appreciate the help.

    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    No active process named Program Files was found!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SelectRebates not found.
    File C:\Program Files (x86)\SelectRebates\SelectRebates.exe not found.
    ========== FILES ==========
    File\Folder C:\Program Files\SelectRebates not found.
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.11.0 log created on 09092010_173513


    and

    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    No active process named Program Files was found!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SelectRebates not found.
    File C:\Program Files (x86)\SelectRebates\SelectRebates.exe not found.
    ========== FILES ==========
    File\Folder C:\Program Files\SelectRebates not found.
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.11.0 log created on 09092010_175053


    VirSCAN.org Scanned Report :
    Scanned time : 2010/09/11 06:01:30 (MST)
    Scanner results: 14% Scanner(s) (5/36) found malware!
    File Name : Zuma.exe
    File Size : 2174980 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : a791e71d6ca24304b5e27c88f810e40f
    SHA1 : d57dacb5fec957896f5338ad57708ffa70b23906
    Online report : http://virscan.org/report/7b998e4ef5...a0f2faa18.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.0.0.19 20100910040535 2010-09-10 40.09 -
    AhnLab V3 2010.09.11.00 2010.09.11 2010-09-11 40.09 -
    AntiVir 8.2.4.50 7.10.11.128 2010-09-10 0.30 -
    Antiy 2.0.18 20100906.5080244 2010-09-06 0.02 -
    Arcavir 2009 201006281601 2010-06-28 0.00 -
    Authentium 5.1.1 201009101540 2010-09-10 1.42 -
    AVAST! 4.7.4 100911-0 2010-09-11 0.12 -
    AVG 8.5.850 271.1.1/3128 2010-09-11 0.27 -
    BitDefender 7.90123.6364019 7.33824 2010-09-11 4.65 -
    ClamAV 0.96.1 11873 2010-09-11 0.39 -
    Comodo 4.0 6037 2010-09-10 40.09 -
    CP Secure 1.3.0.5 2010.09.11 2010-09-11 0.49 Troj.GameThief.W32.Magania.dodn
    Dr.Web 5.0.2.3300 2010.09.11 2010-09-11 9.95 -
    F-Prot 4.4.4.56 20100910 2010-09-10 1.36 -
    F-Secure 7.02.73807 2010.09.11.01 2010-09-11 0.15 Trojan-GameThief.Win32.Magania.dodn [AVP]
    Fortinet 4.1.143 12.339 2010-09-10 40.09 -
    GData 21.816/21.323 20100910 2010-09-10 40.09 -
    ViRobot 20100911 2010.09.11 2010-09-11 40.09 -
    Ikarus T3. 2010.09.11.76706 2010-09-11 4.81 Trojan-GameThief.Win32.Magania
    JiangMin 13.0.900 2010.08.30 2010-08-30 40.09 -
    Kaspersky 5.5.10 2010.09.11 2010-09-11 0.07 Trojan-GameThief.Win32.Magania.dodn
    KingSoft 2009.2.5.15 2010.9.11.7 2010-09-11 40.10 -
    McAfee 5400.1158 6102 2010-09-10 19.74 -
    Microsoft 1.6103 2010.09.11 2010-09-11 40.10 -
    Norman 6.06.05 6.06.00 2010-09-11 8.01 -
    Panda 9.05.01 2010.09.09 2010-09-09 40.11 -
    Trend Micro 9.120-1004 7.456.03 2010-09-11 0.04 -
    Quick Heal 11.00 2010.09.10 2010-09-10 40.10 -
    Rising 20.0 22.64.04.03 2010-09-10 40.09 -
    Sophos 3.11.2 4.57 2010-09-11 5.46 -
    Sunbelt 3.9.2442.2 6861 2010-09-10 40.15 -
    Symantec 1.3.0.24 20100910.003 2010-09-10 0.08 -
    nProtect 20100911.01 9087649 2010-09-11 40.11 -
    The Hacker 6.5.2.1 v00370 2010-09-10 40.09 -
    VBA32 3.12.14.0 20100908.1157 2010-09-08 3.71 -
    VirusBuster 4.5.11.10 10.127.77/2035143 2010-09-10 3.80 Trojan.Patched.Y

  10. #20
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Steveo4571,

    I'm pretty sure that was a False positve in the Kaspersky scan.

    We'll clean up the tools and send you on your way.

    From your desktop, please delete, if present
    • any notepads/logs that we created
    • GMER
    • MBRCheck
    You can remove GMER from the clean computer the same way. OTL can be removed from the clean computer if it's still on it in the manner shown below.

    Next

    Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

    I suggest you keep MBAM. Keep MBAM updated and use it regularly.

    *We'll reset your restore points

    • Click on the Start button to open your Start Menu.
    • Click on the Control Panel menu option.
    • Click on the System and Maintenance menu option.
    • Click on the System menu option.
    • Click on System Protection in the left-hand task list.
    • Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.
    • Type in a title for the manual restore point and press the Create button.
    • Close the System window after you have been advised that the procedure has been successfully completed.
    • Next, go to Start > Run (it may be start > accesories > run) and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and Ok it
    This will remove all restore points except the most recent one.

    Some Recommendations and prevention tips

    Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

    It looks like you are using a McAfee suite so you should be covered with the addition of MBAM.

    You should also use Spyware Blaster to help immunize your computer.

    - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    OR

    A guide to understanding and using the hosts file.

    Learn how your Hosts file can protect you and how you can protect it.
    Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
    HOSTS

    Please read the info on disabling the DNS Client before installing a custom hosts file.

    -Secure your Internet Explorer

    From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

    - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

    - Ensure that Automatic Update is turned on so you get all the latest patches.
    Click start, control panel, click Security Center.

    - Keep your antivirus program updated, as well as any other security programs you have.

    -More tips and programs can be found HERE


    -Check this site out to check for out of date programs
    Secunia Personal Software Inspector (PSI) 1.0

    - You may also want to read this article By Tony Klein
    http://www.freedomlist.com/forum/viewtopic.php?t=22879

    We'll keep this thread open for a couple of days.

    Take care
    Member of UNITE and ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •