Solved Google Redirect and random audio clip virus

sambaker · 2011/09/28

Here is the second part of the OTL.txt file:

========== Files Created - No Company Name ==========

[2011/09/28 20:03:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/28 20:03:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/28 20:03:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/28 19:49:00 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Shortcut to ComboFix.exe.lnk
[2011/09/28 05:07:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat
[2011/06/25 14:08:00 | 000,015,696 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/25 14:08:00 | 000,015,696 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/09 12:59:25 | 000,261,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/12 09:12:47 | 000,014,202 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\176u5ye3ex5ry35el1eh8m2h48
[2011/04/12 09:12:47 | 000,014,202 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\176u5ye3ex5ry35el1eh8m2h48
[2010/09/29 02:01:17 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D9B31E5078.sys
[2010/04/07 19:21:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 19:21:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\UyME
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UyME
[2010/01/27 16:43:15 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/27 00:11:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/11/14 17:47:12 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/01 10:03:27 | 018,764,452 | -HS- | C] () -- C:\WINDOWS\System32\algc.sys
[2009/09/01 10:03:27 | 000,000,915 | ---- | C] () -- C:\WINDOWS\System32\adsmsexte.sys
[2009/07/04 00:22:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2009/01/27 01:03:54 | 000,000,218 | ---- | C] () -- C:\WINDOWS\Utowininozu.dat
[2008/08/14 03:04:47 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/12 14:46:26 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/06 04:17:56 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/06 04:17:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/06 04:17:48 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/06 04:17:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/06 04:17:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/04 13:11:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/19 22:26:28 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/16 22:09:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/11/28 20:33:27 | 000,001,844 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/19 23:24:54 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/17 00:04:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/08/15 23:34:09 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/08/15 22:03:28 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/15 18:15:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/08/15 18:00:28 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\fusioncache.dat
[2006/08/10 12:10:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/10 11:59:34 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/10 11:57:36 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/10 11:54:05 | 000,004,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/10 11:52:29 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/10 11:46:43 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/08/10 11:22:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/08/10 11:22:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/08/10 11:22:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2006/08/10 11:22:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/08/10 11:22:31 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/08/10 11:22:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/08/10 11:22:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/08/10 11:22:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/08/10 11:22:31 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/08/10 11:22:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/08/10 11:22:06 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/10 11:21:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/10 11:21:50 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/10 11:20:39 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/31 13:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,231,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/03/04 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aPjLaDj09000
[2010/03/26 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/02/23 09:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bDeOjKc06511
[2006/11/23 21:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/03/04 20:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dBlGlCg15406
[2010/01/27 16:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/06 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/04 02:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/11/20 01:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/30 14:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/06 22:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/10 00:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/03 04:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2011/05/16 20:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ElevatedDiagnostics
[2008/08/31 17:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ICAClient
[2008/09/21 23:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Leadertech
[2008/08/31 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Runaware
[2010/05/28 16:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\webex
[2010/04/07 01:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Windows Live Writer
[2011/09/12 15:16:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/09/28 20:23:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/04 00:38:03 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
[2011/09/28 20:20:01 | 000,261,180 | ---- | M] () -- C:\aaw7boot.log
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/09 03:32:29 | 000,022,743 | ---- | M] () -- C:\BBS GMER Post.txt
[2008/06/08 07:20:24 | 000,002,599 | ---- | M] () -- C:\BCG.p10
[2006/08/15 19:32:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/05 00:30:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2006/11/23 22:06:39 | 000,005,114 | ---- | M] () -- C:\caisslog.txt
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/09/28 21:51:01 | 000,013,062 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/10 11:27:30 | 000,006,414 | RH-- | M] () -- C:\dell.sdr
[2011/09/28 18:49:50 | 000,368,793 | ---- | M] () -- C:\dlcf.log
[2010/06/09 00:51:23 | 000,006,276 | ---- | M] () -- C:\GMER Before Scan.log
[2010/06/09 02:16:46 | 000,004,035 | ---- | M] () -- C:\GMER Completed Scan - Bottom of Log.log
[2010/06/09 01:15:38 | 000,010,872 | ---- | M] () -- C:\GMER Partial Scan.log
[2011/09/28 20:20:03 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/15 23:13:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/08/10 11:53:52 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
[2006/08/15 23:33:56 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2007/04/16 22:09:48 | 000,003,442 | ---- | M] () -- C:\lvcoinst.log
[2010/06/06 21:29:54 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/26 07:41:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/28 20:20:01 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/07/06 20:24:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/07 03:05:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/07 04:55:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/07/07 03:26:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/07/24 02:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/07/25 22:29:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/24 06:03:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/25 16:19:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/26 02:28:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/26 15:34:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/27 20:47:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/03/01 19:39:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/02 10:34:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/02 09:44:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/02 14:13:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/05/03 12:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/05/19 08:56:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/05/20 09:46:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/06/19 21:55:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/20 00:31:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/06/20 00:31:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/06 20:24:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/07 04:55:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/07 03:05:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/07/07 03:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/07/24 02:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/07/25 22:29:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/24 06:03:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/25 16:19:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/26 02:28:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/26 15:34:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/27 20:47:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/01 19:39:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/02 10:34:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/02 09:44:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/05/02 14:13:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/05/03 12:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/05/19 08:56:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/05/20 09:46:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/06/19 21:55:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/08/10 11:54:02 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/03/11 01:38:37 | 002,121,728 | -H-- | M] () -- C:\SZKGFS.dat
[2011/07/28 03:13:15 | 000,065,210 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_28.07.2011_03.10.34_log.txt
[2011/07/28 03:14:05 | 000,065,210 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_28.07.2011_03.13.21_log.txt
[2011/09/28 19:06:28 | 000,076,858 | ---- | M] () -- C:\TDSSKiller.2.6.2.0_28.09.2011_18.59.43_log.txt
[2008/09/27 23:58:57 | 000,005,952 | ---- | M] () -- C:\WirelessDiagLog.csv
[2009/09/01 13:35:11 | 000,000,162 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/09/29 12:28:54 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/12/10 09:24:06 | 000,082,168 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/06/09 12:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
[2008/08/26 07:47:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/15 18:00:45 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\Desktop\7.0.0.538f-sdsetup.exe
[2011/09/28 19:48:24 | 004,232,793 | R--- | M] (Swearware) -- C:\Documents and Settings\Brandon McGahee\Desktop\ComboFix.exe
[2007/08/29 00:12:42 | 000,591,136 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Brandon McGahee\Desktop\DMSetup.exe
[2008/07/06 13:23:16 | 007,496,920 | ---- | M] (Mozilla) -- C:\Documents and Settings\Brandon McGahee\Desktop\Firefox Setup 3.0.exe
[2009/11/22 21:07:55 | 001,183,536 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\Desktop\GoBoingo_YgByAGEAbgBkAG8AbgA1AA==_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2009/09/03 19:56:49 | 000,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Brandon McGahee\Desktop\GooredFix.exe
[2010/04/07 20:22:16 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\Desktop\mbam-setup.exe
[2007/04/30 07:08:53 | 000,907,624 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MM061A12.EXE
[2007/05/28 04:55:04 | 000,908,139 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MM061A14.EXE
[2011/09/28 22:38:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2007/05/21 00:38:26 | 094,664,384 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\R138747.EXE
[2007/05/02 01:36:49 | 012,711,440 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Brandon McGahee\Desktop\RealPlayer10-5GOLD.exe
[2008/05/04 13:04:43 | 022,300,968 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Brandon McGahee\Desktop\SkypeSetup.exe
[2011/09/28 18:55:58 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brandon McGahee\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 23:23:26 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/08/09 21:18:39 | 111,864,418 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\5704xdat.exe
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\7.0.0.538f-sdsetup.exe
[2009/09/02 15:12:13 | 060,857,536 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Brandon McGahee\My Documents\Ad-AwareAE.exe
[2009/09/03 06:29:22 | 000,848,656 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Brandon McGahee\My Documents\avg_avwt_stb_all_8_32.exe
[2008/07/06 03:56:38 | 002,919,360 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Brandon McGahee\My Documents\ccsetup209.exe
[2009/09/03 06:25:04 | 000,339,257 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\CleanUp452.exe
[2009/07/04 20:23:31 | 003,912,484 | ---- | M] (Mozilla) -- C:\Documents and Settings\Brandon McGahee\My Documents\Firefox Setup 3.5.exe
[2009/07/04 10:31:56 | 001,177,392 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgBtAGMAZwBhAGgAZQBlADcANQA=_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2009/06/19 22:35:08 | 001,177,392 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgByAGEAbgBkAG8AbgA3ADUA_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2010/02/07 00:26:29 | 001,183,536 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgByAGEAbgBkAG8AbgAuAG0AYwBnAGEAaABlAGUA_YgBvAGkAbgBnAG8A_GoBoingo.exe
[2009/08/29 01:44:23 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgByAGEAbgBkAG8AbgAwADcAMAA1AA==_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2009/09/03 03:09:44 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\HijackThis.exe
[2009/09/03 03:02:57 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\HijackThisInstaller.exe
[2010/01/27 16:40:55 | 004,955,456 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Brandon McGahee\My Documents\HitmanPro35.exe
[2008/07/06 12:57:36 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Brandon McGahee\My Documents\install_flash_player.exe
[2008/09/30 01:56:11 | 068,690,749 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\Intel_multi-device_A13_R171131.exe
[2008/10/30 22:09:33 | 000,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\jxpiinstall.exe
[2008/07/06 04:15:17 | 014,120,442 | ---- | M] ( ) -- C:\Documents and Settings\Brandon McGahee\My Documents\klcodec395f.exe
[2010/03/22 04:17:19 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\My Documents\mbam-setup.exe
[2009/09/01 13:38:45 | 000,442,080 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\msgr9us.exe
[2010/02/11 20:27:08 | 250,204,240 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon McGahee\My Documents\ProjectProfessional.exe
[2010/01/26 17:20:38 | 034,628,432 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\sdsetup.exe
[2010/02/27 20:03:44 | 001,688,360 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SkypeSetup.exe
[2009/09/02 21:45:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Brandon McGahee\My Documents\spybotsd162.exe
[2010/03/22 02:46:44 | 000,502,168 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpyHunter-Installer.exe
[2010/01/27 00:07:47 | 042,067,368 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpySweeperSNRSetup_EN.exe
[2009/09/03 16:09:12 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\STOPzilla_Setup.exe
[2008/08/31 16:59:14 | 000,555,288 | ---- | M] (Runaware, Inc) -- C:\Documents and Settings\Brandon McGahee\My Documents\TestDriveWizard-v1.4.1.exe
[2008/07/06 12:17:28 | 000,185,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Brandon McGahee\My Documents\uninstall_flash_player.exe
[2008/09/28 00:46:52 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Brandon McGahee\My Documents\WinsockxpFix.exe
[2010/03/16 18:53:22 | 013,837,640 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\winzip140.exe
[2008/08/31 17:11:53 | 248,975,048 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon McGahee\My Documents\X12-30351.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/15 18:00:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/09/28 21:56:54 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2007/09/11 10:54:00 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

sambaker · 2011/09/28

Here is the Extras.txt file:

OTL Extras logfile created on: 9/28/2011 10:42:45 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.72% Memory free
3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 37.07 Gb Free Space | 55.60% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: BRANDON | User Name: Brandon McGahee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1463BA91-7FE5-4B8C-A890-FB4E5FACCB47}" = CA eTrust PestPatrol Anti-Spyware
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Network Adapter Setup
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Color Printer 725" = Dell Color Printer 725
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"legacyqcam_10.00" = Logitech Legacy USB Camera Driver Package
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPRO" = Microsoft Project Professional 2010
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2011 7:41:50 AM | Computer Name = BRANDON | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 9/28/2011 6:43:45 PM | Computer Name = BRANDON | Source = Application Error | ID = 1004
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module ws2_32.dll, version 5.1.2600.2180, fault address 0x00006f7e.

Error - 9/28/2011 6:47:16 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 9/28/2011 6:47:19 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 9/28/2011 6:48:28 PM | Computer Name = BRANDON | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00630b2c.

Error - 9/28/2011 6:55:33 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 9/28/2011 6:55:36 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 9/28/2011 6:57:15 PM | Computer Name = BRANDON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module ws2_32.dll, version 5.1.2600.2180, fault address 0x00004fd4.

Error - 9/28/2011 8:24:51 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 9/28/2011 8:24:54 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 9/28/2011 7:43:19 AM | Computer Name = BRANDON | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

Error - 9/28/2011 7:43:19 AM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
connect.

Error - 9/28/2011 7:43:19 AM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053

Error - 9/28/2011 7:44:03 AM | Computer Name = BRANDON | Source = DCOM | ID = 10010
Description = The server {E85062FB-914A-40A2-8801-5DD803045204} did not register
with DCOM within the required timeout.

Error - 9/28/2011 6:45:35 PM | Computer Name = BRANDON | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 9/28/2011 6:48:34 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 9/28/2011 6:48:34 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/28/2011 8:01:45 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/28/2011 8:23:15 PM | Computer Name = BRANDON | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 9/28/2011 9:38:44 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

broni · 2011/09/28

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==========================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = 128.59.20.227:3124
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = 128.59.20.227:3124
FF - prefs.js..network.proxy.http_port: 61152
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O37 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/06/25 14:08:00 | 000,015,696 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/25 14:08:00 | 000,015,696 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/04/12 09:12:47 | 000,014,202 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\176u5ye3ex5ry35el1eh8m2h48
[2011/04/12 09:12:47 | 000,014,202 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\176u5ye3ex5ry35el1eh8m2h48
[2010/09/29 02:01:17 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D9B31E5078.sys
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\UyME
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UyME
[2011/03/04 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aPjLaDj09000
[2011/02/23 09:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bDeOjKc06511
[2011/03/04 20:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dBlGlCg15406


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

sambaker · 2011/09/28

Here is the log file from the OTL fix run:

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 61152 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com\online\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\System32\dllcache\msctf.dll.tmp deleted successfully.
C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1 moved successfully.
C:\Documents and Settings\All Users\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1 moved successfully.
C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\176u5ye3ex5ry35el1eh8m2h48 moved successfully.
C:\Documents and Settings\All Users\Application Data\176u5ye3ex5ry35el1eh8m2h48 moved successfully.
C:\WINDOWS\system32\D9B31E5078.sys moved successfully.
C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\UyME moved successfully.
C:\Documents and Settings\All Users\Application Data\UyME moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\aPjLaDj09000\ not found.
Folder C:\Documents and Settings\All Users\Application Data\bDeOjKc06511\ not found.
Folder C:\Documents and Settings\All Users\Application Data\dBlGlCg15406\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 53524 bytes

User: All Users

User: Brandon McGahee
->Temp folder emptied: 15682539 bytes
->Temporary Internet Files folder emptied: 10201838 bytes
->Java cache emptied: 10823823 bytes
->FireFox cache emptied: 155289138 bytes
->Flash cache emptied: 3848 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 6782 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 78991 bytes
RecycleBin emptied: 726964 bytes

Total Files Cleaned = 184.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Brandon McGahee
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 09292011_003437

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

sambaker · 2011/09/28

Here is the checkup.txt log file from the Security Check scan:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
CA eTrust PestPatrol Anti-Spyware
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 27
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Windows Defender MsMpEng.exe
CA eTrust Internet Security Suite eTrust PestPatrol Anti-Spyware PPActiveDetection.exe
CA eTrust Internet Security Suite caissdt.exe
CA eTrust Internet Security Suite eTrust PestPatrol Anti-Spyware PPActiveDetection.exe
``````````End of Log````````````

broni · 2011/09/28

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

....and Eset....

sambaker · 2011/09/29

Since I updated my Java version and removed the old version, I am periodically getting a jusched.exe messages that says "jusched.exe has encountered a problem and needs to close. We are sorry for this inconvenience." It does not seem to be causing any other problems, but I was wondering why I was getting this and if there is a way to prevent it. Any thoughts?

I am about to update my Adobe Reader and then download and run ESET Online Scanner. I will notify you when that is done.

Thanks.

broni · 2011/09/29

It's a known bug.
Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

sambaker · 2011/09/29

I have updated Adobe Reader and here is the log file from the ESET Scan:

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\win32.dll.vir Win32/Bamital.FO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Bamital.FN virus deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\svchost.exe.vir Win32/Bamital.FN virus deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Win32/Bamital.FN virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004404.exe Win32/Bamital.FN virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004405.exe Win32/Bamital.FN virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004406.exe Win32/Bamital.FN virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004407.exe Win32/Bamital.FN virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004408.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004409.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004417.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004418.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004438.exe Win32/Bamital.FN virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004439.exe Win32/Bamital.FN virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0004440.exe Win32/Bamital.FN virus deleted - quarantined
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\39\7301cce7-36136113 Java/Agent.DP trojan deleted - quarantined
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\44\5750edac-6a8dab88 Java/Agent.DP trojan deleted - quarantined
C:\WINDOWS\system32\dllcache\explorer.exe Win32/Bamital.FN virus deleted - quarantined
C:\WINDOWS\system32\dllcache\winlogon.exe Win32/Bamital.FN virus deleted - quarantined

broni · 2011/09/29

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

sambaker · 2011/09/29

Here is the OTL log for creating clean restore points:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Brandon McGahee
->Temp folder emptied: 995629 bytes
->Temporary Internet Files folder emptied: 2397678 bytes
->Java cache emptied: 597556 bytes
->FireFox cache emptied: 64954564 bytes
->Flash cache emptied: 1695 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2688 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4784 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Brandon McGahee
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.29.1 log created on 09292011_234514

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Brandon McGahee\Local Settings\Temp\etilqs_2FOdul0baRUnMbo not found!
File\Folder C:\Documents and Settings\Brandon McGahee\Local Settings\Temp\Perflib_Perfdata_8d0.dat not found!
C:\Documents and Settings\Brandon McGahee\Local Settings\Temporary Internet Files\Content.IE5\YNTLR1G2\client_ad[1].htm moved successfully.
C:\Documents and Settings\Brandon McGahee\Local Settings\Temporary Internet Files\Content.IE5\YNTLR1G2\st[1] moved successfully.
C:\Documents and Settings\Brandon McGahee\Local Settings\Temporary Internet Files\Content.IE5\HAT7FSYO\vitality[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

sambaker · 2011/09/29

I have run the OTL cleanup process and deleted the leftover tools/logs.

Thank you very much for your help. My computer is performing much quicker than before the cleanup and all of the nuisance symptoms I initially reported have ceased. I very happy with the results of using this forum. I appreciate your quick and timely responses to my posts. Thanks again. You have been most helpful.

broni · 2011/09/29

Way to go!!
Good luck and stay safe

Log in or Sign up

Solved Google Redirect and random audio clip virus

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Google Redirect and random audio clip virus

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches