WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


BankerFox.A, Nugel.e and Spyware 2009

2 posters

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyBankerFox.A, Nugel.e and Spyware 200919th January 2010, 10:25 pm

more_horiz
I am completely frustrated, as you can imagine, trying to fix my husband's laptop by getting rid of this crap on his computer. I have tried to install ComboFix, Malwarebyte AntiMalware and even HijackThis. It is very difficult to save anything to the computer now let alone get it to run. Whatever it is that has taken a hold of the computer seems to stop all .exe files.

This what's occuring on the computer:
  • Popups saying "Application can not be executed. The file ____.exe is infected. Do you want to activate your antivirus software now?" Yes/no buttons
  • "Antivirus software alert Infiltration Alert Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar. Attack from xxx.xx..xxx.xxx, port xxxxx Attacked port xxxx. Threat: win32/nugel Do you want to block this attack?"
  • Spyware alert! Vulnerablitlies found blah blah blah, do you want to activate your antivirus software/ stay unprotected" (buttons)
  • IE pops up and tries to open many tabs with, what I'm guessing is, porn sites.


This is totally out of my league, I have worked in the IT industry (web development mostly) but this... yikes.
Can you please help me tackle this garbage?
Thank you for your time
Melissa

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 200919th January 2010, 10:32 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A, Nugel.e and Spyware 2009 DXwU4
BankerFox.A, Nugel.e and Spyware 2009 VvYDg

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 200920th January 2010, 12:19 am

more_horiz
OTL logfile created on: 1/19/2010 2:43:07 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\roozeekuh2\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 183.83 Gb Free Space | 64.39% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROOZEEKUH2-PC
Current User Name: roozeekuh2
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 14:40:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\roozeekuh2\Desktop\OTL.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/10/28 22:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/21 22:11:42 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 14:40:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\roozeekuh2\Desktop\OTL.exe
MOD - [2008/01/20 18:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/16 17:38:20 | 00,375,296 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/12/11 01:41:10 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/25 22:42:13 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/28 19:48:33 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 01:15:44 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/18 22:26:20 | 00,024,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/04/28 13:56:28 | 00,161,048 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/24 04:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 18:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 20:37:08 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 20:37:02 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/08/04 16:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 00,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/18 22:26:02 | 01,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/04/21 22:11:32 | 02,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 18:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 00,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008/01/20 18:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 00,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 18:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 18:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:23 | 00,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/20 18:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:20 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/20 18:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/01 20:37:18 | 00,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/02 21:59:06 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/02 21:58:50 | 00,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/11/14 00:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/09/24 01:27:26 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/20 21:43:56 | 00,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/04/23 02:51:56 | 00,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/26 23:48:46 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/26 23:48:44 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/26 23:48:44 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 18:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 18:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/08/04 16:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 13:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080729
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Twittin_Secrets_Twitter_Tips Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2103525&SearchSource=3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/dollslikeus?ref=ts#/video/video.php?v=1124134277871|https://www.aweber.com/users/followups|http://mail.google.com/mail/?shva=1#search/ket/1231e27e4e086941|http://www.google.com/ig|http://www.ketsangtai.com/|http://www.google.com/ig#restore"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:2.1.1
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.50
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.018
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.3
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {e26ba8db-a646-a44e-997c-2fafeadb50f2}:1.1.6
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: ntortarolo@hotmail.com:2.0.7
FF - prefs.js..extensions.enabledItems: {db7a1b0e-2c9e-4ad3-a2fd-21907ef2c9d1}:1.5.48.2
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:1.3.3
FF - prefs.js..keyword.URL: "http://recovery.alexa.com/helper/?aid=PxP5b1aRzJ00EF&plugin=alxf-1.50&reason=keyword&location="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/25 14:35:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 09:02:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 09:02:51 | 00,000,000 | ---D | M]

[2009/02/04 14:26:38 | 00,000,000 | ---D | M] -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Extensions
[2009/02/04 14:26:38 | 00,000,000 | ---D | M] (No name found) -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/01/19 05:35:06 | 00,000,000 | ---D | M] -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions
[2009/04/06 20:22:12 | 00,000,000 | ---D | M] (No name found) -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/12/14 15:51:22 | 00,000,000 | ---D | M] (AddThis) -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2009/03/02 05:51:45 | 00,000,000 | ---D | M] (No name found) -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/18 19:59:55 | 00,000,000 | ---D | M] (Twittin Secrets Twitter Tips Toolbar) -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\{db7a1b0e-2c9e-4ad3-a2fd-21907ef2c9d1}
[2010/01/10 17:09:45 | 00,000,000 | ---D | M] (OnlyWire) -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2010/01/18 05:38:11 | 00,000,000 | ---D | M] -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\firefox@facebook.com
[2009/04/06 20:22:12 | 00,000,000 | ---D | M] -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\ntortarolo@hotmail.com
[2009/04/05 00:01:06 | 00,000,000 | ---D | M] -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\support@ancestry.com
[2009/12/02 20:02:46 | 00,000,000 | ---D | M] -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\toolbar@alexa.com
[2010/01/18 05:38:17 | 00,000,000 | ---D | M] -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\extensions\wisestamp@wisestamp.com
[2009/10/26 21:18:31 | 00,002,238 | ---- | M] () -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\searchplugins\askcom.xml
[2009/01/15 12:50:44 | 00,000,918 | ---- | M] () -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\searchplugins\conduit.xml
[2009/01/01 16:18:59 | 00,005,595 | ---- | M] () -- C:\Users\roozeekuh2\AppData\Roaming\Mozilla\Firefox\Profiles\untn9yrg.default\searchplugins\wordtracker.xml
[2009/12/24 14:42:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/10 09:34:21 | 00,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2008/06/17 22:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 13:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKCU..\Run: [qorjkrbi] C:\Users\roozeekuh2\AppData\Local\lwnmae\ujsqsysguard.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://albertsons.coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a31db3e-d9b4-11de-8e9b-002170fe3196}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O33 - MountPoints2\{f8935268-6340-11dd-b76c-002170fe3196}\Shell - "" = AutoRun
O33 - MountPoints2\{f8935268-6340-11dd-b76c-002170fe3196}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f8935281-6340-11dd-b76c-002170fe3196}\Shell - "" = AutoRun
O33 - MountPoints2\{f8935281-6340-11dd-b76c-002170fe3196}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f89352da-6340-11dd-b76c-002170fe3196}\Shell - "" = AutoRun
O33 - MountPoints2\{f89352da-6340-11dd-b76c-002170fe3196}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 14:42:19 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\roozeekuh2\Desktop\OTL.exe
[2010/01/19 14:08:37 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\roozeekuh2\Desktop\winlogon.scr
[2010/01/19 12:51:29 | 00,000,000 | ---D | C] -- C:\Users\roozeekuh2\AppData\Roaming\Malwarebytes
[2010/01/19 12:51:25 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/19 12:51:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/19 12:51:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/19 12:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/18 23:26:57 | 00,000,000 | ---D | C] -- C:\Users\roozeekuh2\AppData\Local\lwnmae
[2010/01/16 23:28:50 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/12 21:08:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 21:08:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/09 16:23:08 | 00,000,000 | ---D | C] -- C:\Program Files\Force5
[2010/01/06 21:45:39 | 00,000,000 | ---D | C] -- C:\Users\roozeekuh2\Documents\E-books
[2009/12/24 14:42:50 | 00,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2009/12/24 14:42:48 | 00,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2009/12/22 21:32:49 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/12/21 23:02:26 | 00,000,000 | ---D | C] -- C:\Users\roozeekuh2\Documents\Windows
[2007/08/02 14:20:28 | 00,220,184 | ---- | C] ( ) -- C:\Users\roozeekuh2\AppData\Local\Interop.Microsoft.Office.Core.dll
[2005/12/13 17:12:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\roozeekuh2\AppData\Local\stdole.dll
[1 C:\Users\roozeekuh2\*.tmp files -> C:\Users\roozeekuh2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/19 14:42:33 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/19 14:42:33 | 00,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/19 14:42:33 | 00,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/19 14:40:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\roozeekuh2\Desktop\OTL.exe
[2010/01/19 14:38:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/19 14:37:00 | 00,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2010/01/19 14:36:57 | 00,027,269 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/01/19 14:36:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/19 14:36:48 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 14:36:48 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 14:35:43 | 03,407,872 | -HS- | M] () -- C:\Users\roozeekuh2\NTUSER.DAT
[2010/01/19 14:35:43 | 00,524,288 | -HS- | M] () -- C:\Users\roozeekuh2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/19 14:35:43 | 00,065,536 | -HS- | M] () -- C:\Users\roozeekuh2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/19 14:35:39 | 02,636,468 | -H-- | M] () -- C:\Users\roozeekuh2\AppData\Local\IconCache.db
[2010/01/19 14:06:04 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\roozeekuh2\Desktop\winlogon.scr
[2010/01/19 13:48:26 | 00,005,632 | ---- | M] () -- C:\Users\roozeekuh2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 12:51:28 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 06:06:55 | 00,061,224 | ---- | M] () -- C:\Users\roozeekuh2\GoToAssistDownloadHelper.exe
[2010/01/18 15:03:53 | 00,078,848 | ---- | M] () -- C:\Users\roozeekuh2\Documents\Master Planner.xls
[2010/01/17 20:57:43 | 00,001,003 | ---- | M] () -- C:\Users\roozeekuh2\Desktop\CommentHut Lite.lnk
[2010/01/16 23:01:28 | 00,005,972 | ---- | M] () -- C:\Users\roozeekuh2\AppData\Local\d3d9caps.dat
[2010/01/15 00:59:59 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/01/12 19:44:01 | 00,000,644 | ---- | M] () -- C:\Users\roozeekuh2\Documents\ChatLog Learn The Ins _ Outs of Keyword Research _ Your Personal MLSP Mastermind Training 2010_01_12 19_44.rtf
[2010/01/07 22:17:55 | 00,224,256 | ---- | M] () -- C:\Users\roozeekuh2\Documents\TrafficGeyserOverdraft.doc
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/04 21:55:12 | 00,000,122 | ---- | M] () -- C:\Users\roozeekuh2\Desktop\GoToMeeting Web conferencing, Online Meetings, Net Meeting, Online Training, Web Conference, Presentation Software, Web conf.URL
[2010/01/01 22:37:52 | 28,771,8431 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/01 00:59:59 | 00,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/12/24 14:44:19 | 00,001,052 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2009/12/21 22:51:22 | 00,000,368 | ---- | M] () -- C:\Users\roozeekuh2\Desktop\Windows - Shortcut.lnk
[2009/12/21 22:51:22 | 00,000,368 | ---- | M] () -- C:\Users\roozeekuh2\Desktop\sources - Shortcut.lnk
[1 C:\Users\roozeekuh2\*.tmp files -> C:\Users\roozeekuh2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/19 14:35:44 | 00,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2010/01/19 12:51:28 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 06:06:53 | 00,061,224 | ---- | C] () -- C:\Users\roozeekuh2\GoToAssistDownloadHelper.exe
[2010/01/12 19:44:01 | 00,000,644 | ---- | C] () -- C:\Users\roozeekuh2\Documents\ChatLog Learn The Ins _ Outs of Keyword Research _ Your Personal MLSP Mastermind Training 2010_01_12 19_44.rtf
[2010/01/09 16:23:08 | 00,001,003 | ---- | C] () -- C:\Users\roozeekuh2\Desktop\CommentHut Lite.lnk
[2010/01/07 22:17:55 | 00,224,256 | ---- | C] () -- C:\Users\roozeekuh2\Documents\TrafficGeyserOverdraft.doc
[2010/01/04 21:55:12 | 00,000,122 | ---- | C] () -- C:\Users\roozeekuh2\Desktop\GoToMeeting Web conferencing, Online Meetings, Net Meeting, Online Training, Web Conference, Presentation Software, Web conf.URL
[2009/12/21 22:51:22 | 00,000,368 | ---- | C] () -- C:\Users\roozeekuh2\Desktop\Windows - Shortcut.lnk
[2009/12/21 22:51:22 | 00,000,368 | ---- | C] () -- C:\Users\roozeekuh2\Desktop\sources - Shortcut.lnk
[2009/10/12 15:35:01 | 00,004,096 | -H-- | C] () -- C:\Users\roozeekuh2\AppData\Local\keyfile3.drm
[2008/10/27 10:27:42 | 00,005,972 | ---- | C] () -- C:\Users\roozeekuh2\AppData\Local\d3d9caps.dat
[2008/08/17 22:44:37 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/06 22:18:44 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/05 16:48:52 | 00,005,632 | ---- | C] () -- C:\Users\roozeekuh2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/29 03:41:15 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/29 03:41:15 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/29 03:41:15 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/29 03:41:15 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/29 03:41:08 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/29 01:04:59 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

Extras.txt

OTL Extras logfile created on: 1/19/2010 2:43:07 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\roozeekuh2\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 183.83 Gb Free Space | 64.39% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROOZEEKUH2-PC
Current User Name: roozeekuh2
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CFF0C4E-1073-42CB-91FB-3A3750815DA9}" = lport=139 | protocol=6 | dir=in | app=system |
"{34D9B647-4FD8-4E9F-8AA0-8B52C5FD5732}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5345AA08-498F-45F8-A65F-6AB7E7D91849}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F71EB74-40EC-4818-A347-32B00716B7D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{86DF8893-8C44-4DBC-871F-D21633F1B75E}" = lport=137 | protocol=17 | dir=in | app=system |
"{87D447A3-6EA8-4978-9199-EC29AEA75694}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A454F2EE-2CBF-4A85-81E3-78F5F6EDF6A8}" = rport=139 | protocol=6 | dir=out | app=system |
"{A72B3639-EF1D-4ED6-A31B-CC88FA491920}" = rport=445 | protocol=6 | dir=out | app=system |
"{B9950CF1-2FD2-415C-B715-3D742E28C4F4}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{C2CAA51E-B35A-4FEE-B016-10FDC2BA3B36}" = rport=138 | protocol=17 | dir=out | app=system |
"{F37D9E09-49B5-4CB4-B8AC-84CFA648099C}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C6788A-A9E0-446E-992D-40DF18389B52}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1E56CC8D-1D77-40B9-8185-C5CAD50A8928}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40920BB1-1102-40C8-A497-EB66DCDCF580}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D93D622-E17A-4AB0-B78E-25C1B97862C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7535703C-34E1-4C29-912E-07358FA84D90}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{858284A8-4031-4E6E-B9E2-1E1837080FF2}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{928D91C0-A247-4939-96D6-C38B25E51353}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ABFC3FC7-9E92-4A04-92B5-0EE2ACB2DCF9}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{B7BF1A1F-DDFA-4578-9B4A-4D095E345A33}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{B869C57A-99DB-41BE-A9F0-05DBD010E23E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB83DECA-42AE-4046-9AD4-7A062DF1310C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C1AB08A3-E16C-4EB5-BA79-181C9847E5F5}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{C4DBC45F-BE23-48E3-84D6-D2824AEEAC39}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{CADF4E16-CC0B-4785-B40E-504BC17D46A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1721F14E-228A-4639-A12B-539BB302B664}" = BPSender
"{1761224D-B108-4921-BB02-5551F7B412F6}" = Google AdWords Editor
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™️ 3.8
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{935629EE-7A6B-F8ED-4ADA-7C0F97346FD4}" = TweetDeck
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E064390A-2F64-4195-9A55-30D4B20B865A}" = WDCSAM Driver
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe Extendscript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"A Submitter" = NSIS A Submitter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BatchPhoto_is1" = BatchPhoto v2.3.3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comment Hut Lite" = Comment Hut Lite 2009
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"FLV Player" = FLV Player 2.0 (build 25)
"FTP Commander Deluxe" = FTP Commander Deluxe
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSC" = McAfee SecurityCenter
"Nvu_is1" = Nvu 1.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.1.0.366
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2010 3:01:19 AM | Computer Name = roozeekuh2-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2010 3:29:01 AM | Computer Name = roozeekuh2-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/17/2010 3:31:35 AM | Computer Name = roozeekuh2-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/18/2010 9:32:51 AM | Computer Name = roozeekuh2-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2010 3:54:30 AM | Computer Name = roozeekuh2-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/19/2010 9:21:38 AM | Computer Name = roozeekuh2-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2010 10:02:15 AM | Computer Name = roozeekuh2-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module IEShims.dll, version 8.0.6001.18865, time stamp 0x4b078a27,
exception code 0xc0000005, fault offset 0x00021e16, process id 0xe0c, application
start time 0x01ca991001050161.

