Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: Virus? XP Security, ping.exe, redirects

  1. 2011-12-27, 19:38 #21
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi irving52,

    Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
    ----------

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services

:OTL
[2011/06/09 19:51:53 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 21:42:08 | 000,014,750 | -HS- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[2011/12/12 21:42:08 | 000,014,750 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/11/12 10:43:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)
[2011/03/31 15:06:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com

:Files
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" =-

:Commands
[purity]
[resethosts]
[clearallrestorepoints]
[emptyflash]
[emptyjava]
[emptytemp]
[start explorer]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    ----------

    In your next reply please post the logs that are created by OTL and also let me know how your system is running.
  2. 2011-12-27, 20:44 #22
    irving52
    irving52 is offline
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    OTL fix log. Then the OTL scan log. My computer is running fine. I monitor the Task Manager and there aren't any processes running amok like before - mainly ping.exe and svchost.exe. It there some reason I have svchost.exe EIGHT times in my processes? 3 times as SYSTEM, 3 times as LOCAL SERVICE, and 2 times as NETWORK SERVICE. My router is connected to a wireless unit for another user. Just wondering.
    Anyway, here are the logs. THANKS again!!

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
    C:\Documents and Settings\OWNER\Local Settings\Application Data\wuhbph4v0vae7wml0lsb4w120x8j moved successfully.
    C:\Documents and Settings\All Users\Application Data\wuhbph4v0vae7wml0lsb4w120x8j moved successfully.
    C:\WINDOWS\003004_.tmp deleted successfully.
    C:\WINDOWS\SET2D.tmp deleted successfully.
    C:\WINDOWS\SET2E.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\searchplugin(2) folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\modules(2) folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\META-INF(2) folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\defaults(2) folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\components(2) folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\chrome(2) folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2) folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\META-INF folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\lib folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\defaults folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\components folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\chrome folder moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\OWNER\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\OWNER\Desktop\cmd.txt deleted successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore points cleared and new OTL Restore Point set!

    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 56468 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 20988 bytes

    User: OWNER
    ->Flash cache emptied: 57341 bytes

    User: USER

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 5287 bytes

    User: OWNER
    ->Java cache emptied: 57182 bytes

    User: USER

    Total Java Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 4024 bytes
    ->Temporary Internet Files folder emptied: 9437318 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: OWNER
    ->Temp folder emptied: 15685133 bytes
    ->Temporary Internet Files folder emptied: 8147504 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 133433212 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: USER

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 284573 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 6127027 bytes

    Total Files Cleaned = 165.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12272011_111906

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    OTL logfile created on: 12/27/2011 11:27:13 AM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\OWNER\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 65.32% Memory free
    3.34 Gb Paging File | 2.94 Gb Available in Paging File | 87.84% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 242.65 Gb Free Space | 52.10% Space Free | Partition Type: NTFS
    Drive F: | 232.88 Gb Total Space | 1.45 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

    Computer Name: USER-D9DC4BD2AF | User Name: OWNER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\OWNER\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
    PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
    PRC - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
    PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Webroot\Washer\Languages\English.dll ()
    MOD - C:\Program Files\Webroot\Washer\sqlite3.dll ()
    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll ()
    MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
    SRV - (ADVService) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
    SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (MpKsl2461894e) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C94311ED-7F9C-491F-B51E-0F1CAAAFC9D3}\MpKsl2461894e.sys (Microsoft Corporation)
    DRV - (MpKsl520665a0) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C94311ED-7F9C-491F-B51E-0F1CAAAFC9D3}\MpKsl520665a0.sys (Microsoft Corporation)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (ISODisk) -- C:\WINDOWS\System32\drivers\ISODisk.sys ()
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 AF D7 BA 4D C4 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.cruzio.com/"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0b1\extensions\\Components: C:\Program Files\Mozilla Thunderbird 5.0 Beta 1\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0b1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 5.0 Beta 1\plugins

    [2011/06/09 10:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
    [2011/12/27 11:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions
    [2010/12/08 17:54:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/26 19:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/26 19:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F4Q8CX6V.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    [2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/09 13:36:44 | 000,001,920 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
    [2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/12/27 11:19:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1307578475531 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E94C2FB-09D7-48F4-A6A9-6547B6972D13}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/08 14:45:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/27 11:19:06 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/12/26 20:51:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
    [2011/12/26 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/12/26 19:04:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/12/26 19:04:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/12/26 19:04:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/12/26 13:14:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/12/26 07:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/12/25 09:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\Virus Work
    [2011/12/23 17:24:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/23 17:22:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/23 17:22:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/23 17:22:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/23 17:22:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/23 17:11:31 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
    [2011/12/18 16:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
    [2011/12/18 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
    [2011/12/18 16:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2011/12/18 09:10:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\Administrative Tools
    [2011/12/14 20:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/14 20:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/12/14 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/12/14 16:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\MW123
    [2011/12/13 09:11:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\OWNER\Recent
    [2011/12/12 23:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/12 23:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/12 23:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/07/02 10:17:02 | 002,400,568 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HousecallLauncher64.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/12/27 11:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc427b1e9a082e.job
    [2011/12/27 11:26:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/12/27 11:21:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc427b1e60cf5e.job
    [2011/12/27 11:21:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/27 11:19:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/12/27 11:13:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\NTREGOPT.lnk
    [2011/12/27 11:13:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\ERUNT.lnk
    [2011/12/26 20:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
    [2011/12/26 17:17:32 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
    [2011/12/26 07:48:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/12/23 17:24:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/12/23 17:18:28 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
    [2011/12/21 20:09:16 | 000,252,970 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
    [2011/12/21 20:09:15 | 000,194,749 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
    [2011/12/19 08:59:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/18 16:37:39 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\OWNER\.recently-used.xbel
    [2011/12/18 16:35:41 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
    [2011/12/18 09:29:43 | 000,017,704 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\Letter to Maria.odt
    [2011/12/16 16:40:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/14 16:27:36 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/08 08:49:14 | 000,000,032 | ---- | M] () -- C:\cookies.dom
    [2011/12/05 10:45:53 | 048,922,159 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\SYDemo_HOUR.mp3
    [2011/11/30 19:55:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/11/30 09:53:06 | 032,519,421 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\5ChinaRide5.mp3

