dds scan

[Superdave]

Please run MBAM again and fixed the infections. Please post a new log.

 

Download OTL to your desktop.

 

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

* When the window appears, underneath Output at the top change it to Minimal Output.

* Check the boxes beside LOP Check and Purity Check.

* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

 

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

 

Please copy and pate the contents of these files, one at a time, into your next reply.

 

Note: You may need two or more posts to fit them all in.

[morgan46]

i posted that up before i deleted them. i do have the log file you want to see .ill post up log file you want when i get internet conn back .and well run another scan .

[morgan46]

ok

 

doing the scan

[morgan46]

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5604

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

1/25/2011 4:27:52 PM

mbam-log-2011-01-25 (16-27-52).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 233850

Time elapsed: 7 minute(s), 9 second(s)

 

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 5

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

 

Memory Processes Infected:

c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> 2572 -> Unloaded process successfully.

c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 5136 -> Unloaded process successfully.

 

Memory Modules Infected:

c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.

c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

c:\program files (x86)\iobit toolbar\IE\4.1\iobittoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.

c:\program files (x86)\iobit toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.

c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.

[morgan46]

OTL Extras logfile created on: 1/25/2011 4:34:32 PM - Run 1

OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Jerri\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 81.00% Memory free

24.00 Gb Paging File | 22.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 876.52 Gb Free Space | 94.11% Space Free | Partition Type: NTFS

 

Computer Name: MORGANSPC | User Name: Jerri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %* File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.89

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.89

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager

"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 23

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link DWA-130 Wireless N USB Adapter

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{7B8BA496-E201-4246-9A8B-687B49145F53}" = IObit Toolbar v4.1

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F744201B-8229-4FBF-AF10-13BAFD02AF7C}" = STORM

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"avast5" = avast! Free Antivirus

"FreeApp v1" = FreeApps

"Game Booster_is1" = Game Booster

"Hunting Unlimited 4" = Hunting Unlimited 4 1.0

"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Smart Defrag 2_is1" = Smart Defrag 2

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Steam App 42720" = Call of Duty Black Ops - Remote Console

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 1/25/2011 3:05:16 AM | Computer Name = morganspc | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

 

Error - 1/25/2011 5:53:26 PM | Computer Name = morganspc | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. The BaseIndex value from the

Performance registry is the first DWORD in the Data section, LastCounter value

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

the Data section.

 

Error - 1/25/2011 5:53:26 PM | Computer Name = morganspc | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

 

Error - 1/25/2011 6:06:58 PM | Computer Name = morganspc | Source = Application Hang | ID = 1002

Description = The program wirelesscm.exe version 4.16.122.0 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 13b8 Start

Time: 01cbbcd9bdd9d0e4 Termination Time: 0 Application Path: C:\Program Files (x86)\D-Link\DWA-130

revE\wirelesscm.exe Report Id:

 

Error - 1/25/2011 6:28:53 PM | Computer Name = morganspc | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. The BaseIndex value from the

Performance registry is the first DWORD in the Data section, LastCounter value

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

the Data section.

 

Error - 1/25/2011 6:28:53 PM | Computer Name = morganspc | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

 

Error - 1/25/2011 6:56:54 PM | Computer Name = morganspc | Source = Application Error | ID = 1000

Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:

0x4d0fe807 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1430 Faulting application

start time: 0x01cbbce32626e2fa Faulting application path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Faulting module path: unknown Report Id: 66a9b295-28d6-11e0-a879-cb51d7d2ce21

 

Error - 1/25/2011 7:06:39 PM | Computer Name = morganspc | Source = Application Error | ID = 1000

Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:

0x4d0fe807 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xfbc Faulting application

start time: 0x01cbbce484fcadb0 Faulting application path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Faulting module path: unknown Report Id: c3d4d44c-28d7-11e0-a879-cb51d7d2ce21

 

Error - 1/25/2011 7:17:47 PM | Computer Name = morganspc | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. The BaseIndex value from the

Performance registry is the first DWORD in the Data section, LastCounter value

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

the Data section.

 

Error - 1/25/2011 7:17:47 PM | Computer Name = morganspc | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

 

[ System Events ]

Error - 1/24/2011 6:18:31 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:37 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:37 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:47 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:47 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:49 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:49 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:53 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:53 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

Error - 1/24/2011 6:18:55 AM | Computer Name = morganspc | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1079

 

 

< End of report >

[morgan46]

OTL logfile created on: 1/25/2011 4:34:32 PM - Run 1

OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Jerri\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 81.00% Memory free

24.00 Gb Paging File | 22.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 876.52 Gb Free Space | 94.11% Space Free | Partition Type: NTFS

 

Computer Name: MORGANSPC | User Name: Jerri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Jerri\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)

PRC - C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Jerri\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (Bigfoot Networks Killer Service) -- C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe ()

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)

SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)

SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (WlanWpsSvc) -- C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SMR161) -- C:\Windows\SysNative\drivers\SMR161.SYS (Symantec Corporation)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()

DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (LVUVC64) Logitech Webcam 200(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)

DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (BFN7x64) -- C:\Windows\SysNative\drivers\Xeno7x64.sys (Bigfoot Networks, Inc.)

DRV:64bit: - (BfEdge7x64) -- C:\Windows\SysNative\drivers\Edge7x64.sys (Bigfoot Networks, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (SaiK0728) -- C:\Windows\SysNative\drivers\SaiK0728.sys (Saitek)

DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.1

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1

FF - prefs.js..extensions.enabledItems: cybersearch@cybernetnews.com:2.0.5

FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.12

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.12

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p="

FF - prefs.js..network.proxy.type: 4

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/09 15:00:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/22 00:57:15 | 000,000,000 | ---D | M]

 

[2011/01/09 15:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerri\AppData\Roaming\mozilla\Extensions

[2010/11/10 18:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerri\AppData\Roaming\mozilla\Firefox\extensions

[2010/11/10 18:32:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jerri\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2011/01/25 15:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerri\AppData\Roaming\mozilla\Firefox\Profiles\uoyxdpvy.default\extensions

[2011/01/22 22:42:32 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Jerri\AppData\Roaming\mozilla\Firefox\Profiles\uoyxdpvy.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2011/01/25 15:17:06 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Jerri\AppData\Roaming\mozilla\Firefox\Profiles\uoyxdpvy.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}

[2011/01/22 22:39:08 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Jerri\AppData\Roaming\mozilla\Firefox\Profiles\uoyxdpvy.default\extensions\cybersearch@cybernetnews.com

[2011/01/09 15:03:36 | 000,001,742 | ---- | M] () -- C:\Users\Jerri\AppData\Roaming\Mozilla\Firefox\Profiles\uoyxdpvy.default\searchplugins\search-the-web.xml

[2011/01/24 03:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/01/22 15:59:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/22 15:59:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/01/24 03:22:18 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM

[2011/01/24 03:22:19 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\New folder\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [FreeApp] C:\Program Files (x86)\FreeApps\FreeApps.exe (VTools)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\New folder\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Jerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/12/18 13:31:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

[morgan46]

[2011/01/25 16:31:38 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\Jerri\Desktop\OTL.exe

[2011/01/25 16:08:55 | 000,000,000 | R--D | C] -- C:\Users\Jerri\Documents\Notes

[2011/01/25 15:14:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/01/25 15:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/24 07:04:16 | 000,000,000 | ---D | C] -- C:\New folder

[2011/01/24 03:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3

[2011/01/24 01:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/01/24 01:54:09 | 010,257,160 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Jerri\Desktop\SUPERAntiSpyware.exe

[2011/01/23 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Roaming\SUPERAntiSpyware.com

[2011/01/23 01:50:20 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011/01/23 01:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2011/01/23 01:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/01/22 23:00:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jerri\Desktop\HijackThis.exe

[2011/01/22 22:29:17 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeApps

[2011/01/22 22:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeApps

[2011/01/22 22:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeApp

[2011/01/22 22:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2

[2011/01/22 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster

[2011/01/22 22:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2011/01/22 22:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2011/01/22 22:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar

[2011/01/22 22:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2011/01/22 19:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/01/22 19:45:12 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/01/22 19:45:11 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/01/22 19:45:09 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/01/22 19:45:08 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/01/22 19:45:07 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/01/22 19:45:07 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/01/22 19:44:55 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/01/22 19:44:55 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/01/22 19:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2011/01/22 19:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2011/01/22 01:06:49 | 000,000,000 | ---D | C] -- C:\Users\Jerri\Desktop\java

[2011/01/22 01:01:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/01/22 01:01:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/01/22 01:01:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/01/22 00:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/01/22 00:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/01/22 00:57:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2011/01/22 00:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2011/01/21 14:57:04 | 000,000,000 | ---D | C] -- C:\Users\Jerri\Desktop\inportant files

[2011/01/19 19:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2011/01/19 19:18:21 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Roaming\IObit

[2011/01/16 14:30:20 | 000,000,000 | ---D | C] -- C:\N360_BACKUP

[2011/01/15 09:23:17 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR161.SYS

[2011/01/12 03:17:01 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2011/01/12 03:17:01 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll

[2011/01/12 03:17:00 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll

[2011/01/12 03:17:00 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2011/01/12 03:17:00 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll

[2011/01/12 03:17:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2011/01/12 03:17:00 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll

[2011/01/12 03:17:00 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2011/01/12 03:17:00 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2011/01/12 03:17:00 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2011/01/12 03:17:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2011/01/12 03:17:00 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2011/01/12 03:16:59 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll

[2011/01/12 03:16:59 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2011/01/12 03:16:59 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll

[2011/01/12 03:16:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll

[2011/01/12 03:16:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2011/01/12 03:16:59 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll

[2011/01/12 03:16:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2011/01/12 03:16:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll

[2011/01/12 03:16:55 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll

[2011/01/12 03:16:55 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll

[2011/01/09 15:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

[2011/01/04 12:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/12/31 12:10:54 | 000,000,000 | ---D | C] -- C:\Users\Jerri\Desktop\My photo albums

[2010/12/31 12:04:00 | 000,000,000 | ---D | C] -- C:\4a204a9ed6d94c3f8a9942

[2010/12/31 11:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2010/12/31 11:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2010/12/31 11:45:17 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2010/12/30 11:37:36 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Roaming\Logitech

[2010/12/30 09:22:56 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Local\MAGIX

[2010/12/30 08:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/12/30 08:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2010/12/30 07:56:41 | 000,000,000 | ---D | C] -- C:\Windows\en

[2010/12/30 07:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2010/12/30 07:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2010/12/30 07:48:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/12/30 07:46:30 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll

[2010/12/30 07:46:30 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll

[2010/12/30 07:46:28 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll

[2010/12/30 07:46:27 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll

[2010/12/30 07:45:53 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2010/12/30 07:45:53 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2010/12/30 07:45:53 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2010/12/30 07:45:53 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2010/12/30 07:45:53 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2010/12/30 07:45:53 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2010/12/30 07:45:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2010/12/30 07:42:53 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Local\Windows Live

[2010/12/30 07:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2010/12/30 07:34:38 | 000,720,896 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll

[2010/12/30 07:34:38 | 000,274,432 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll

[2010/12/30 07:34:38 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll

[2010/12/30 07:34:38 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll

[2010/12/30 07:34:38 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll

[2010/12/30 07:34:38 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll

[2010/12/30 07:34:38 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll

[2010/12/30 07:34:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll

[2010/12/30 07:34:38 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll

[2010/12/30 07:34:38 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll

[2010/12/30 07:34:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll

[2010/12/30 07:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2010/12/30 07:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services

[2010/12/30 07:10:42 | 000,000,000 | ---D | C] -- C:\Users\Jerri\Documents\MAGIX Downloads

[2010/12/30 07:10:42 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Roaming\MAGIX

[2010/12/30 04:52:07 | 000,000,000 | ---D | C] -- C:\Users\Jerri\Documents\SightSpeed Recordings

[2010/12/30 04:52:07 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Local\LogiShrd

[2010/12/30 04:50:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logishrd

[2010/12/30 04:50:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\logishrd

[2010/12/30 04:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech

[2010/12/30 04:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS

[2010/12/30 04:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd

[2010/12/29 02:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2010/12/28 11:56:27 | 000,000,000 | ---D | C] -- C:\Users\Jerri\Documents\Hunting Unlimited 4

[2010/12/28 11:50:45 | 000,000,000 | ---D | C] -- C:\Users\Jerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hunting Unlimited 4

[2010/12/28 11:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hunting Unlimited 4

[2010/12/28 11:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hunting Unlimited 4

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/25 16:31:55 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Jerri\Desktop\OTL.exe

[2011/01/25 16:02:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060393640-2014973984-4174933669-1000UA.job

[2011/01/25 15:17:50 | 003,495,598 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/01/25 15:17:50 | 001,075,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/01/25 15:17:50 | 000,005,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/01/25 15:16:16 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/25 15:16:16 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/25 15:14:10 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/25 15:11:56 | 000,001,185 | ---- | M] () -- C:\Users\Jerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk

[2011/01/25 15:11:18 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job

[2011/01/25 15:11:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/25 15:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2011/01/25 15:10:51 | 1066,799,102 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/24 06:54:33 | 000,026,244 | ---- | M] () -- C:\Users\Jerri\AppData\Roaming\UserTile.png

[2011/01/24 03:21:45 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk

[2011/01/24 03:20:21 | 000,001,225 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2011/01/24 03:20:21 | 000,000,135 | ---- | M] () -- C:\Users\Jerri\Desktop\IObit Freeware.url

[2011/01/24 02:37:20 | 000,879,047 | ---- | M] () -- C:\Users\Jerri\Desktop\SecurityCheck.exe

[2011/01/24 01:54:49 | 010,257,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Jerri\Desktop\SUPERAntiSpyware.exe

[2011/01/24 01:02:11 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060393640-2014973984-4174933669-1000Core.job

[2011/01/23 18:36:55 | 000,001,852 | ---- | M] () -- C:\Users\Jerri\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/01/22 23:01:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jerri\Desktop\HijackThis.exe

[2011/01/22 22:29:17 | 000,001,013 | ---- | M] () -- C:\Users\Jerri\Desktop\FreeApps.lnk

[2011/01/22 22:28:17 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk

[2011/01/22 22:28:17 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk

[2011/01/22 21:38:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/01/22 20:51:59 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/01/22 19:45:13 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/01/22 16:26:32 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf

[2011/01/22 16:21:13 | 000,001,441 | ---- | M] () -- C:\Users\Jerri\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/01/21 03:32:59 | 000,000,017 | ---- | M] () -- C:\Users\Jerri\AppData\Local\resmon.resmoncfg

[2011/01/15 09:29:27 | 000,000,765 | ---- | M] () -- C:\Users\Jerri\AppData\Roaming\SMRBackup161.dat

[2011/01/15 09:23:17 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR161.SYS

[2011/01/13 17:02:53 | 000,002,363 | ---- | M] () -- C:\Users\Jerri\Desktop\Google Chrome.lnk

[2011/01/13 00:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/01/13 00:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/01/13 00:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/01/13 00:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/01/13 00:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/01/13 00:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/01/13 00:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/01/13 00:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/01/12 15:23:18 | 000,000,418 | ---- | M] () -- C:\Users\Jerri\Desktop\Wireless Network Connection 5 - Shortcut.lnk

[2011/01/09 15:00:27 | 000,001,967 | ---- | M] () -- C:\Users\Jerri\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/01/09 15:00:27 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/01/08 18:21:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/12/31 11:45:44 | 000,005,342 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/12/30 04:49:53 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk

[2010/12/29 17:18:08 | 000,000,000 | -H-- | M] () -- C:\Users\Jerri\Documents\Default.rdp

[2010/12/28 11:50:46 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Hunting Unlimited 4.lnk

 

========== Files Created - No Company Name ==========

 

[2011/01/25 15:14:10 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/25 15:11:56 | 000,001,185 | ---- | C] () -- C:\Users\Jerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk

[2011/01/24 06:54:33 | 000,026,244 | ---- | C] () -- C:\Users\Jerri\AppData\Roaming\UserTile.png

[2011/01/24 03:21:46 | 000,031,112 | ---- | C] () -- C:\Windows\SysNative\SmartDefragBootTime.exe

[2011/01/24 03:21:46 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys

[2011/01/24 03:20:39 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job

[2011/01/24 03:20:21 | 000,001,225 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2011/01/24 02:37:14 | 000,879,047 | ---- | C] () -- C:\Users\Jerri\Desktop\SecurityCheck.exe

[2011/01/23 01:50:20 | 000,001,852 | ---- | C] () -- C:\Users\Jerri\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/01/22 22:29:17 | 000,001,013 | ---- | C] () -- C:\Users\Jerri\Desktop\FreeApps.lnk

[2011/01/22 22:29:05 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk

[2011/01/22 22:28:17 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk

[2011/01/22 22:28:17 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk

[2011/01/22 22:23:24 | 000,000,135 | ---- | C] () -- C:\Users\Jerri\Desktop\IObit Freeware.url

[2011/01/22 22:13:57 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Hunting Unlimited 4.lnk

[2011/01/22 19:45:13 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/01/22 19:45:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2011/01/21 03:32:59 | 000,000,017 | ---- | C] () -- C:\Users\Jerri\AppData\Local\resmon.resmoncfg

[2011/01/15 09:29:27 | 000,000,765 | ---- | C] () -- C:\Users\Jerri\AppData\Roaming\SMRBackup161.dat

[2011/01/12 15:23:18 | 000,000,418 | ---- | C] () -- C:\Users\Jerri\Desktop\Wireless Network Connection 5 - Shortcut.lnk

[2011/01/09 15:00:27 | 000,001,967 | ---- | C] () -- C:\Users\Jerri\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/01/09 15:00:27 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/01/08 18:21:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/12/31 11:46:33 | 000,002,127 | ---- | C] () -- C:\Windows\epplauncher.mif

[2010/12/31 11:45:44 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/12/31 11:45:35 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2010/12/30 07:55:03 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2010/12/30 07:52:34 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2010/12/30 07:34:18 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2010/12/30 04:49:53 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk

[2010/12/30 04:16:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2010/12/29 17:18:08 | 000,000,000 | -H-- | C] () -- C:\Users\Jerri\Documents\Default.rdp

[2010/12/14 23:29:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/03 22:41:28 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini

[2010/11/29 00:33:48 | 000,029,069 | ---- | C] () -- C:\ProgramData\dxdiag.txt

[2010/11/10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2010/11/10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

 

========== LOP Check ==========

 

[2010/12/18 17:42:31 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\AVG

[2010/12/18 17:08:34 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\AVG10

[2010/11/25 14:08:30 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\CVS

[2010/12/04 06:36:48 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\EasyChat

[2011/01/24 23:08:52 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\IObit

[2010/11/13 16:58:12 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\Leadertech

[2010/12/30 07:35:20 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\MAGIX

[2010/12/13 08:35:57 | 000,000,000 | ---D | M] -- C:\Users\Jerri\AppData\Roaming\Tific

[2011/01/25 15:11:18 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job

[2009/07/13 21:08:49 | 000,023,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(22).TXT

[2011/01/25 14:24:43 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

 

< End of report >

[Superdave]

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix log and a new HijackThis log in your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[morgan46]

ComboFix 11-01-25.05 - Jerri 01/26/2011 17:19:23.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9724 [GMT -8:00]

Running from: c:\users\Jerri\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Install.exe

 

.

((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))

.

 

2011-01-27 01:21 . 2011-01-27 01:21 -------- d-----w- c:\users\Jerri\AppData\Local\temp

2011-01-27 01:21 . 2011-01-27 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-27 00:47 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-26 23:49 . 2011-01-26 23:55 -------- d-----w- c:\users\Jerri\AppData\Local\{04A1CD73-027C-471B-BFBA-085E1572D0E0}

2011-01-26 23:49 . 2011-01-26 23:50 -------- d-----w- c:\users\Jerri\AppData\Local\{BDA2E8FF-1F95-47A6-A3F0-C6B0C1405011}

2011-01-26 07:42 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E43CB7D2-3901-4663-9539-52D8606017DA}\mpengine.dll

2011-01-24 15:04 . 2011-01-25 23:14 -------- d-----w- C:\New folder

2011-01-24 11:21 . 2010-12-14 01:03 31112 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-01-24 11:21 . 2010-11-27 02:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-01-24 09:57 . 2011-01-25 23:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-23 09:50 . 2011-01-23 09:50 -------- d-----w- c:\users\Jerri\AppData\Roaming\SUPERAntiSpyware.com

2011-01-23 09:50 . 2011-01-23 09:50 -------- d-----w- c:\programdata\!SASCORE

2011-01-23 09:50 . 2011-01-23 09:50 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-23 06:29 . 2011-01-23 06:29 -------- d-----w- c:\program files (x86)\FreeApps

2011-01-23 06:29 . 2011-01-23 06:29 -------- d-----w- c:\programdata\FreeApp

2011-01-23 06:23 . 2011-01-26 00:27 -------- d-----w- c:\program files (x86)\Application Updater

2011-01-23 06:23 . 2011-01-26 00:27 -------- d-----w- c:\program files (x86)\IObit Toolbar

2011-01-23 06:23 . 2011-01-23 06:23 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2011-01-23 06:23 . 2011-01-25 07:08 -------- d-----w- c:\program files (x86)\IObit

2011-01-23 03:45 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe

2011-01-23 03:44 . 2011-01-23 03:44 -------- d-----w- c:\programdata\Alwil Software

2011-01-23 03:44 . 2011-01-23 03:44 -------- d-----w- c:\program files\Alwil Software

2011-01-22 08:57 . 2011-01-22 23:59 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-01-22 08:57 . 2010-11-13 02:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-22 08:57 . 2010-11-13 02:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-01-22 08:57 . 2011-01-22 23:59 -------- d-----w- c:\program files (x86)\Java

2011-01-20 03:46 . 2011-01-20 04:48 -------- d-----w- c:\programdata\IObit

2011-01-20 03:18 . 2011-01-25 07:08 -------- d-----w- c:\users\Jerri\AppData\Roaming\IObit

2011-01-16 22:30 . 2011-01-16 22:30 -------- d-----w- C:\N360_BACKUP

2011-01-15 17:23 . 2011-01-15 17:23 90232 ----a-w- c:\windows\system32\drivers\SMR161.SYS

2011-01-12 11:16 . 2010-11-02 05:18 229888 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-09 23:00 . 2010-12-03 19:35 553696 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe

2011-01-04 20:07 . 2011-01-04 20:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-12-31 23:21 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-12-31 20:04 . 2010-11-30 18:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05652A4E-29D6-4C79-9EC1-7F7495053BAB}\gapaengine.dll

2010-12-31 20:04 . 2010-12-31 20:04 -------- d-----w- C:\4a204a9ed6d94c3f8a9942

2010-12-31 19:45 . 2010-12-31 19:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2010-12-31 19:45 . 2010-12-31 19:45 -------- d-----w- c:\program files\Microsoft Security Client

2010-12-31 19:45 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2010-12-31 19:21 . 2010-11-16 20:01 8199504 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07FF0FE1-68D6-42B1-A740-28DE16221925}\mpengine.dll

2010-12-30 19:37 . 2010-12-30 19:37 -------- d-----w- c:\users\Jerri\AppData\Roaming\Logitech

2010-12-30 17:22 . 2010-12-30 17:22 -------- d-----w- c:\users\Jerri\AppData\Local\MAGIX

2010-12-30 16:34 . 2010-12-30 16:34 -------- d-----w- c:\program files (x86)\MSXML 4.0

2010-12-30 16:32 . 2010-12-30 16:32 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2

2010-12-30 15:56 . 2010-12-30 15:56 -------- d-----w- c:\windows\en

2010-12-30 15:50 . 2010-12-30 15:50 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2010-12-30 15:48 . 2010-12-30 15:50 -------- d-----w- c:\program files (x86)\Windows Live

2010-12-30 15:48 . 2010-12-30 15:48 -------- d-----w- c:\windows\PCHEALTH

2010-12-30 15:46 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-12-30 15:46 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll

2010-12-30 15:46 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll

2010-12-30 15:46 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll

2010-12-30 15:45 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2010-12-30 15:45 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll

2010-12-30 15:45 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll

2010-12-30 15:45 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-12-30 15:45 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-12-30 15:45 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll

2010-12-30 15:45 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll

2010-12-30 15:42 . 2011-01-26 23:49 -------- d-----w- c:\users\Jerri\AppData\Local\Windows Live

2010-12-30 15:42 . 2010-12-30 15:42 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2010-12-30 15:32 . 2011-01-08 07:34 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services

2010-12-30 15:10 . 2010-12-30 15:35 -------- d-----w- c:\users\Jerri\AppData\Roaming\MAGIX

2010-12-30 12:52 . 2011-01-25 23:35 -------- d-----w- c:\users\Jerri\AppData\Local\LogiShrd

2010-12-30 12:50 . 2010-12-30 12:50 53248 ----a-r- c:\users\Jerri\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2010-12-30 12:50 . 2011-01-26 01:14 -------- d-----w- c:\windows\system32\logishrd

2010-12-30 12:50 . 2011-01-26 01:14 -------- d-----w- c:\windows\SysWow64\logishrd

2010-12-30 12:50 . 2010-12-30 12:50 -------- d-----w- c:\programdata\Logitech

2010-12-30 12:50 . 2010-12-30 12:50 -------- d-----w- c:\program files (x86)\Common Files\LWS

2010-12-30 12:16 . 2010-12-30 12:51 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2010-12-29 10:30 . 2010-12-30 12:50 -------- d-----w- c:\program files\Common Files\logishrd

2010-12-28 19:50 . 2010-12-28 19:50 -------- d-----w- c:\program files (x86)\Hunting Unlimited 4

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 02:08 . 2010-12-19 07:39 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-07 13:08 . 2010-12-07 13:08 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-11-25 14:59 . 2010-11-25 14:59 694888 ----a-w- c:\windows\system32\drivers\RTL8192su.sys

2010-11-10 10:49 . 2010-11-10 10:49 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll

2010-11-10 10:49 . 2010-11-10 10:49 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll

2010-11-10 10:47 . 2010-11-10 10:47 416352 ----a-w- c:\windows\SysWow64\lvcodec2.dll

2010-11-10 10:45 . 2010-11-10 10:45 4162784 ----a-w- c:\windows\system32\drivers\lvuvc64.sys

2010-11-10 10:45 . 2010-11-10 10:45 559712 ----a-w- c:\windows\system32\LVUIRC64.dll

2010-11-10 10:45 . 2010-11-10 10:45 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe

2010-11-10 10:45 . 2010-11-10 10:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe

2010-11-10 10:45 . 2010-11-10 10:45 10871128 ----a-w- c:\windows\SysWow64\LogiDPP.dll

2010-11-10 10:45 . 2010-11-10 10:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll

2010-11-10 10:45 . 2010-11-10 10:45 316248 ----a-w- c:\windows\SysWow64\DevManagerCore.dll

2010-11-10 10:45 . 2010-11-10 10:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll

2010-11-10 10:45 . 2010-11-10 10:45 767584 ----a-w- c:\windows\system32\LVUI64.dll

2010-11-10 10:44 . 2010-11-10 10:44 341856 ----a-w- c:\windows\system32\drivers\lvrs64.sys

2010-11-10 10:43 . 2010-11-10 10:43 259680 ----a-w- c:\windows\system32\lvco13101216.dll

2010-11-10 10:43 . 2010-11-10 10:43 400480 ----a-w- c:\windows\system32\lvcod64.dll

2010-11-10 10:32 . 2010-11-10 10:32 38238 ----a-w- c:\windows\system32\Repository.reg

2010-11-10 10:28 . 2010-11-10 10:28 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-11-04 06:35 . 2010-12-16 04:16 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-16 04:16 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-16 04:16 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-16 04:16 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-16 04:16 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-16 04:16 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-16 04:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-16 04:16 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-16 04:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-16 04:27 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-16 04:27 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-16 04:27 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-16 04:27 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-16 04:27 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-16 04:27 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-16 04:27 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-16 04:27 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-16 04:27 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeApp"="c:\program files (x86)\FreeApps\FreeApps.exe" [2011-01-23 814496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware (reboot)"="c:\new folder\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

 

c:\users\Jerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech blank Product Registration.lnk - c:\program files (x86)\Logitech\G35\eReg.exe [2008-2-13 493832]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-130 revE\wirelesscm.exe [2010-12-15 496896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

 

.

Contents of the 'Scheduled Tasks' folder

 

2011-01-27 c:\windows\Tasks\AWC Startup.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2011-01-24 00:19]

 

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060393640-2014973984-4174933669-1000Core.job

- c:\users\Jerri\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-21 08:57]

 

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060393640-2014973984-4174933669-1000UA.job

- c:\users\Jerri\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-21 08:57]

.

 

--------- x86-64 -----------

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net

mStart Page = hxxp://www.msn.com

mLocal Page = c:\windows\system32\blank.htm

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: D4F6277616E6 = 198.153.192.1,198.153.194.1

FF - ProfilePath - c:\users\Jerri\AppData\Roaming\Mozilla\Firefox\Profiles\uoyxdpvy.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: CyberSearch: cybersearch@cybernetnews.com - %profile%\extensions\cybersearch@cybernetnews.com

FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-01-26 17:22:26

ComboFix-quarantined-files.txt 2011-01-27 01:22

 

Pre-Run: 941,336,604,672 bytes free

Post-Run: 941,076,901,888 bytes free

 

- - End Of File - - 89B0172AB0F87C0515B11A7D35DC571B

[morgan46]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:36:37 PM, on 1/26/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Jerri\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\New folder\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [FreeApp] "C:\Program Files (x86)\FreeApps\FreeApps.exe" /autorun

O4 - Startup: Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe

O4 - Global Startup: Wireless Connection Manager.lnk = ?

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Bigfoot Networks Killer Service - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 5660 bytes

[Superdave]

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

 

You will need to enter your name, e-mail address and location in order to access the download page.

 

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
   
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
  
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    

  [*]If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry

  [*]To clean up these entries click on the Clean up checked items button

  [*]If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up

  [*]Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

  [*]When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

.

[morgan46]

ok i got the program at the start where you tell me to chek the boxes the top chek box was grayed out couldnt click it so i ran it any ways ..think i need some one to take control over my pc if that can be done from some1 from obit that would be great

[morgan46]

ok i got the program at the start where you tell me to chek the boxes the top chek box was grayed out couldnt click it so i ran it any ways ..think i need some one to take control over my pc if that can be done from some1 from obit that would be great

 

Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click

[morgan46]

ok heres what it says....going to leave scan box open untill i here from you it has 1 unknown hidden file with green box next to it

 

 

 

Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\Jerri\AppData\Local\Mozilla\Firefox\Profiles\uoyxdpvy.default\Cache\40FC757Dd01

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)

[Superdave]

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[morgan46]

did the eset scan came up clean but gave me no log file ....:?

[Superdave]

That sounds good. How's your computer working now?

[morgan46]

last night at around 6 pm was fine ..untill my girl friend came over and tried to conect to my network.from her laptop .as soon as she did i lost my internet conn idk what it is .then this mornning tried comeing here to obit site . had internet but coulndt get to any sites went into obit advanced system care tool admin tools and into windows manger my browser setings was turned off .. i think its something on her pc thats doing all this .we used to live togather could it be a paid for spy program on my pc ......

[Superdave]

Check your installed programs to see if there's anything there that you didn't install.

[morgan46]

the only thing i seen a google plugin... so i del it but where you told me to run that scan and to make sure the running processes was checked . i didnt fix the 1 program it found was unkown .

 

 

 

Once you have downloaded the file, double click the sarsfx icon

Review the licence agreement and click on the Accept button

The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui

Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan ........ sars scan didnt fix unkown program

[Superdave]

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[morgan46]

rooter

 

Rooter.exe (v1.0.2) by Eric_71

.

The token does not have the SeDebugPrivilege privilege ! (error:1300)

Can not acquire SeDebugPrivilege !

Please run the tool as administrator ..

.

Windows 7 Home Edition (6.1.7600)

[32_bits] - Intel64 Family 6 Model 26 Stepping 5, GenuineIntel

.

Error OpenService (wscsvc) : 6

Error OpenSCManager : 5

Error OpenService (MpsSvc) : 6

Windows Defender -> Enabled

User Account Control (UAC) -> Enabled

.

Internet Explorer 8.0.7600.16385

Mozilla Firefox 3.6.13 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:931 Go - Free:876 Go )

D:\ [CD_Rom]

.

Scan : 03:36.02

Path : C:\Users\Jerri\Desktop\Rooter.exe

User : Jerri ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

Locked System (4)

Locked smss.exe (312)

Locked csrss.exe (472)

Locked wininit.exe (572)

Locked csrss.exe (596)

Locked services.exe (628)

Locked lsass.exe (652)

Locked lsm.exe (660)

Locked winlogon.exe (708)

Locked svchost.exe (808)

Locked nvvsvc.exe (872)

Locked svchost.exe (912)

Locked MsMpEng.exe (1012)

Locked svchost.exe (492)

Locked svchost.exe (620)

Locked svchost.exe (140)

Locked audiodg.exe (1144)

Locked svchost.exe (1172)

Locked svchost.exe (1220)

Locked svchost.exe (1280)

Locked NvXDSync.exe (1468)

Locked svchost.exe (1480)

Locked nvvsvc.exe (1556)

Locked spoolsv.exe (1772)

Locked SASCore64.exe (1892)

Locked alg.exe (1912)

Locked svchost.exe (1944)

Locked svchost.exe (1968)

Locked PresentationFontCache.exe (1256)

Locked infocard.exe (2432)

Locked LVPrcSrv.exe (2576)

Locked svchost.exe (2608)

Locked LVPrS64H.exe (2660)

Locked svchost.exe (2680)

Locked svchost.exe (2700)

Locked TCPSVCS.EXE (2732)

Locked snmp.exe (2816)

Locked nvSCPAPISvr.exe (2924)

Locked svchost.exe (3020)

Locked UI0Detect.exe (2308)

Locked vds.exe (2360)

Locked wbengine.exe (2132)

Locked svchost.exe (2488)

Locked WlanWpsSvc.exe (2728)

Locked WLIDSVC.EXE (3104)

Locked WmiApSrv.exe (3164)

Locked WmiPrvSE.exe (3396)

Locked sppsvc.exe (3700)

Locked NisSrv.exe (3796)

Locked WLIDSVCM.EXE (3924)

______ ???�?????? (3332)

______ ???�?????? (3764)

Locked taskeng.exe (3352)

______ ???�?????? (4024)

Locked AWC.exe (3736)

______ ???�?????? (4188)

______ C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe (4400)

______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4556)

______ C:\Program Files (x86)\Logitech\G35\G35.exe (4600)

Locked SearchIndexer.exe (4864)

Locked SearchProtocolHost.exe (4940)

Locked wmpnetwk.exe (3148)

Locked Revouninstaller.exe (5236)

______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5524)

Locked msdtc.exe (5988)

Locked WmiPrvSE.exe (5344)

Locked TrustedInstaller.exe (1216)

Locked SearchFilterHost.exe (1688)

Locked MpCmdRun.exe (3940)

______ C:\Users\Jerri\Desktop\Rooter.exe (5444)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)

\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:1000097185792)

.

----------------------\\ Scheduled Tasks

.

C:\Windows\Tasks\AWC Startup.job

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060393640-2014973984-4174933669-1000Core.job

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060393640-2014973984-4174933669-1000UA.job

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU(22).TXT

C:\Windows\Tasks\SCHEDLGU.TXT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 03:36.12

.

C:\Rooter$\Rooter_1.txt - (05/02/2011 | 03:36.12)

[Superdave]

I see no evidence of any malware on your computer.

 

 

EDIT: Reminder of the FP procedure for IS360.:smile:

[morgan46]

ok but them files that have locks next to them .so those r to be locked .. i have never locked a flie on this pc i know this becouse its brand new so its not me that locked them files its showing in report log ...