Error - 1/19/2010 10:07:23 AM | Computer Name = roozeekuh2-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module IEShims.dll, version 8.0.6001.18865, time stamp 0x4b078a27,
exception code 0xc0000005, fault offset 0x00021e16, process id 0xe14, application
start time 0x01ca9910b8ca4351.

Error - 1/19/2010 6:39:42 PM | Computer Name = roozeekuh2-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/19/2010 6:39:59 PM | Computer Name = roozeekuh2-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 5/11/2009 11:49:42 PM | Computer Name = roozeekuh2-PC | Source = WLAN-Tray | ID = 0
Description = 20:49:42, Mon, May 11, 09 Error - Unable to gain access to user store


[ System Events ]
Error - 6/20/2009 3:28:45 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 3:28:46 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 3:28:47 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 10:53:43 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 10:53:43 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 10:53:44 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 10:53:45 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 10:53:46 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 10:53:47 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/20/2009 10:53:48 AM | Computer Name = roozeekuh2-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 200920th January 2010, 1:32 am

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKCU..\Run: [qorjkrbi] C:\Users\roozeekuh2\AppData\Local\lwnmae\ujsqsysguard.exe ()
    [2010/01/18 23:26:57 | 00,000,000 | ---D | C] -- C:\Users\roozeekuh2\AppData\Local\lwnmae



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A, Nugel.e and Spyware 2009 DXwU4
BankerFox.A, Nugel.e and Spyware 2009 VvYDg

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 200920th January 2010, 3:18 am

more_horiz
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Program Files\Dealio Toolbar\SearchSettings.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qorjkrbi deleted successfully.
C:\Users\roozeekuh2\AppData\Local\lwnmae\ujsqsysguard.exe moved successfully.
C:\Users\roozeekuh2\AppData\Local\lwnmae folder moved successfully.

OTL by OldTimer - Version 3.1.25.2 log created on 01192010_191645

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 200920th January 2010, 7:01 pm

more_horiz
Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Ask Toolbar
  • Click on the Uninstall/Change button at the top.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A, Nugel.e and Spyware 2009 DXwU4
BankerFox.A, Nugel.e and Spyware 2009 VvYDg

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 200920th January 2010, 9:40 pm

more_horiz
I just tried to uninstall it and got this:
"The Windows Installer Service could not be accessed. This can occur if the windows installer is not correctly installed. Contact your support personnel for assistance."

I don't believe we've had trouble installing/uninstalling before. I am trying this in Safe Mode, so might that be an issue? I'll reboot and try it again.
thanks for your help so far Smile...

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 200920th January 2010, 10:43 pm

more_horiz
Ok, I tried the Uninstall of the asktoolbar and I am pretty sure it worked. I did get an error message at the end of the install but when i went back to check the list of programs to uninstall, it wasn't there anymore.
I also ran Malwarebytes and it removed 5 items.

So i'm going to assume it's fine now. I don't see any popups or spyware messages anymore either (thank goodness!)
Now, I'm installing the recommended spyware protection type programs (spybot, adaware, spywareblaster, etc)

Thank you SO very much for your help on this!
I have become a fan on FB

So from your point of view, do think there is anything else I should be doing? Do you think I've gotten it all or will it rear it's ugly head again?

thanks again
Melissa

descriptionBankerFox.A, Nugel.e and Spyware 2009 EmptyRe: BankerFox.A, Nugel.e and Spyware 2009

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum