PDA

View Full Version : Audio Ad Malware: Please Help! Take 2



AlHanQuolo
2011-05-17, 02:33
Hey!

So I have this audio ad malware that's taken up my computer. I recently had the Windows Recovery malware on my computer and was able to get rid of it (I think I got rid of it) by running RKill and MBAM. However, the audio ads won't stop. I have installed ERUNT and backed up my registry for Windows Vista.
http://forums.spybot.info/showthread.php?t=62703

My DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 16:05:37.94 on Mon 05/16/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.416 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\msiexec.exe
C:\Users\Alan Enjetti\Downloads\avg_free_stb_all_2011_1375_cnet.exe
C:\Users\ALANEN~1\AppData\Local\Temp\7zS6A5.tmp\avgmfapx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Alan Enjetti\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Users\Alan Enjetti\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Alan Enjetti\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alan Enjetti\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/home/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\alan enjetti\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: marshall.edu\certificates
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alanen~1\appdata\roaming\mozilla\firefox\profiles\p6d2e0ti.default\
FF - prefs.js: browser.startup.homepage - www.google.com/ig (http://www.google.com/ig)
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - component: c:\users\alan enjetti\appdata\roaming\mozilla\firefox\profiles\p6d2e0ti.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\alan enjetti\appdata\roaming\mozilla\firefox\profiles\p6d2e0ti.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1868.6292\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\alan enjetti\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\alan enjetti\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\users\alan enjetti\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\alan enjetti\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Move Media Player: http://forums.spybot.info/misc.php?do=email_dev&email=bW92ZXBsYXllckBtb3ZlbmV0d29ya3MuY29t - c:\users\alan enjetti\appdata\roaming\Move Networks
FF - Ext: XULRunner: {C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A} - c:\users\alan enjetti\appdata\local\{C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-5-14 212280]
.
=============== Created Last 30 ================
.
2011-05-16 19:45:26 -------- d-----w- c:\progra~2\MFAData
2011-05-13 23:14:35 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4646a3c4-1efe-4bfd-9906-4901051d8352}\mpengine.dll
2011-05-12 18:00:39 0 ----a-w- c:\users\alanen~1\appdata\local\Ghogeciferabat.bin
2011-05-12 18:00:36 -------- d-----w- c:\users\alanen~1\appdata\local\{C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A}
2011-05-12 17:58:35 -------- d-----w- c:\progra~2\dM00000LnCkG00000
2011-05-11 22:53:10 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-28 01:22:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 01:22:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 01:21:59 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-25 06:41:35 -------- d-----w- c:\progra~2\McAfee Security Scan
2011-04-25 06:41:28 -------- d-----w- c:\program files\McAfee Security Scan
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2009-09-02 05:55:34 4523520 ----a-w- c:\program files\WDSync_v7_1_020.exe
.
============= FINISH: 16:09:03.79 ===============

Please let me know what I can do. Thank you!

ken545
2011-05-22, 00:31
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay but when you double posted your post was kind of lost


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

AlHanQuolo
2011-05-22, 09:26
So I downloaded the aswMBR program onto my desktop. I ran the program and performed the scan. Then saved the log to my desktop as aswMBR.txt.

Here is the log file:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-22 02:12:35
-----------------------------
02:12:35.418 OS Version: Windows 6.0.6002 Service Pack 2
02:12:35.418 Number of processors: 2 586 0xF0D
02:12:35.421 ComputerName: ENTERPRISE UserName:
02:15:44.467 Initialize success
02:16:03.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
02:16:03.890 Disk 0 Vendor: SAMSUNG_ LZ10 Size: 114473MB BusType: 3
02:16:03.919 Disk 0 MBR read successfully
02:16:03.923 Disk 0 MBR scan
02:16:03.927 Disk 0 unknown MBR code
02:16:03.953 Disk 0 scanning sectors +234436545
02:16:04.118 Disk 0 scanning C:\Windows\system32\drivers
02:16:35.016 Service scanning
02:16:39.519 Disk 0 trace - called modules:
02:16:39.548 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87eef1ed]<<
02:16:39.555 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8780d208]
02:16:39.561 3 CLASSPNP.SYS[89fa48b3] -> nt!IofCallDriver -> [0x8780da08]
02:16:39.568 \Driver\PCTCore[0x8681eda0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x87eef1ed
02:16:39.575 Scan finished successfully
02:18:04.492 Disk 0 MBR has been saved successfully to "C:\Users\Alan Enjetti\Desktop\MBR.dat"
02:18:04.504 The log file has been saved successfully to "C:\Users\Alan Enjetti\Desktop\aswMBR.txt"

Thanks!

ken545
2011-05-22, 13:32
Lets do this

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

AlHanQuolo
2011-05-24, 03:06
Hey!

So I downloaded the program from the link that you provided. I downloaded it to my desktop. Then I extracted the program onto my desktop and double-clicked on it. The "User Account Control" came up asking if I want to authorize this program to make changes to my computer. I clicked "Continue". After that, nothing happened.

Nothing looked different, and nothing changed. I tried this numerous times, extracting the file into different areas and turning off Windows Defender, but to no avail.

What do you think is my next step?

Thanks again for all the help. This is really awesome what you guys are doing.

ken545
2011-05-24, 03:51
Your running Vista, I should have pointed out that you need to right click on the program and select RUN AS ADMINISTRATOR


If it wont run then do this

Re-Run aswMBR

Click Scan

On completion of the scan

Click Fix

http://public.avast.com/~gmerek/aswMBR3.png



Save the log as before and post in your next reply

AlHanQuolo
2011-05-24, 04:05
Hey!

Upon completion of the aswMBR scan, "Fix" is not a highlighted option that I can choose. Only "FixMBR". Not sure what the difference is, but I don't want to press anything I'm not supposed to.

As far as running TDSSKiller using the "Run as Administrator" option, I had tried that earlier and just failed to mention it in my previous response.

I have saved a logfile to the desktop known as aswMBR2.txt:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-23 20:57:14
-----------------------------
20:57:14.936 OS Version: Windows 6.0.6002 Service Pack 2
20:57:14.936 Number of processors: 2 586 0xF0D
20:57:14.936 ComputerName: ENTERPRISE UserName:
20:57:46.713 Initialize success
20:57:52.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:57:52.095 Disk 0 Vendor: SAMSUNG_ LZ10 Size: 114473MB BusType: 3
20:57:52.111 Disk 0 MBR read successfully
20:57:52.126 Disk 0 MBR scan
20:57:52.126 Disk 0 unknown MBR code
20:57:52.126 Disk 0 scanning sectors +234436545
20:57:52.173 Disk 0 scanning C:\Windows\system32\drivers
20:58:05.199 Service scanning
20:58:07.617 Disk 0 trace - called modules:
20:58:07.633 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87e8e1ed]<<
20:58:07.633 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877ec640]
20:58:07.648 3 CLASSPNP.SYS[89da28b3] -> nt!IofCallDriver -> [0x877ece40]
20:58:07.648 \Driver\PCTCore[0x85e78de8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x87e8e1ed
20:58:07.664 Scan finished successfully
20:59:44.837 Disk 0 MBR has been saved successfully to "C:\Users\Alan Enjetti\Desktop\MBR.dat"
20:59:44.853 The log file has been saved successfully to "C:\Users\Alan Enjetti\Desktop\aswMBR2.txt"


What else do you think I should do?

ken545
2011-05-24, 04:26
Lets do this

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

AlHanQuolo
2011-05-24, 17:42
Hey!

So I downloaded Combofix.exe. Saved it to my desktop as Combo-Fix. I tried to disable all and any Anti-Virus and Anti-Spyware programs, but a notice came stating that one of my programs, Spyware Doctor, was still running, so I uninstalled the program before proceeding.

ComboFix continued to scan and then recognized a rootkit and so prompted me to reboot the computer. As soon as the computer was up and running, ComboFix continued and subsequently produced this log:

ComboFix 11-05-23.02 - Alan Enjetti 05/23/2011 22:44:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1159 [GMT -4:00]
Running from: c:\users\Alan Enjetti\Desktop\Combo-Fix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dM00000LnCkG00000
c:\programdata\dM00000LnCkG00000\dM00000LnCkG00000.exe
c:\users\Alan Enjetti\2gweorjqjutp92vjy9gake
c:\users\Alan Enjetti\AppData\Local\{C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A}
c:\users\Alan Enjetti\AppData\Local\{C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A}\chrome.manifest
c:\users\Alan Enjetti\AppData\Local\{C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A}\chrome\content\_cfg.js
c:\users\Alan Enjetti\AppData\Local\{C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A}\chrome\content\overlay.xul
c:\users\Alan Enjetti\AppData\Local\{C68CFBD4-AC54-4BD2-A1FE-8B7065C6518A}\install.rdf
c:\users\Alan Enjetti\AppData\Roaming\Adobe\plugs
c:\users\Alan Enjetti\AppData\Roaming\Adobe\plugs\mmc1246149028.txt
c:\users\Alan Enjetti\AppData\Roaming\Adobe\shed
c:\users\Alan Enjetti\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-24 03:03 . 2011-05-24 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-24 03:03 . 2011-05-24 03:03 -------- d-----w- c:\users\Alan Enjetti\AppData\Local\temp
2011-05-22 06:20 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F21F167B-85F8-45AC-94B6-22F0057B6CD3}\mpengine.dll
2011-05-16 20:33 . 2011-05-16 20:33 -------- d-----w- c:\program files\ERUNT
2011-05-16 19:45 . 2011-05-16 19:46 -------- d-----w- c:\programdata\MFAData
2011-05-12 18:00 . 2011-05-16 01:09 0 ----a-w- c:\users\Alan Enjetti\AppData\Local\Ghogeciferabat.bin
2011-05-11 22:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-28 01:22 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 01:22 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 01:21 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-25 06:42 . 2011-04-25 06:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-04-25 06:41 . 2011-04-25 06:41 -------- d-----w- c:\programdata\McAfee
2011-04-25 06:41 . 2011-04-25 06:41 -------- d-----w- c:\programdata\McAfee Security Scan
2011-04-25 06:41 . 2011-05-22 06:17 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 17:03 . 2011-04-14 19:53 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 19:53 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 19:53 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 01:22 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 01:22 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 01:22 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 01:22 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-14 19:53 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 19:53 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-09-02 05:55 . 2009-09-02 05:55 4523520 ----a-w- c:\program files\WDSync_v7_1_020.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-13 431752]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
.
c:\users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.4.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Alan Enjetti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YPOPs.lnk]
path=c:\users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YPOPs.lnk
backup=c:\windows\pss\YPOPs.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-25 20:04 136176 ----atw- c:\users\Alan Enjetti\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 14:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-10 04:36]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 04:39]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 04:39]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64966766-1111203853-3712960101-1000Core.job
- c:\users\Alan Enjetti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 20:04]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64966766-1111203853-3712960101-1000UA.job
- c:\users\Alan Enjetti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/home/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Trusted Zone: marshall.edu\certificates
FF - ProfilePath - c:\users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\
FF - prefs.js: browser.startup.homepage - www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Alan Enjetti\AppData\Roaming\Move Networks
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-mukixtvq - c:\users\Alan Enjetti\AppData\Local\bolsinwfu\jygqxopshdw.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-23 23:13:08
ComboFix-quarantined-files.txt 2011-05-24 03:13
.
Pre-Run: 11,228,160,000 bytes free
Post-Run: 11,829,276,672 bytes free
.
- - End Of File - - B92CFCBC2F94EC0B2951FBD5B437BD8F

I wasn't sure if you wanted me to zip the ComboFix txt file or not, but I did since that's what we've been doing with all other files. Internet was restored on my computer once ComboFix was finished.

What's the next step?

ken545
2011-05-24, 19:45
You can just copy and paste the reports into the thread, its easier for me to analyze.

I am looking at Markers in your log for both McAfee and Symantec AV, have you tried uninstalling them at one time ?

While I am looking over your Combofix log, run these scans and post the logs

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please




Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

AlHanQuolo
2011-05-25, 17:41
Hey!

So I finished the MBAM and ESET scans following all the directions mentioned above. I have both logs, but the ESET log does not seem to show any evidence of the files quarantined and removed.

MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6668

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/24/2011 9:12:08 PM
mbam-log-2011-05-24 (21-12-08).txt

Scan type: Quick scan
Objects scanned: 157097
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\alan enjetti\downloads\rkill.com (Trojan.BankerBot.Gen) -> Quarantined and deleted successfully.



ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK


Again, don't know why the ESET log is so empty. But this was the only file I found that was labeled log.txt under the ESET folder.

What's the next step?

ken545
2011-05-25, 19:17
Looks like ESET didnt find anything

How are things running now ?

AlHanQuolo
2011-05-26, 00:06
Hey,

So I'm positive ESET found some threats because I have a bunch of quarantined files in a folder marked quarantined. I also woke up this morning to find the ESET scan completed and 8 threats found. However, my computer rebooted shortly after. Still no log was found.

As far as symptoms, I have not observed any since the MBAM scan. So it seems like clear skies for now.

I had one more question. I wanted to uninstall my McAfee and Norton's and install a solid Antivirus and Anti-Malware Software with continuous scanning, but I did not know which one to go for. What do you recommend? Can I get updates for free or will I have to pay? Basically, how do I prevent this from happening again?

Thanks again for your help. I am really in your debt and am amazed that there is a kind of volunteer workforce that help people like this over the internet. It really is great.

ken545
2011-05-26, 01:47
Well , we had ESET set to not remove threats so dont know if there false positives or have to be removed.

When where done I will show you how to remove both McAfee and Norton and you may try giving Microsoft Security Essentials a shot
http://www.microsoft.com/security/pc-security/mse.aspx


Run this other online scanner just to be sure


Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) or from Here. (http://www.kaspersky.com/virusscanner)

Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.


Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.



http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

AlHanQuolo
2011-05-26, 18:28
Hey!

So I tried running the Kaspersky Online Scanner from the first link you provided. However, I was unable to proceed through the "Database Update portion of the program. I received a prompt saying:

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]

I went to Kaspersky Lab and did not find an online scanner comparable to one from the first link. All Anti-virus tools were programs that had to be downloaded for free trials.

As far as my internet connection, it has been consistent and uninterrupted, so I am not sure what to do regarding this Kaspersky Scan.

What do you think I should do next?

ken545
2011-05-26, 19:11
These on line virus scanners can be a problem to run sometimes, lets run this scan instead

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

AlHanQuolo
2011-05-27, 01:29
Hey!

The OTL scan was successful and I ran it with all the necessary specifications you had mentioned above. Both txt files appeared soon after.

Here is the OTL.txt file:

OTL logfile created on: 5/26/2011 1:30:40 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alan Enjetti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.45% Memory free
4.22 Gb Paging File | 2.73 Gb Available in Paging File | 64.69% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.51 Gb Total Space | 11.09 Gb Free Space | 10.71% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ENTERPRISE | User Name: Alan Enjetti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alan Enjetti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Alan Enjetti\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\mcuicnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Alan Enjetti\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVENG.SYS (Symantec Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/home/
IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/03/11 02:41:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 15:09:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 15:09:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 20:27:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/04/25 02:45:49 | 000,000,000 | ---D | M]

[2009/07/14 17:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Extensions
[2011/05/25 10:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions
[2011/01/15 16:55:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/20 20:31:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/11 02:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions\browserhighlighter@ebay.com
[2011/05/24 10:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 15:38:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/30 16:43:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/10 02:15:46 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\ALAN ENJETTI\APPDATA\ROAMING\MOVE NETWORKS
[2009/07/12 19:15:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/23 23:04:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - Startup: C:\Users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\..Trusted Domains: marshall.edu ([certificates] https in Trusted sites)
O15 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alan Enjetti\Pictures\SRv9s.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alan Enjetti\Pictures\SRv9s.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 08:10:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 13:27:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Alan Enjetti\Desktop\OTL.exe
[2011/05/26 11:08:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/24 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/24 21:04:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/23 23:13:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/23 23:13:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/23 23:13:20 | 000,000,000 | ---D | C] -- C:\Users\Alan Enjetti\AppData\Local\temp
[2011/05/23 22:41:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/23 22:41:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/23 22:41:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/23 22:16:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/23 22:10:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/22 15:10:30 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan Enjetti\Desktop\TDSSKiller.exe
[2011/05/22 02:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/05/22 02:11:31 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Alan Enjetti\Desktop\aswMBR.exe
[2011/05/16 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/16 16:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/16 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/16 15:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/27 21:22:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 21:22:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 21:21:59 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[1 C:\Users\Alan Enjetti\Documents\*.tmp files -> C:\Users\Alan Enjetti\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 13:34:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 13:27:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alan Enjetti\Desktop\OTL.exe
[2011/05/26 13:26:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-64966766-1111203853-3712960101-1000UA.job
[2011/05/26 13:25:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/26 12:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-64966766-1111203853-3712960101-1000Core.job
[2011/05/26 01:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 01:26:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/26 01:25:35 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 01:25:34 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 10:40:30 | 000,000,597 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\mbam-log-2011-05-24 (21-12-08).zip
[2011/05/25 10:39:55 | 000,000,188 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\log.zip
[2011/05/25 10:20:22 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/25 10:20:22 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/25 10:15:41 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 10:15:37 | 296,880,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/24 21:04:39 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 10:38:48 | 000,004,917 | ---- | M] () -- C:\ComboFix.zip
[2011/05/23 23:04:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/23 22:07:21 | 004,353,961 | R--- | M] () -- C:\Users\Alan Enjetti\Desktop\Combo-Fix.exe
[2011/05/23 21:03:53 | 000,000,795 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\aswMBR2.zip
[2011/05/23 20:59:44 | 000,000,512 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\MBR.dat
[2011/05/23 19:44:56 | 001,280,208 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\tdsskiller.zip
[2011/05/22 02:22:27 | 000,000,804 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\aswMBR.zip
[2011/05/22 02:17:38 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/05/22 02:17:38 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/22 02:11:58 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Alan Enjetti\Desktop\aswMBR.exe
[2011/05/16 19:27:39 | 000,004,588 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\Attach.zip
[2011/05/16 16:33:30 | 000,000,913 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 16:33:25 | 000,000,714 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\ERUNT.lnk
[2011/05/16 15:27:19 | 000,625,664 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\dds.com
[2011/05/16 15:14:08 | 000,001,682 | ---- | M] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/15 22:53:55 | 000,502,095 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\unhide.exe
[2011/05/15 22:36:46 | 001,006,778 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\iExplore.exe
[2011/05/15 21:12:07 | 000,000,144 | ---- | M] () -- C:\ProgramData\~37674744r
[2011/05/15 21:12:07 | 000,000,120 | ---- | M] () -- C:\ProgramData\~37674744
[2011/05/15 21:09:48 | 000,000,120 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\Agivav.dat
[2011/05/15 21:09:48 | 000,000,000 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\Ghogeciferabat.bin
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan Enjetti\Desktop\TDSSKiller.exe
[2011/05/12 22:05:52 | 000,001,356 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\d3d9caps.dat
[2011/05/12 14:19:30 | 000,001,742 | ---- | M] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/12 14:08:46 | 000,000,344 | ---- | M] () -- C:\ProgramData\37674744
[2011/05/11 17:47:40 | 000,051,874 | ---- | M] () -- C:\Users\Alan Enjetti\Documents\AMCAS completed.pdf
[2011/04/27 18:16:04 | 000,178,688 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Alan Enjetti\Documents\*.tmp files -> C:\Users\Alan Enjetti\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 10:40:30 | 000,000,597 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\mbam-log-2011-05-24 (21-12-08).zip
[2011/05/25 10:39:55 | 000,000,188 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\log.zip
[2011/05/24 21:04:39 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 10:38:48 | 000,004,917 | ---- | C] () -- C:\ComboFix.zip
[2011/05/23 22:41:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/23 22:41:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/23 22:41:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/23 22:41:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/23 22:41:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/23 22:07:12 | 004,353,961 | R--- | C] () -- C:\Users\Alan Enjetti\Desktop\Combo-Fix.exe
[2011/05/23 21:03:53 | 000,000,795 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\aswMBR2.zip
[2011/05/23 19:44:42 | 001,280,208 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\tdsskiller.zip
[2011/05/22 02:22:27 | 000,000,804 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\aswMBR.zip
[2011/05/22 02:18:04 | 000,000,512 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\MBR.dat
[2011/05/22 02:17:38 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/05/16 19:27:38 | 000,004,588 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\Attach.zip
[2011/05/16 16:33:29 | 000,000,913 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 16:33:25 | 000,000,714 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\ERUNT.lnk
[2011/05/16 15:27:06 | 000,625,664 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\dds.com
[2011/05/16 15:14:08 | 000,001,682 | ---- | C] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/16 14:45:30 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/15 22:53:43 | 000,502,095 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\unhide.exe
[2011/05/15 21:17:19 | 001,006,778 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\iExplore.exe
[2011/05/12 14:19:30 | 000,001,742 | ---- | C] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/12 14:08:59 | 000,000,144 | ---- | C] () -- C:\ProgramData\~37674744r
[2011/05/12 14:08:58 | 000,000,120 | ---- | C] () -- C:\ProgramData\~37674744
[2011/05/12 14:08:45 | 000,000,344 | ---- | C] () -- C:\ProgramData\37674744
[2011/05/12 14:00:39 | 000,000,120 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\Agivav.dat
[2011/05/12 14:00:39 | 000,000,000 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\Ghogeciferabat.bin
[2011/05/11 17:47:36 | 000,051,874 | ---- | C] () -- C:\Users\Alan Enjetti\Documents\AMCAS completed.pdf
[2010/11/23 17:50:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/04 22:36:32 | 000,134,162 | ---- | C] () -- C:\Windows\hpwins10.dat
[2010/04/04 22:36:02 | 000,010,385 | ---- | C] () -- C:\Windows\hpwscr10.dat
[2010/04/04 22:36:02 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2010/03/28 15:46:53 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2010/03/28 15:45:37 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/03/28 15:44:55 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/03/28 15:44:55 | 000,020,486 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010/03/28 15:44:55 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/03/28 15:44:55 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2009/10/19 02:59:57 | 000,001,356 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\d3d9caps.dat
[2009/09/02 01:55:33 | 004,523,520 | ---- | C] () -- C:\Program Files\WDSync_v7_1_020.exe
[2009/08/24 03:15:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/24 03:15:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/11 16:42:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 16:13:50 | 000,000,000 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Roaming\wklnhst.dat
[2009/07/14 03:02:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/12 18:31:36 | 000,178,688 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 02:31:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/22 00:59:26 | 000,025,312 | ---- | C] () -- C:\Windows\System32\DivXVfWCodec.dll
[2008/12/22 00:59:24 | 000,025,312 | ---- | C] () -- C:\Windows\System32\SamsungVfWCodec.dll
[2008/12/22 00:59:08 | 000,447,200 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/12/22 00:52:02 | 000,066,272 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2008/02/13 11:46:48 | 004,523,520 | ---- | C] () -- C:\Windows\System32\WDSync_v7_1_020.exe
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 21:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/10 21:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/10 21:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/05/14 08:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/14 08:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/14 07:58:55 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/14 05:33:25 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/14 05:33:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,352,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/01/17 03:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[1999/10/26 12:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT

========== LOP Check ==========

[2010/08/11 00:21:49 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Amazon
[2010/03/15 01:30:56 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Fantasy Grounds II
[2009/07/14 16:14:09 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Template
[2009/08/11 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Thunderbird
[2011/04/15 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\uTorrent
[2011/05/24 21:13:23 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >



I will include the Extras.txt file in the following post. Thanks!

AlHanQuolo
2011-05-27, 01:32
Hey!

Here's the extras.txt file that was produced by the OTL Scan:

OTL logfile created on: 5/26/2011 1:30:40 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alan Enjetti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.45% Memory free
4.22 Gb Paging File | 2.73 Gb Available in Paging File | 64.69% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.51 Gb Total Space | 11.09 Gb Free Space | 10.71% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ENTERPRISE | User Name: Alan Enjetti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alan Enjetti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Alan Enjetti\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\mcuicnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Alan Enjetti\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVENG.SYS (Symantec Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/home/
IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/03/11 02:41:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 15:09:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 15:09:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 20:27:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/04/25 02:45:49 | 000,000,000 | ---D | M]

[2009/07/14 17:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Extensions
[2011/05/25 10:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions
[2011/01/15 16:55:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/20 20:31:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/11 02:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan Enjetti\AppData\Roaming\Mozilla\Firefox\Profiles\p6d2e0ti.default\extensions\browserhighlighter@ebay.com
[2011/05/24 10:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 15:38:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/30 16:43:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/10 02:15:46 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\ALAN ENJETTI\APPDATA\ROAMING\MOVE NETWORKS
[2009/07/12 19:15:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/23 23:04:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - Startup: C:\Users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\..Trusted Domains: marshall.edu ([certificates] https in Trusted sites)
O15 - HKU\S-1-5-21-64966766-1111203853-3712960101-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alan Enjetti\Pictures\SRv9s.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alan Enjetti\Pictures\SRv9s.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 08:10:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 13:27:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Alan Enjetti\Desktop\OTL.exe
[2011/05/26 11:08:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/24 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/24 21:04:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/23 23:13:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/23 23:13:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/23 23:13:20 | 000,000,000 | ---D | C] -- C:\Users\Alan Enjetti\AppData\Local\temp
[2011/05/23 22:41:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/23 22:41:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/23 22:41:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/23 22:16:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/23 22:10:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/22 15:10:30 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan Enjetti\Desktop\TDSSKiller.exe
[2011/05/22 02:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/05/22 02:11:31 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Alan Enjetti\Desktop\aswMBR.exe
[2011/05/16 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/16 16:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/16 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/16 15:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/27 21:22:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 21:22:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 21:21:59 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[1 C:\Users\Alan Enjetti\Documents\*.tmp files -> C:\Users\Alan Enjetti\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 13:34:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 13:27:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alan Enjetti\Desktop\OTL.exe
[2011/05/26 13:26:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-64966766-1111203853-3712960101-1000UA.job
[2011/05/26 13:25:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/26 12:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-64966766-1111203853-3712960101-1000Core.job
[2011/05/26 01:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 01:26:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/26 01:25:35 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 01:25:34 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 10:40:30 | 000,000,597 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\mbam-log-2011-05-24 (21-12-08).zip
[2011/05/25 10:39:55 | 000,000,188 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\log.zip
[2011/05/25 10:20:22 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/25 10:20:22 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/25 10:15:41 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 10:15:37 | 296,880,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/24 21:04:39 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 10:38:48 | 000,004,917 | ---- | M] () -- C:\ComboFix.zip
[2011/05/23 23:04:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/23 22:07:21 | 004,353,961 | R--- | M] () -- C:\Users\Alan Enjetti\Desktop\Combo-Fix.exe
[2011/05/23 21:03:53 | 000,000,795 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\aswMBR2.zip
[2011/05/23 20:59:44 | 000,000,512 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\MBR.dat
[2011/05/23 19:44:56 | 001,280,208 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\tdsskiller.zip
[2011/05/22 02:22:27 | 000,000,804 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\aswMBR.zip
[2011/05/22 02:17:38 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/05/22 02:17:38 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/22 02:11:58 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Alan Enjetti\Desktop\aswMBR.exe
[2011/05/16 19:27:39 | 000,004,588 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\Attach.zip
[2011/05/16 16:33:30 | 000,000,913 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 16:33:25 | 000,000,714 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\ERUNT.lnk
[2011/05/16 15:27:19 | 000,625,664 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\dds.com
[2011/05/16 15:14:08 | 000,001,682 | ---- | M] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/15 22:53:55 | 000,502,095 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\unhide.exe
[2011/05/15 22:36:46 | 001,006,778 | ---- | M] () -- C:\Users\Alan Enjetti\Desktop\iExplore.exe
[2011/05/15 21:12:07 | 000,000,144 | ---- | M] () -- C:\ProgramData\~37674744r
[2011/05/15 21:12:07 | 000,000,120 | ---- | M] () -- C:\ProgramData\~37674744
[2011/05/15 21:09:48 | 000,000,120 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\Agivav.dat
[2011/05/15 21:09:48 | 000,000,000 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\Ghogeciferabat.bin
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan Enjetti\Desktop\TDSSKiller.exe
[2011/05/12 22:05:52 | 000,001,356 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\d3d9caps.dat
[2011/05/12 14:19:30 | 000,001,742 | ---- | M] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/12 14:08:46 | 000,000,344 | ---- | M] () -- C:\ProgramData\37674744
[2011/05/11 17:47:40 | 000,051,874 | ---- | M] () -- C:\Users\Alan Enjetti\Documents\AMCAS completed.pdf
[2011/04/27 18:16:04 | 000,178,688 | ---- | M] () -- C:\Users\Alan Enjetti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Alan Enjetti\Documents\*.tmp files -> C:\Users\Alan Enjetti\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 10:40:30 | 000,000,597 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\mbam-log-2011-05-24 (21-12-08).zip
[2011/05/25 10:39:55 | 000,000,188 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\log.zip
[2011/05/24 21:04:39 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 10:38:48 | 000,004,917 | ---- | C] () -- C:\ComboFix.zip
[2011/05/23 22:41:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/23 22:41:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/23 22:41:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/23 22:41:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/23 22:41:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/23 22:07:12 | 004,353,961 | R--- | C] () -- C:\Users\Alan Enjetti\Desktop\Combo-Fix.exe
[2011/05/23 21:03:53 | 000,000,795 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\aswMBR2.zip
[2011/05/23 19:44:42 | 001,280,208 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\tdsskiller.zip
[2011/05/22 02:22:27 | 000,000,804 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\aswMBR.zip
[2011/05/22 02:18:04 | 000,000,512 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\MBR.dat
[2011/05/22 02:17:38 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/05/16 19:27:38 | 000,004,588 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\Attach.zip
[2011/05/16 16:33:29 | 000,000,913 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 16:33:25 | 000,000,714 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\ERUNT.lnk
[2011/05/16 15:27:06 | 000,625,664 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\dds.com
[2011/05/16 15:14:08 | 000,001,682 | ---- | C] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/16 14:45:30 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/15 22:53:43 | 000,502,095 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\unhide.exe
[2011/05/15 21:17:19 | 001,006,778 | ---- | C] () -- C:\Users\Alan Enjetti\Desktop\iExplore.exe
[2011/05/12 14:19:30 | 000,001,742 | ---- | C] () -- C:\Users\Alan Enjetti\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/12 14:08:59 | 000,000,144 | ---- | C] () -- C:\ProgramData\~37674744r
[2011/05/12 14:08:58 | 000,000,120 | ---- | C] () -- C:\ProgramData\~37674744
[2011/05/12 14:08:45 | 000,000,344 | ---- | C] () -- C:\ProgramData\37674744
[2011/05/12 14:00:39 | 000,000,120 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\Agivav.dat
[2011/05/12 14:00:39 | 000,000,000 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\Ghogeciferabat.bin
[2011/05/11 17:47:36 | 000,051,874 | ---- | C] () -- C:\Users\Alan Enjetti\Documents\AMCAS completed.pdf
[2010/11/23 17:50:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/04 22:36:32 | 000,134,162 | ---- | C] () -- C:\Windows\hpwins10.dat
[2010/04/04 22:36:02 | 000,010,385 | ---- | C] () -- C:\Windows\hpwscr10.dat
[2010/04/04 22:36:02 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2010/03/28 15:46:53 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2010/03/28 15:45:37 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/03/28 15:44:55 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/03/28 15:44:55 | 000,020,486 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010/03/28 15:44:55 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/03/28 15:44:55 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2009/10/19 02:59:57 | 000,001,356 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\d3d9caps.dat
[2009/09/02 01:55:33 | 004,523,520 | ---- | C] () -- C:\Program Files\WDSync_v7_1_020.exe
[2009/08/24 03:15:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/24 03:15:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/11 16:42:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 16:13:50 | 000,000,000 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Roaming\wklnhst.dat
[2009/07/14 03:02:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/12 18:31:36 | 000,178,688 | ---- | C] () -- C:\Users\Alan Enjetti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 02:31:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/22 00:59:26 | 000,025,312 | ---- | C] () -- C:\Windows\System32\DivXVfWCodec.dll
[2008/12/22 00:59:24 | 000,025,312 | ---- | C] () -- C:\Windows\System32\SamsungVfWCodec.dll
[2008/12/22 00:59:08 | 000,447,200 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/12/22 00:52:02 | 000,066,272 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2008/02/13 11:46:48 | 004,523,520 | ---- | C] () -- C:\Windows\System32\WDSync_v7_1_020.exe
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 21:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/10 21:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/10 21:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/05/14 08:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/14 08:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/14 07:58:55 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/14 05:33:25 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/14 05:33:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,352,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/01/17 03:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[1999/10/26 12:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT

========== LOP Check ==========

[2010/08/11 00:21:49 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Amazon
[2010/03/15 01:30:56 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Fantasy Grounds II
[2009/07/14 16:14:09 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Template
[2009/08/11 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\Thunderbird
[2011/04/15 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\Alan Enjetti\AppData\Roaming\uTorrent
[2011/05/24 21:13:23 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


So these are the files! What's the next step?

ken545
2011-05-27, 01:57
I am looking at markers in your log for both Symantec and McAfee, you cant have both, one needs to be uninstalled. You need to have just one AV, keep it updated and run regular scans. More than one is overkill and can severely hamper system perfomance, let me know what you want to do

AlHanQuolo
2011-05-27, 18:32
Hey!

Thanks again for all of your help. So, I was thinking about uninstalling both and either installing avast or AVG. Not both, obviously. I wanted your recommendation on the best anti-spyware or anti-virus software to download. I am happy with MBAM and have had it for awhile now, but I don't know if that's the only thing I should have or if I should download something more.

I'd prefer a program that doesn't interfere with the daily use of my computer and that won't make me close all my programs and reboot computer all the time. Free is also something that I'd prefer.

What is your take on all this?

ken545
2011-05-27, 20:23
Lets try this. First you have to completely remove McAfee and Symantec, if you have not done so already, remove via Programs and Features in the Control Panel. Then run there removal tool that will remove all traces of those programs from your system

Norton Removal Tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Mcafee Removal Tool
http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
http://service.mcafee.com/FAQDocument.aspx?id=TS100507


Microsoft has a free program that I have heard good things about, give it a try and if you dont like it than uninstall it, its a free program

http://www.microsoft.com/en-us/security_essentials/default.aspx



If you dont want to try it than I would pick Avast over AVG


Malwarebytes is the free version, you can upgrade to the Pro version very reasonably, the Pro version includes a protection moduale that will block and warn you if you stray into a bad site. I have it on 3 of my systems


Post back when your done and let me know how its going

AlHanQuolo
2011-05-30, 06:53
Hey!

Sorry for the late reply. So I removed McAfee and Norton's from my computer using Programs and Features and then downloading their respective removal tools and running them.

I decided to take your advice and go with Avast over AVG. I checked out Microsoft Essentials but I had more confidence in Avast from hearing about it from others. After downloading, I immediately updated the database. So far I am very happy with it, but I guess it really depends on whether I experience another malware situation or not and how it responds to it.

I tried to upgrade MBAM to the "Pro" version, but I think it costs and I'll have to wait until I can afford to pay for it before I get it. It'll definitely be something I will consider though.

Aside from that I don't have many other problems aside from the sluggishness of my computer. If you have any tips for that it would be greatly appreciated, but I've probably exhausted your help already. Thank you again for all your advice to help me and everyone else on the forum.

Please let me know if there is anything else that you need?

ken545
2011-05-30, 12:55
Hi,

Not a problem with questions, thats why where here.

Combofix replaced a corrupted file that was infected and had to do with your computer booting up. Try this, drag TDSSKiller to the trash and lets get a new copy and run it, with what CF fixed it may run now


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)





If it still gives you problems try running it in safemode
To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

ken545
2011-06-04, 23:31
Still with us ?