    ========== Files Created - No Company Name ==========

    [2011/12/27 11:13:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\NTREGOPT.lnk
    [2011/12/27 11:13:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\ERUNT.lnk
    [2011/12/23 17:24:22 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/12/23 17:24:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/23 17:22:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/23 17:22:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/23 17:22:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/23 17:22:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/23 17:22:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/23 17:18:28 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
    [2011/12/18 16:37:39 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\OWNER\.recently-used.xbel
    [2011/12/18 16:35:41 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
    [2011/12/12 23:45:48 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/08 08:44:55 | 000,000,032 | ---- | C] () -- C:\cookies.dom
    [2011/12/05 10:45:49 | 048,922,159 | ---- | C] () -- C:\Documents and Settings\OWNER\My Documents\SYDemo_HOUR.mp3
    [2011/11/30 09:53:04 | 032,519,421 | ---- | C] () -- C:\Documents and Settings\OWNER\My Documents\5ChinaRide5.mp3
    [2011/11/12 02:29:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\{54509B50-054B-4C96-9E42-87ACA108E25B}
    [2011/11/09 12:48:21 | 000,252,970 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
    [2011/11/09 12:48:02 | 000,194,749 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
    [2011/07/27 07:38:51 | 000,022,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/07/02 10:15:32 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\housecall.guid.cache
    [2011/06/13 20:30:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2011/06/13 09:43:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\fusioncache.dat
    [2011/06/09 16:34:00 | 000,081,078 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
    [2011/06/09 16:34:00 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
    [2011/06/09 16:33:51 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2011/06/09 13:36:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2011/06/09 13:31:45 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
    [2011/06/09 13:31:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2011/06/09 13:17:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2011/06/09 13:17:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2011/06/09 13:16:59 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2011/06/09 13:16:59 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2011/06/09 13:16:58 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2011/06/08 14:48:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/06/08 14:40:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/06/08 07:33:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/06/08 07:32:28 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/03/06 11:24:34 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini
    [2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/03/22 14:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/22 14:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 03:00:00 | 000,501,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 03:00:00 | 000,087,346 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    < End of report >
  3. 2011-12-27, 23:18 #23
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi irving52,

    I have svchost.exe EIGHT times in my processes
    That is not a problem and is common.
    -------------

    IT APPEARS THAT YOUR LOGS ARE NOW CLEAN SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!!

    This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
    ----------

    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
    Combofix /Uninstall
    (Note: There is a space between the ..X and the /U that needs to be there.)


    ----------

    Clean up with OTL:
    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    ----------

    Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

    Here are some tips to reduce the potential for spyware infection in the future:

    1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
    • Open Internet Explorer
    • Click on Tools > Internet Options
    • Press Security tab
    • Select Internet zone then place check next to Enable Protected Mode if not already done
    • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
    • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

    3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

    4. Firewall
    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
    Online Armor Free
    Agnitum Outpost Firewall Free

    5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

    6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

    7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

    8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

    Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
  4. 2011-12-28, 09:01 #24
    irving52
    irving52 is offline
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default Thank you

    Thanks for all your help. I really appreciate it. Things seems to be running fine but I will take your advice to heart.
    I will follow your advice concerning IE and other security issues. I'm not sure why, but most people I know seem to think that Mozilla is less intrusive - or more safe - and I wonder why your security advice mostly pertains to IE.
    If you think that IE, with the adjustments / settings that you recommend is important for safe web surfing, I will probably follow your advice. I'm just curious if you think Mozilla is less secure than IE.
    Anyway, thanks again - so much for your help. I hope we won't need to be communicating again.
  5. 2011-12-28, 19:02 #25
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi irving52,

    I'm just curious if you think Mozilla is less secure than IE.
    No I don't think that. I use Firefox all the time. I make a point to make sure people have their IE as secure as we can make it because that is the browser that Windows uses to update its software. I am going to; however, add a Mozilla section into my final response for people that use Firefox as well.
  6. 2011-12-28, 22:00 #26
    irving52
    irving52 is offline
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    Thanks. I would say my problem is officially resolved. I am studying your advice on firewalls and other ways to protect my computer. Is Tea Timer something to look at?
    Thanks for your time and I appreciate you helping me and others.
  7. 2011-12-29, 06:30 #27
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Is Tea Timer something to look at?
    this is part of spybot s/d and I do recommend using it.

    Thanks for your time and I appreciate you helping me and others.
    The pleasure is mine.


    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules