Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacking looms again (Vundo?)


  • This topic is locked This topic is locked
23 replies to this topic

#1 bigheadzach

bigheadzach

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 March 2010 - 10:46 AM

Been getting scores of "could not connect" issues with both Chrome and Firefox lately after going to normal sites. Spamming Reload several times tends to get it to work but then continue to see pages/iframes randomly omit images or not be formatted correctly due to the CSS failing to load.

Pretty sure I have some kind of hijacking redirect to sites that S&D/Ad-Aware have actively immunized against (therefore it's refusing to connect at all rather than go to those sites).

Neither S&D nor Ad-Aware have identified any problems. I've had this resolved once before through BleepingComputer so I am confident that yall will come through once more as you've done for so many peeps. If possible, I'd like to find out exactly what the nature of the infection is this time, so I can prepare more effectively for it in the future.

Thank you in advance for your tireless efforts.

(NOTE: In looking at the DDS/GMER logs, noticing several entries for "Windows Live Family Safety". No idea what this is, but I doubt I'd ever want to turn this on, so it seems odd to me.)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Zach Gaskins at 16:16:56.23 on Wed 03/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1140 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\U-ABIT\ABITEQ\ABITEQ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Wootalyzer\woot.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Zach Gaskins\Desktop\Anti-Malware apps\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ABIT uGuruIII] c:\program files\u-abit\abiteq\ABITEQ.exe
uRun: [Google Update] "c:\documents and settings\zach gaskins\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [supertintin_skype] c:\program files\supertintin for skype\supertintin_skype.exe /start_context sys_auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\zachga~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213938532656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zachga~1\applic~1\mozilla\firefox\profiles\e49aqkqo.default\
FF - component: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\components\nsTwitterFoxSign.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\zach gaskins\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-9 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-11 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-11 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-11 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-2-9 941784]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-20 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-5-30 47640]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-2-12 37376]
R3 ABIT-IO;ABIT-IO;c:\program files\u-abit\abiteq\ABIT-IO.sys [2007-12-27 4608]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\zach gaskins\local settings\temp\vcdrom.sys --> c:\documents and settings\zach gaskins\local settings\temp\VCdRom.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 ICam7fil;Intel® CS431 Audio Filter Driver;c:\windows\system32\drivers\icam7fil.sys [2008-10-13 19640]
S3 Icam7USB;Intel® PC Camera CS431;c:\windows\system32\drivers\Icam7USB.sys [2008-10-13 158848]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-03-23 15:43:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 15:43:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 14:38:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-23 14:36:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-22 21:51:57 0 d-----w- c:\program files\SIW
2010-03-17 13:41:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 19:12:23 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 01:24:40 527540 ----a-w- c:\documents and settings\zach gaskins\ScreenShot-1267838679-0.png
2010-03-05 17:36:36 0 d-----w- c:\program files\Scorched3D
2010-03-04 20:44:42 0 d-----w- c:\program files\City of Heroes
2010-02-27 03:43:17 0 d-----w- c:\program files\dumps
2010-02-25 08:12:44 0 d-----w- c:\documents and settings\zach gaskins\.GalleryRemote

==================== Find3M ====================

2010-03-17 13:41:18 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 13:40:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-03 06:53:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-03 06:53:08 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-27 10:26:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-06-20 05:27:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062020080621\index.dat

============= FINISH: 16:17:33.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 28 March 2010 - 12:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 bigheadzach

bigheadzach
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 29 March 2010 - 08:56 AM

No symptoms have changed since my initial post. I have pasted the DDR and GMER logs below and attached the attach.txt file as requested. Thanks in advance for your help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Zach Gaskins at 21:17:23.32 on Sun 03/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1139 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\U-ABIT\ABITEQ\ABITEQ.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Zach Gaskins\Desktop\Anti-Malware apps\dds.pif

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ABIT uGuruIII] c:\program files\u-abit\abiteq\ABITEQ.exe
uRun: [Google Update] "c:\documents and settings\zach gaskins\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [supertintin_skype] c:\program files\supertintin for skype\supertintin_skype.exe /start_context sys_auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\zachga~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213938532656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zachga~1\applic~1\mozilla\firefox\profiles\e49aqkqo.default\
FF - component: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\components\nsTwitterFoxSign.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\firefox\profiles\e49aqkqo.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\documents and settings\zach gaskins\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\zach gaskins\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-9 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-11 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-11 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-11 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-2-9 941784]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-20 55152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-5-30 47640]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-2-12 37376]
R3 ABIT-IO;ABIT-IO;c:\program files\u-abit\abiteq\ABIT-IO.sys [2007-12-27 4608]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\zach gaskins\local settings\temp\vcdrom.sys --> c:\documents and settings\zach gaskins\local settings\temp\VCdRom.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 ICam7fil;Intel® CS431 Audio Filter Driver;c:\windows\system32\drivers\icam7fil.sys [2008-10-13 19640]
S3 Icam7USB;Intel® PC Camera CS431;c:\windows\system32\drivers\Icam7USB.sys [2008-10-13 158848]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-03-24 20:24:22 20 ----a-w- c:\documents and settings\zach gaskins\defogger_reenable
2010-03-23 15:43:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 15:43:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 14:38:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-23 14:36:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-22 21:51:57 0 d-----w- c:\program files\SIW
2010-03-17 13:41:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 19:12:23 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 01:24:40 527540 ----a-w- c:\documents and settings\zach gaskins\ScreenShot-1267838679-0.png
2010-03-05 17:36:36 0 d-----w- c:\program files\Scorched3D
2010-03-04 20:44:42 0 d-----w- c:\program files\City of Heroes
2010-02-27 03:43:17 0 d-----w- c:\program files\dumps

==================== Find3M ====================

2010-03-17 13:41:18 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 13:40:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-03 06:53:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-03 06:53:08 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-27 10:26:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-06-20 05:27:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062020080621\index.dat

============= FINISH: 21:18:04.45 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-29 09:30:25
Windows 5.1.2600 Service Pack 3
Running: urb9bjsf.exe; Driver: C:\DOCUME~1\ZACHGA~1\LOCALS~1\Temp\uwryqpow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB80F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB80F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB577B360, 0x3E57A5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1036] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2440] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BC2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BC2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BC2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BC2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDA 0xC1 0x8C 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDA 0xC1 0x8C 0xC4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDA 0xC1 0x8C 0xC4 ...

---- EOF - GMER 1.0.15 ----

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 29 March 2010 - 06:53 PM

No, not Vundo. Let's see if we can dig ojut a rootkit.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#5 bigheadzach

bigheadzach
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 29 March 2010 - 07:29 PM

ComboFix log has been attached.

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 29 March 2010 - 07:52 PM

Windows Live Family Safety is a free legit child safety program added in to your programs courtesy of Microsoft.


Nothing showing up on any logs or scans so far.

Please download TCPView

When the log comes up click Save and save the file to your desktop and attach the file to your next reply. Let's see if your connections are okay.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#7 bigheadzach

bigheadzach
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 29 March 2010 - 09:13 PM

TCPView log below.

[System Process]:0 TCP bighead2:2480 yx-in-f106.1e100.net:http TIME_WAIT
[System Process]:0 TCP bighead2:2525 gx-in-f191.1e100.net:http TIME_WAIT
[System Process]:0 TCP bighead2:2475 yx-in-f106.1e100.net:http TIME_WAIT
[System Process]:0 TCP bighead2:2487 yx-in-f103.1e100.net:http TIME_WAIT
alg.exe:3856 TCP bighead2:1032 bighead2:0 LISTENING
Apache.exe:1896 TCP bighead2:3476 bighead2:0 LISTENING
Apache.exe:1896 TCP bighead2:3476 bighead2:0 LISTENING
chrome.exe:2200 TCP bighead2:2541 yw-in-f138.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2489 yw-in-f103.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2505 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2462 yx-in-f154.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2526 yx-in-f106.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2490 yw-in-f103.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2506 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2474 gw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2527 yx-in-f106.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2507 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2420 yx-in-f113.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2448 yx-in-f154.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2476 yw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2508 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2529 yw-in-f118.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2477 yw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2509 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2494 yw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2515 yw-in-f191.1e100.net:https ESTABLISHED
chrome.exe:2200 TCP bighead2:2478 yw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2510 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2523 gx-in-f97.1e100.net:https ESTABLISHED
chrome.exe:2200 TCP bighead2:2426 gx-in-f164.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2530 gw-in-f118.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2531 yx-in-f106.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2479 yw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2516 yw-in-f191.1e100.net:https ESTABLISHED
chrome.exe:2200 TCP bighead2:2511 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2532 yx-in-f106.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2517 yw-in-f191.1e100.net:https ESTABLISHED
chrome.exe:2200 TCP bighead2:2512 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2491 yi-in-f104.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2533 yx-in-f106.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2497 yx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2481 yw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2414 yw-in-f113.1e100.net:https ESTABLISHED
chrome.exe:2200 TCP bighead2:2463 63.217.184.17:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2513 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2419 gx-in-f125.1e100.net:5222 ESTABLISHED
chrome.exe:2200 TCP bighead2:2492 yi-in-f104.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2542 iy-in-f139.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2498 yx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2534 yx-in-f106.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2482 yw-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2514 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2493 yi-in-f104.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2483 yx-in-f103.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2499 yx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2535 yw-in-f118.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2524 yx-in-f105.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2500 yx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2536 yw-in-f118.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2501 yx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2485 yx-in-f103.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2537 yw-in-f118.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2453 gw-in-f167.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2486 yx-in-f103.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2502 yx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2454 gw-in-f167.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2442 server-216-137-33-100.iad2.cloudfront.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2455 gw-in-f167.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2488 yw-in-f103.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2504 gx-in-f191.1e100.net:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2544 74.125.162.33:http ESTABLISHED
chrome.exe:2200 TCP bighead2:2543 yi-in-f138.1e100.net:http ESTABLISHED
jqs.exe:2016 TCP bighead2:5152 bighead2:0 LISTENING
LogMeIn.exe:260 TCP bighead2:2002 localhost:1033 ESTABLISHED
LogMeIn.exe:260 TCP bighead2:2363 app10.logmeinrescue-enterprise.com:https ESTABLISHED
LogMeIn.exe:260 TCP bighead2:2002 bighead2:0 LISTENING
LogMeInSystray.exe:3448 TCP bighead2:1033 localhost:2002 ESTABLISHED
svchost.exe:1376 UDP bighead2:1900 *:*
svchost.exe:1376 UDP bighead2:1900 *:*
svchost.exe:980 TCP bighead2:epmap bighead2:0 LISTENING
System:4 TCP bighead2:netbios-ssn bighead2:0 LISTENING
System:4 TCP bighead2:microsoft-ds bighead2:0 LISTENING
System:4 UDP bighead2:netbios-ns *:*
System:4 UDP bighead2:netbios-dgm *:*
System:4 UDP bighead2:microsoft-ds *:*

Not sure why I'd have so many open connections through Chrome when I only have one or two tabs open...perhaps a clue?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 30 March 2010 - 06:13 PM

Chrome looks unusually busy but that doesn't mean anything...yet.

Download Autoruns

http://download.sysinternals.com/Files/Autoruns.zip
  1. Extract the Autoruns Zip file contents to a folder.
  2. Double-click the "Autoruns.exe".
  3. Go to Options and click Hide Microsoft Entries
  4. Close Autoruns and reopen it
  5. Click on the Everything tab
  6. Go to File then Export and click on Save.
  7. Close Autoruns and open Autoruns.txt (this file will be in the same folder). Copy and paste the contents in this thread.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#9 bigheadzach

bigheadzach
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 31 March 2010 - 02:28 AM

The version of Autorun you linked me to didn't have a specific "Hide Microsoft Entries", but it did have a "Hide Microsoft and Windows Entries" option, so I selected that.

The Export menu option was not available, but I was allowed to Save... the data in a txt format, which I figure is what you intended. The contents of that file are below.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
+ "LogitechQuickCamRibbon" "Camera Software" "Logitech Inc." "c:\program files\logitech\quickcam\quickcam.exe"
+ "LogMeIn GUI" "LogMeIn Desktop Application" "LogMeIn, Inc." "c:\program files\logmein\x86\logmeinsystray.exe"
+ "NBKeyScan" "Nero BackItUp" "Nero AG" "c:\program files\nero\nero8\nero backitup\nbkeyscan.exe"
+ "NeroFilterCheck" "NeroCheck" "Nero AG" "c:\program files\common files\nero\lib\nerocheck.exe"
+ "nTrayFw" "Firewall Tray Application" "NVIDIA Corporation" "c:\program files\nvidia corporation\networkaccessmanager\bin\ntrayfw.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "SkyTel" "Realtek Voice Manager" "Realtek Semiconductor Corp." "c:\windows\skytel.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "supertintin_skype" "Supertintin Recorder" "IMTiger Software Ltd." "c:\program files\supertintin for skype\supertintin_skype.exe"
"C:\Documents and Settings\Zach Gaskins\Start Menu\Programs\Startup" "" "" ""
+ "SpywareGuard.lnk" "SpywareGuard" "" "c:\program files\spywareguard\sgmain.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ABIT uGuruIII" "abit Skin Changeable Application" "Universal ABIT Corporation" "c:\program files\u-abit\abiteq\abiteq.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\zach gaskins\local settings\application data\google\update\googleupdate.exe"
+ "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero Home" "Nero AG" "c:\program files\common files\nero\lib\nmindexstoresvr.exe"
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lightscribecontrolpanel.exe"
+ "Pando Media Booster" "Pando Media Booster" "" "c:\program files\pando networks\media booster\pmb.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgpp.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lsrunonce.exe"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SpywareGuard.Handler" "SpywareGuard Protection" "" "c:\program files\spywareguard\spywareguard.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgse.dll"
+ "Cover Designer" "Cover Designer" "Nero AG" "c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll"
+ "CTMTPMediaExplorer" "CME ContextMenu Shell Extension" "Creative Technology Ltd" "c:\program files\creative\shared files\ctcmectx.dll"
+ "LavasoftShellExt" "Shell Extension " "" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files\nero\nero8\nero backitup\nbshell.dll"
+ "ShlExtMenu" "WinMount Explorer Extension" "WinMount International Inc." "c:\program files\winmount3\winmtext3.dll"
+ "TextPad" "" "" "File not found: C:\Program Files\TextPad 4\System\shellext.dll"
+ "WinMTExt3" "WinMount Explorer Extension" "WinMount International Inc." "c:\program files\winmount3\winmtext3.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinMTExt3" "WinMount Explorer Extension" "WinMount International Inc." "c:\program files\winmount3\winmtext3.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgse.dll"
+ "CTMTPMediaExplorer" "CME ContextMenu Shell Extension" "Creative Technology Ltd" "c:\program files\creative\shared files\ctcmectx.dll"
+ "LavasoftShellExt" "Shell Extension " "" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files\nero\nero8\nero backitup\nbshell.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "" "" "File not found: C:\WINDOWS\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" "" "" ""
+ "7-Zip Shell Extension" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgse.dll"
+ "Desktop Explorer" "" "" "File not found: C:\WINDOWS\system32\nvshell.dll"
+ "Desktop Explorer Menu" "" "" "File not found: C:\WINDOWS\system32\nvshell.dll"
+ "Display Panning CPL Extension" "" "" "File not found: deskpan.dll"
+ "HyperTerminal Icon Ext" "HyperTerminal Applet Library" "Hilgraeve, Inc." "c:\windows\system32\hticons.dll"
+ "NeroCoverEd Live Icons" "Cover Designer" "Nero AG" "c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll"
+ "NvCpl DesktopContext Class" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "nView Desktop Context Menu" "" "" "File not found: C:\WINDOWS\system32\nvshell.dll"
+ "OpenOffice.org Column Handler" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "OpenOffice.org Infotip Handler" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "OpenOffice.org Property Sheet Handler" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "OpenOffice.org Thumbnail Viewer" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "Play on my TV helper" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "Shell Extensions for RealOne Player" "RealPlayer Shell Extensions" "RealNetworks, Inc." "c:\program files\real\realplayer\rpshell.dll"
+ "SpywareGuard.Handler" "SpywareGuard Protection" "" "c:\program files\spywareguard\spywareguard.dll"
+ "TextPad" "" "" "File not found: C:\Program Files\TextPad 4\System\shellext.dll"
+ "WinMTExt extension" "WinMount Explorer Extension" "WinMount International Inc." "c:\program files\winmount3\winmtext3.dll"
+ "Zen Vision:M Media Explorer" "Creative Shell Extension" "Creative Technology Ltd" "c:\program files\creative\creative zen vision m\shctmtp.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgssie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer" "c:\program files\real\realplayer\rpbrowserrecordplugin.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "SpywareGuardDLBLOCK.CBrowserHelper" "SpywareGuard Download Protection" "" "c:\program files\spywareguard\dlprotect.dll"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "Ad-Aware Admin Application " "Lavasoft " "c:\program files\lavasoft\ad-aware\ad-awareadmin.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-725345543-842925246-682003330-1004Core.job" "Google Installer" "Google Inc." "c:\documents and settings\zach gaskins\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-725345543-842925246-682003330-1004UA.job" "Google Installer" "Google Inc." "c:\documents and settings\zach gaskins\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "avg9emc" "AVG E-Mail Scanner" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgemc.exe"
+ "avg9wd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgwdsvc.exe"
+ "ForceWare Intelligent Application Manager (IAM)" "app_filter Module" "" "c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe"
+ "ForcewareWebInterface" "Apache" "Apache Software Foundation" "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "Lavasoft Ad-Aware Service" "Ad-Aware Service" "Lavasoft" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "LMIMaint" "LogMeIn Maintenance Service" "LogMeIn, Inc." "c:\program files\logmein\x86\ramaint.exe"
+ "LogMeIn" "LogMeIn" "LogMeIn, Inc." "c:\program files\logmein\x86\logmein.exe"
+ "LVPrcSrv" "Injector service" "Logitech Inc." "c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe"
+ "Nero BackItUp Scheduler 3" "Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP." "Nero AG" "c:\program files\nero\nero8\nero backitup\nbservice.exe"
+ "NMIndexingService" "Nero Home" "Nero AG" "c:\program files\common files\nero\lib\nmindexingservice.exe"
+ "nSvcIp" "nForce Firewall Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe"
+ "nSvcLog" "nSvcLog" "NVIDIA" "c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "PLFlash DeviceIoControl Service" "PLFlash DeviceIoControl Service" "Prolific Technology Inc." "c:\windows\system32\ioctlsvc.exe"
+ "wampapache" "Apache/2.2.11 (Win32) PHP/5.3.0" "Apache Software Foundation" "c:\program files\wamp\bin\apache\apache2.2.11\bin\httpd.exe"
+ "wampmysqld" "" "" "c:\program files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ABIT-IO" "" "" "c:\program files\u-abit\abiteq\abit-io.sys"
+ "Aspi32" "ASPI for WIN32 Kernel Driver" "Adaptec" "c:\windows\system32\drivers\aspi32.sys"
+ "AvgLdx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "AvgMfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "AvgTdiX" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "CAMTHWDM" "" "" "c:\windows\system32\drivers\camthwdm.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\ZACHGA~1\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "EagleNT" "" "" "File not found: C:\WINDOWS\system32\drivers\EagleNT.sys"
+ "FilterService" "Logitech USB Video Class Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvcflt.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ICam7fil" "CS431 USBAUDIO Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\icam7fil.sys"
+ "Icam7USB" "Universal Serial Bus Camera Driver" "Intel Corporation" "c:\windows\system32\drivers\icam7usb.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files\logmein\x86\rainfo.sys"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "LVPr2Mon" "Logitech ProcMon Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2mon.sys"
+ "LVRS" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs.sys"
+ "LVUSBSta" "USB Statistic Driver" "Logitech Inc." "c:\windows\system32\drivers\lvusbsta.sys"
+ "LVUVC" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc.sys"
+ "mbr" "" "" "File not found: C:\DOCUME~1\ZACHGA~1\LOCALS~1\Temp\mbr.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 191.07 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "nvata" "NVIDIA® nForce™ IDE Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvata.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "PciCon" "" "" "File not found: D:\PciCon.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "vcdrom" "" "" "File not found: C:\Documents and Settings\Zach Gaskins\Local Settings\Temp\VCdRom.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WmBEnum" "Logitech WingMan Virtual Bus Enumerator Driver " "Logitech Inc." "c:\windows\system32\drivers\wmbenum.sys"
+ "WMDrive" "" "" "c:\windows\system32\drivers\wmdrive.sys"
+ "WmFilter" "Logitech WingMan Hid Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\wmfilter.sys"
+ "WmVirHid" "Logitech WingMan Virtual Hid Device Driver" "Logitech Inc." "c:\windows\system32\drivers\wmvirhid.sys"
+ "WmXlCore" "Logitech WingMan Translation Driver" "Logitech Inc." "c:\windows\system32\drivers\wmxlcore.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\system32\ac3filter.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Elecard MPEG2 Demultiplexer" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\MPEG2DM.dll"
+ "IL FL Studio DXi" "" "Image-Line bvba" "c:\program files\image-line\fl studio 7\system\plugin\dxi\fl studio dxi.dll"
+ "IL Multi FL Studio DXi" "" "Image-Line bvba" "c:\program files\image-line\fl studio 7\system\plugin\dxi\fl studio dxi (multi).dll"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3Filter" "ac3filter" "" "c:\program files\ac3filter\ac3filter.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Avi Source" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\avisplitter.dll"
+ "Avi Splitter" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\avisplitter.dll"
+ "CDDA Reader" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\CdReader.dll"
+ "CoreAAC Audio Decoder" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\CoreAAC.dll"
+ "CoreAVC Video Decoder" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\AVCDecoder.dll"
+ "CoreFLAC Audio Decoder" "CoreFLAC Audio Decoder & Source DirectShow Filter" "-" "c:\program files\matroska pack\coreflacdecoder.ax"
+ "CoreFLAC Audio Source" "CoreFLAC Audio Decoder & Source DirectShow Filter" "-" "c:\program files\matroska pack\coreflacdecoder.ax"
+ "CoreVorbis Audio Decoder" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\CoreVorbis.dll"
+ "Creative MP3 Source Filter" "Creative MP3 Source Filter For Streaming Playback" "Creative Technology Ltd" "c:\program files\creative\shared files\mp3srcsp.ax"
+ "Creative VideoCrop Filter" "" "Creative Technology Ltd." "c:\program files\creative\shared files\ctvidcropfilter.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\claud.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clvsd.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\matroska pack\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\matroska pack\vsfilter.dll"
+ "DivX AAC Decoder" "AAC Audio Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux" "DivX® Media Filter" "DivXNetworks" "c:\program files\divx\divx codec\divxmedia.ax"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "DivX MKV Demux" "DivX MKV Splitter" "" "c:\program files\divx\divx plus directshow filters\dmfsource.ax"
+ "DivX MPEG-4 DVD Video Decompressor " "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\DIVX_c32.dll"
+ "DivX Subtitle Decoder" "DivX® Media Filter" "DivXNetworks" "c:\program files\divx\divx codec\divxmedia.ax"
+ "DTS/AC3 Source" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\DtsAc3.dll"
+ "DV Scenes" "DV-Timecode based Scenechange Detection" "Nero AG" "c:\program files\nero\nero8\nero vision\nvdv.dll"
+ "DV Source Filter" "DV-Timecode based Scenechange Detection" "Nero AG" "c:\program files\nero\nero8\nero vision\nvdv.dll"
+ "Elecard MPEG2 Demultiplexer" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\MPEG2DM.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\matroska pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\matroska pack\ffdshow\ffdshow.ax"
+ "ffdshow MPEG-4 Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\matroska pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\matroska pack\ffdshow\ffdshow.ax"
+ "ffdshow VFW decoder helper" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\matroska pack\ffdshow\ffdshow.ax"
+ "File Source (MO3/XM/IT)" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\MODSource.dll"
+ "File Source (Monkey Audio)" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\Monkey.dll"
+ "FLICSource" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\FlicSou.dll"
+ "GPL MPEG-1/2 Decoder" "GPL MPEG-1/2 Decoder Filter for DirectShow" "Peter Wimmer, Gabest" "c:\program files\matroska pack\gplmpgdec.ax"
+ "Haali Matroska Muxer" "" "" "c:\program files\matroska pack\haali\splitter.ax"
+ "Haali Media Splitter" "" "" "c:\program files\matroska pack\haali\splitter.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "Matroska Muxer" "Matroska Muxer" "Gabest" "c:\program files\matroska pack\matroskamuxer.ax"
+ "Moonlight MPEG-4 Video Decoder" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\MPEG4.dll"
+ "MPEG Layer-3 Decoder" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\L3Dec.dll"
+ "NeAudio2" "Nero Audio Decoder 2" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudio2.ax"
+ "NeAudioRender" "Nero Audio Renderer" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudiorender.ax"
+ "Nero Audible Decoder" "Nero Audible Decoder" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudible.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudcd.ax"
+ "Nero Audio Transcoder" "Audio Transcoding Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\netranscoder.ax"
+ "Nero AV Synchronizer" "Audio/Video Synchronizer" "Nero AG" "c:\program files\common files\nero\dsfilter\neavsync.ax"
+ "Nero Colorspace Converter" "Colorspace Converter" "Nero AG" "c:\program files\common files\nero\dsfilter\necolorspace.ax"
+ "Nero Deinterlace" "Deinterlacing Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nedeinterlace.ax"
+ "Nero Digital Audio Encoder 8" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nendaud.ax"
+ "Nero Digital File Writer 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Muxer 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Null Renderer 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Subpicture Enc 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Video Enc 8" "MPEG4 and H.264 (AVC) Video Encoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nendvid.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nedvd.ax"
+ "Nero Elementary Stream Parser" "Nero Elementary Stream Parser" "Nero AG" "c:\program files\common files\nero\dsfilter\neesparser.ax"
+ "Nero File Source (Async.)" "Nero Home" "Nero AG" "c:\program files\common files\nero\dsfilter\nefilesourceasync.ax"
+ "Nero FLV Splitter" "Nero FLV Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neflvsplitter.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\nero\dsfilter\necapture.ax"
+ "Nero Framerate Converter" "Framerate Conversion DirectShow Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neframerate.ax"
+ "Nero HD Audio Mixer" "Nero Audio Mixer" "Nero AG" "c:\program files\common files\nero\dsfilter\nehdaudiomixer.ax"
+ "Nero InteractiveGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nebdgraphic.ax"
+ "Nero MP2 Audio Encoder" "MP2 Audio Encoding Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nemp2audioenc.ax"
+ "Nero MP3 Encoder" "MP3 Encoding Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nemp3encoder.ax"
+ "Nero MP4 Splitter" "MP4 Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nemp4splitter.ax"
+ "Nero Mpeg Video Encoder" "NeroMpeg Dynamic Link Library" "Nero AG" "c:\program files\common files\nero\dsfilter\nempegvideoenc.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 encoder filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nevcr.ax"
+ "Nero Ogg Splitter" "Ogg Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neoggsplitter.ax"
+ "Nero Photo Source" "Nero Home" "Nero AG" "c:\program files\common files\nero\dsfilter\nephotosource.ax"
+ "Nero PresentationGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nebdgraphic.ax"
+ "Nero PS Muxer" "PS Muxer Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\nero\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\nero\dsfilter\neqtdec.ax"
+ "Nero Resize" "Resizing Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\nero\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\nero\dsfilter\nescenedetector.ax"
+ "Nero Sound Processor" "Nero Sound Processor" "Nero AG" "c:\program files\common files\nero\dsfilter\nesoundproc.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nesplitter.ax"
+ "Nero Stream Buffer Sink" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\nero\dsfilter\nesbe.ax"
+ "Nero Stream Buffer Source" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\nero\dsfilter\nesbe.ax"
+ "Nero Subpicture Decoder" "Nero Subpicture Decoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nesubpicture.ax"
+ "Nero Subtitle" "Subtitle Renderer & Mixer" "Nero AG" "c:\program files\common files\nero\dsfilter\nesubtitle.ax"
+ "Nero Teletext Filter" "Teletext Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neteletext.ax"
+ "Nero Thumbnail Decoder" "Thumbnail Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nebdthumbnail.ax"
+ "Nero TS Muxer" "Nero Transport Stream Muxltiplexer" "Nero AG" "c:\program files\common files\nero\dsfilter\netsmuxer.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideo.ax"
+ "Nero Video Decoder HD" "Nero HD Video Decoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideohd.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nerovideoproc.ax"
+ "Nero Video Renderer" "Nero Video Renderer" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideorenderer.ax"
+ "Nero VMR Modules Filter" "Nero VMR Modules" "Nero AG" "c:\program files\common files\nero\lib\nerovmrmodules.dll"
+ "NeroVobuGenerator" "Nero Vobu Generator" "Nero AG" "c:\program files\common files\nero\dsfilter\nerovobugenerator.ax"
+ "NeSoundSwitch" "Nero Sound Switcher" "Nero AG" "c:\program files\common files\nero\dsfilter\nesoundswitch.ax"
+ "Ogg Source" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\oggspl.dll"
+ "Ogg Splitter" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\oggspl.dll"
+ "RadLight APE DirectShow Filter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLAPEDec.ax"
+ "RadLight Audio DSP DirectShow Filter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLAudioDSP.ax"
+ "RadLight AVI Splitter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\rlavisplitter.ax"
+ "RadLight Black" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLBlack.ax"
+ "RadLight HTTP Source Filter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLHTTPSource.ax"
+ "RadLight Matroska Splitter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLMKVSplitter.ax"
+ "RadLight MP3 Splitter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLMP3Splitter.ax"
+ "RadLight Musepack Decoder" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLMPCDec.ax"
+ "RadLight Ogg Splitter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLOgg.ax"
+ "RadLight OptimFROG DirectShow Filter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLOFRDec.ax"
+ "RadLight PVA Splitter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLPVASplitter.ax"
+ "RadLight Source Filter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLSource.ax"
+ "RadLight Speex Decoder" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLSpeexDec.ax"
+ "RadLight Subtitle Dumper" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLSubtitleDumper.ax"
+ "RadLight Theora Decoder" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLTheoraDec.ax"
+ "RadLight TTA DirectShow Filter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLTTADec.ax"
+ "RadLight Video DSP DirectShow Filter" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLVideoDSP.ax"
+ "RadLight Vorbis Decoder" "" "" "File not found: C:\Program Files\RadLight Company\RadLight 4.0\Filters\RLVorbisDec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\matroska pack\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\matroska pack\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\matroska pack\realmediasplitter.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\matroska pack\realmediasplitter.ax"
+ "RIFF/CDXA Source" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\XcdSou.dll"
+ "True Audio Decoder" "True Audio DirectShow Decoder" "-" "c:\program files\matroska pack\ttadsdecoder.ax"
+ "True Audio Splitter" "True Audio DirectShow Splitter" "-" "c:\program files\matroska pack\ttadssplitter.ax"
+ "TrueMotion 2.0 Decompressor" "TrueMotion 2.0 Decompressor" "The Duck Corporation" "c:\windows\system32\tm20dec.ax"
+ "VHScreenDecoder" "VHScreenDecoder" "Hmelyoff Labs" "c:\program files\hmelyofflabs\vhscrcap\vhscreendecoder.ax"
+ "VHSplitProcSource" "VHMediaLib COM implementation" "Hmelyoff Labs" "c:\program files\hmelyofflabs\vhtoolkit\vhmediacom.dll"
+ "VOB Files Source (Async.)" "" "" "File not found: C:\WINDOWS\system32\FTCodecs\Dlls\VobSou.dll"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\matroska pack\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\matroska pack\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "avgrsstarter" "AVG Resident Shield Starter" "AVG Technologies CZ, s.r.o." "c:\windows\system32\avgrsstx.dll"
+ "LMIinit" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "000000000001" "NVIDIA IAM LSP" "NVIDIA" "c:\windows\system32\nvappfilter.dll"
+ "000000000002" "NVIDIA IAM LSP" "NVIDIA" "c:\windows\system32\nvappfilter.dll"
+ "000000000003" "NVIDIA IAM LSP" "NVIDIA" "c:\windows\system32\nvappfilter.dll"
+ "000000000009" "NVIDIA IAM LSP" "NVIDIA" "c:\windows\system32\nvappfilter.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 31 March 2010 - 05:12 PM

There's nothing that I can see that is malicious.

I would like to run a couple of scans to see if any remnants of infections have been left behind.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found there will be no option to export the text file as no log will be produced. Let me know if this is the case.

So far, so good.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#11 bigheadzach

bigheadzach
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 31 March 2010 - 10:38 PM

MBAM found nothing, but ESET found something nestled in my Java cache: (log follows)

C:\Documents and Settings\Zach Gaskins\Application Data\Sun\Java\Deployment\cache\6.0\51\3b7e4533-5e7cacc7 probably a variant of Java/TrojanDownloader.Agent.AB trojan cleaned by deleting - quarantined




Not sure if that will fix the problem outright, but I'm awaiting your next step.

(in browsing, I'm still getting the missed page requests, so I don't know if this is related to problem I'm having. Still it's good to have found it.)

Edited by bigheadzach, 31 March 2010 - 10:40 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 01 April 2010 - 08:40 AM

Hmm, I'm satisifed that the PC is clean. Let's clean up the PC a bit more and remove any possible infection copies.

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.


Then

Old versions of Java are big doors to malware. JavaRa removes them and updates your version to the most current.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Please make sure you turn on the Java Automatic Update Feature

    Then you will not have to remember to update it when Java introduces a new version.
    Java is updated very frequently, and the old versions are malware magnets.

    Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.
Finally

Please Download Flash Cookie Killer by Bobbie Flekman and save it to your Desktop

==========

excl.gif Warning excl.gif

Steps (1-3) will delete all existing highscores and game settings for flash games. Steps (4-8) might prevent the ability to save highscores in some games all together.

==========
  1. Double click from your desktop

  2. Check "Everything but Adobe Site Settings"

  3. Mouse click "Make it so!"


  4. Now go to the Adobe Flash Player Settings Manager

  5. In the "Website Storage Settings" choose the "Delete All Sites" tab then "Confirm"


  6. Next in the "Global Storage Settings" uncheck "Allow third-party Flash content to store on your computer"


  7. Finally in the "Global Privacy Settings" choose "Always Deny" then "Confirm"


  8. You have now successfully deleted cookies stored and changed the Flash Players default settings to prevent access in the future.
Reboot and then run the following program
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
I'll take another look using OTL just to make sure I haven't missed something smile.gif

Edited by m0le, 01 April 2010 - 08:41 AM.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#13 bigheadzach

bigheadzach
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 01 April 2010 - 09:40 AM

Performed all the cleanups, but still getting page mis-hits.

OTL logfile created on: 4/1/2010 10:31:27 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Zach Gaskins\Desktop\Anti-Malware apps
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 35.54 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 672.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 232.88 Gb Total Space | 62.11 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 465.76 Gb Total Space | 347.37 Gb Free Space | 74.58% Space Free | Partition Type: NTFS

Computer Name: BIGHEAD2
Current User Name: Zach Gaskins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Zach Gaskins\Desktop\Anti-Malware apps\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\U-ABIT\ABITEQ\abiteq.exe (Universal ABIT Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Zach Gaskins\Desktop\Anti-Malware apps\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (wampmysqld) -- c:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (wampapache) -- c:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (ForcewareWebInterface) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (WMDrive) -- C:\WINDOWS\system32\drivers\WMDrive.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (CAMTHWDM) -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys ()
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ABIT-IO) -- C:\Program Files\U-ABIT\ABITEQ\ABIT-IO.sys ()
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (ICam7fil) Intel® -- C:\WINDOWS\system32\drivers\icam7fil.sys (Intel Corporation)
DRV - (Icam7USB) Intel® -- C:\WINDOWS\system32\drivers\Icam7USB.sys (Intel Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {1fc895a6-2042-46ec-a61b-233165b4c218}:1.2.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.464
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000054
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.5.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/21 20:17:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 03:00:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/23 01:37:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/01 10:21:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 02:41:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/23 02:41:09 | 000,000,000 | ---D | M]

[2009/10/14 12:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Extensions
[2008/06/21 02:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/14 12:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Extensions\[email protected]
[2010/03/23 02:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions
[2010/02/18 03:30:37 | 000,000,000 | ---D | M] (Better JTV) -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}
[2009/07/02 01:54:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 03:30:37 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/02/18 03:30:37 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/12/09 01:44:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/18 03:30:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/13 00:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\[email protected]
[2009/10/19 14:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\[email protected]
[2008/09/23 22:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\[email protected]
[2010/02/18 03:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\extensions\[email protected]
[2008/02/11 02:26:01 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\searchplugins\bgg-game-search.xml
[2008/01/24 17:36:29 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\searchplugins\encyclopedia-dramatica-.xml
[2008/01/31 22:30:40 | 000,002,058 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\searchplugins\thottbot.xml
[2008/01/03 01:47:52 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\searchplugins\wikipedia-english.xml
[2008/12/16 02:06:26 | 000,002,442 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\searchplugins\wikiquote-en.xml
[2008/06/24 00:41:30 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\searchplugins\wiktionary-en.xml
[2008/03/23 01:33:23 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Mozilla\Firefox\Profiles\e49aqkqo.default\searchplugins\youtube-video-search.xml
[2010/04/01 10:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/23 02:41:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/20 02:03:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/01/16 00:40:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/22 10:15:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/03/20 23:23:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/20 23:42:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/11 18:32:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/03 21:07:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 23:05:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/09 17:34:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/03 21:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/01 10:21:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/03/23 02:40:53 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/23 02:40:53 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 10:21:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/09/15 20:12:12 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/03/23 02:41:00 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/11/12 16:35:55 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/12/18 03:43:52 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/07/21 20:17:47 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/11/19 17:12:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/19 17:12:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/19 17:12:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/19 17:12:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/19 17:12:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/07/21 20:17:57 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/07/21 20:17:45 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/23 02:41:02 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/23 02:41:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/23 02:41:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/23 02:41:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/23 02:41:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/23 02:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/23 02:41:02 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/03/23 02:03:38 | 000,380,777 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13142 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe (IMTiger Software Ltd.)
O4 - HKCU..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\ABITEQ\abiteq.exe (Universal ABIT Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Zach Gaskins\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1213938532656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.37.23 205.152.150.23
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/26 23:55:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/01 10:21:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/01 10:21:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/01 10:21:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/01 10:21:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/01 10:12:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/31 18:24:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/31 18:24:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/31 03:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Fallen Earth
[2010/03/28 20:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zach Gaskins\Desktop\DCIM
[2010/03/23 10:38:13 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/03/23 10:36:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/22 17:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/03/20 02:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/17 09:41:17 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/09 15:12:23 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 15:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zach Gaskins\Desktop\PHP and MySQL Programming
[2010/03/05 13:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Scorched3D
[2010/03/04 16:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\City of Heroes
[2009/12/11 21:42:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/11 21:42:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/11 21:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/11 21:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/05 02:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2009/09/07 12:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/08 03:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/05/19 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2009/05/04 01:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/12/02 00:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/02/15 01:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\DivX
[2008/01/09 14:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/01 10:21:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/01 10:21:39 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/01 10:21:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/01 10:21:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/01 10:21:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/01 10:17:35 | 013,631,488 | -H-- | M] () -- C:\Documents and Settings\Zach Gaskins\NTUSER.DAT
[2010/04/01 09:34:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-842925246-682003330-1004UA.job
[2010/03/31 19:50:10 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\esetsmartinstaller_enu.exe
[2010/03/31 19:34:04 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-842925246-682003330-1004Core.job
[2010/03/31 18:24:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 16:17:10 | 000,146,089 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Application Data\icarus-dxdiag.xml
[2010/03/31 16:08:42 | 000,250,403 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/31 16:08:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 16:07:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 16:07:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 11:28:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/31 08:47:13 | 058,313,297 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/31 03:50:37 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Fallen Earth.lnk
[2010/03/31 03:43:21 | 301,231,412 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\FallenEarth.msi
[2010/03/31 03:22:55 | 002,883,719 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\AutoRuns.arn
[2010/03/30 16:33:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/29 20:19:29 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 10:18:10 | 064,576,746 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\1033572.flv
[2010/03/25 16:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/25 03:24:09 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\McMultiRules.doc
[2010/03/24 16:24:35 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\defogger_reenable
[2010/03/23 10:38:12 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/03/23 02:03:38 | 000,380,777 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/23 01:42:46 | 000,521,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 01:42:46 | 000,441,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 01:42:46 | 000,071,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/23 01:35:25 | 003,174,528 | -H-- | M] () -- C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\IconCache.db
[2010/03/22 17:51:59 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\SIW.lnk
[2010/03/19 17:05:15 | 000,197,424 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\SFS_EN.pdf
[2010/03/17 09:41:18 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/17 09:41:17 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/17 09:41:17 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/17 09:40:46 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/16 02:12:22 | 000,229,888 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/10 06:38:22 | 000,000,617 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/09 15:30:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/07 11:56:25 | 028,352,724 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\pcgen5162_win_install.exe
[2010/03/05 21:24:40 | 000,527,540 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\ScreenShot-1267838679-0.png
[2010/03/04 18:50:30 | 000,016,908 | ---- | M] () -- C:\Documents and Settings\Zach Gaskins\Desktop\Zach cover letter.doc.docx
[2010/03/03 02:53:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/03/03 02:53:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/31 19:50:02 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\esetsmartinstaller_enu.exe
[2010/03/31 18:24:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 16:17:10 | 000,146,089 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Application Data\icarus-dxdiag.xml
[2010/03/31 03:50:37 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Fallen Earth.lnk
[2010/03/31 03:28:51 | 301,231,412 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\FallenEarth.msi
[2010/03/31 03:22:54 | 002,883,719 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\AutoRuns.arn
[2010/03/29 10:04:23 | 064,576,746 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\1033572.flv
[2010/03/25 03:24:09 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\McMultiRules.doc
[2010/03/24 16:24:22 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\defogger_reenable
[2010/03/23 01:35:42 | 000,081,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/22 17:51:59 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\SIW.lnk
[2010/03/19 17:05:15 | 000,197,424 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\SFS_EN.pdf
[2010/03/07 11:54:59 | 028,352,724 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\pcgen5162_win_install.exe
[2010/03/05 21:24:40 | 000,527,540 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\ScreenShot-1267838679-0.png
[2010/03/04 18:50:27 | 000,016,908 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Desktop\Zach cover letter.doc.docx
[2009/12/01 01:09:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/11/19 17:02:12 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Application Data\rftg
[2009/10/20 19:13:58 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\fusioncache.dat
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/08/02 00:59:08 | 000,000,171 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2009/06/01 18:53:41 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Application Data\Psi 5 Settings
[2009/02/21 21:01:54 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\PUTTY.RND
[2009/02/12 00:58:28 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\WMDrive.sys
[2009/02/09 21:03:49 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/12/28 02:12:32 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/27 12:41:30 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/09/25 01:04:54 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/25 01:04:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/21 20:18:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/26 20:37:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/05/25 21:32:48 | 000,000,616 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/25 11:53:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/12 23:20:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/09 00:56:49 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\FOLESVR.DLL
[2008/01/13 00:57:42 | 000,000,122 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/01/04 00:13:02 | 000,000,020 | ---- | C] () -- C:\WINDOWS\SpaceTaxiDemo.INI
[2008/01/02 19:36:12 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/27 23:18:12 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2009/12/11 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/20 19:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blue Box Network
[2008/07/27 16:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DrStrangeLug
[2009/02/21 13:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/05/15 20:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/06/20 02:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2009/04/25 12:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/11/12 17:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/11/12 16:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/11/03 20:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/02/21 20:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/02/09 21:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2009/06/12 04:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMount
[2010/03/23 10:36:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2008/01/04 00:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A047F26D-4602-4aaf-ACE7-F6F2ECEC34F9}
[2008/03/14 20:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Amazon
[2009/03/20 22:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\ChipWitsII.9B96BA19F29B0217906EF8B5B8D836A02AEF02CB.1
[2008/11/16 23:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Conversations Network
[2010/03/18 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\DC++
[2009/10/14 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Greyfirst
[2009/12/30 01:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\gtk-2.0
[2008/02/09 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Helios
[2010/02/09 00:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\IrfanView
[2008/12/28 02:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Leadertech
[2009/02/12 00:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Local Settings
[2009/11/12 18:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\NeopleLauncherDFO
[2009/02/21 12:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\OpenOffice.org
[2008/07/20 12:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\RadLight Company
[2009/05/17 23:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\SAM
[2008/07/13 20:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\SecondLife
[2009/03/21 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\SSH
[2009/11/09 17:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Stella
[2008/02/09 11:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\TextPad
[2009/01/14 20:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/03 15:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2008/01/04 00:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Twilight Games
[2010/02/17 03:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\uTorrent
[2009/02/09 21:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\Webcammax
[2010/02/24 12:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach Gaskins\Application Data\wootalyzer
[2010/03/31 11:28:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 4/1/2010 10:31:27 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Zach Gaskins\Desktop\Anti-Malware apps
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 35.54 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 672.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 232.88 Gb Total Space | 62.11 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 465.76 Gb Total Space | 347.37 Gb Free Space | 74.58% Space Free | Partition Type: NTFS

Computer Name: BIGHEAD2
Current User Name: Zach Gaskins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"15931:TCP" = 15931:TCP:*:Disabled:SolidNetworkManager
"15931:UDP" = 15931:UDP:*:Disabled:SolidNetworkManager
"8080:TCP" = 8080:TCP:*:Enabled:Cosmic Server
"58610:TCP" = 58610:TCP:*:Enabled:Pando Media Booster
"58610:UDP" = 58610:UDP:*:Enabled:Pando Media Booster
"6260:TCP" = 6260:TCP:*:Enabled:Mule TCP
"6260:UDP" = 6260:UDP:*:Enabled:Mule UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Zach Gaskins\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Zach Gaskins\Desktop\eclipse\eclipse.exe" = C:\Documents and Settings\Zach Gaskins\Desktop\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Games\World of Warcraft\Launcher.exe" = C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Games\Nesticle\NESTCL95.EXE" = C:\Games\Nesticle\NESTCL95.EXE:*:Enabled:NESTCL95 -- ()
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java™ Web Start Launcher -- (Sun Microsystems, Inc.)
"C:\Program Files\SecondLife\SecondLife.exe" = C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life -- (Linden Lab)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Games\Gang Garrison 2\Gang Garrison 2.exe" = C:\Games\Gang Garrison 2\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2 -- (Faucet Software)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Games\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Games\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Games\DFO\DFO.exe" = C:\Games\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- (neople)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Games\mule\data\lib\jre\bin\java.exe" = C:\Games\mule\data\lib\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Java\jre6\launch4j-tmp\mule.exe" = C:\Program Files\Java\jre6\launch4j-tmp\mule.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Steam\steamapps\common\tank universal steamworks edition\TU.exe" = C:\Program Files\Steam\steamapps\common\tank universal steamworks edition\TU.exe:*:Enabled:Tank Universal -- ()
"C:\Program Files\Steam\steamapps\common\trackmania united\TmForever.exe" = C:\Program Files\Steam\steamapps\common\trackmania united\TmForever.exe:*:Enabled:TrackMania United Forever: Star Edition -- ()
"C:\Program Files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe" = C:\Program Files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:*:Enabled:TrackMania United Forever: Star Edition -- ()
"C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Defence Alliance 2 -- ()
"C:\Program Files\Scorched3D\scorcheds.exe" = C:\Program Files\Scorched3D\scorcheds.exe:*:Enabled:scorcheds -- ()
"C:\Program Files\Steam\steamapps\bigheadzach\ricochet\hl.exe" = C:\Program Files\Steam\steamapps\bigheadzach\ricochet\hl.exe:*:Enabled:Ricochet -- (Valve)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AEA77CA-025F-4826-9300-727143B8075D}_is1" = Strange Attractors 2
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3966CA49-C6A5-4087-9125-DF8B02CC86B1}" = Softrope
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82448C0D-FB2A-4E10-9F2C-F404F067A85B}" = Fallen Earth
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9E89B3DC-E48A-3A7B-3827-489D151CA620}" = TweetDeck
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3DB6885-DDFA-442A-A2C2-EC1842CA4953}" = ABITEQ V1.1.0.2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.03.10
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 9.10 beta
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AutoHotkey" = AutoHotkey 1.0.48.03
"AVG9Uninstall" = AVG Free 9.0
"Celtx (2.0.2)" = Celtx (2.0.2)
"COH" = City of Villains/City of Heroes (remove only)
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DC++" = DC++ 0.750
"DFO" = DFOLauncher
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FL Studio_is1" = FL Studio v7.0
"FLV Player" = FLV Player 2.0 (build 25)
"GCFScape_is1" = GCFScape 1.6.8
"HaaliMkx" = Haali Media Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Levelator_is1" = Levelator
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PowerDVD" = PowerDVD
"Race for the Galaxy_is1" = Race for the Galaxy 0.6.0
"RealPlayer 6.0" = RealPlayer
"Ruby-186-26" = Ruby-186-26
"Scorched3D" = Scorched3D 42.1
"SecondLife" = SecondLife (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam App 1250" = Killing Floor
"Steam App 12900" = Audiosurf
"Steam App 19200" = Tank Universal
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 60" = Ricochet
"Steam App 7200" = TrackMania United Forever
"Stella_is1" = Stella 3.0
"Strange Adventures in Infinite Space" = Strange Adventures in Infinite Space
"Supertintin for Skype_is1" = Supertintin 1.1.4.2300
"SysInfo" = Creative System Information
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VH Toolkit_is1" = VH Toolkit 1.0.39.0
"WampServer 2_is1" = WampServer 2.0
"WebcamMax" = WebcamMax
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMount3_is1" = WinMount V3.2.0120
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wootalyzer" = Wootalyzer!
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2010 2:34:13 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 3/29/2010 3:34:14 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 3/29/2010 4:34:13 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 3/29/2010 5:34:14 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 3/29/2010 6:34:12 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 3/29/2010 7:34:15 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 3/29/2010 8:34:13 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 3/29/2010 9:34:28 AM | Computer Name = BIGHEAD2 | Source = Google Update | ID = 20
Description =

Error - 4/1/2010 3:13:28 AM | Computer Name = BIGHEAD2 | Source = Application Hang | ID = 1002
Description = Hanging application Frontend.exe, version 2.45.8.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2010 10:16:41 AM | Computer Name = BIGHEAD2 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 4/1/2010 10:31:06 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:06 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:06 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:06 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:06 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:06 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:07 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:07 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:08 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2010 10:31:08 AM | Computer Name = BIGHEAD2 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 01 April 2010 - 04:58 PM

There's certainly no malware there now.

Chrome seems to have lost its file association so I would reinstall the program. Firefox seems to be okay though.

Run both browsers afterwards and let me know how they go.


[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#15 bigheadzach

bigheadzach
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 01 April 2010 - 09:50 PM

Reinstalling and running both browsers, I still get the frequent page mis-hits.

To give you an idea of how this behaves:

In Firefox, I will either select a bookmark or click Enter/Go on the address bar, and nothing will happen. No page is served, but the one I was on still appears.

In Chrome, I get an error message saying that the webpage is not available, or that "Oops! I couldn't connect." (Error 104 (net::ERR_CONNECTION_FAILED): The attempt to connect to the server failed.)

Now, this can appear within a page as well, either as images that don't load, iframe ads which give the above error in Chrome, or if the underlying CSS for a page fails, then the page is displayed without proper formatting and looks real strange.

On sites which feature video via HTTP streaming, they will fail to start. Sometimes pages which use AJAX (XML in HTTP requests) will not function properly, when a request gets rejected immediately.

On other non-browser applications which use HTTP as their communication protocol (for example, Tweetdeck, a very popular Twitter app), the requests will come back instantly in error, and I have to retry multiple times before it gets through.

I have other computers on the local network which do not have this problem, so I can rule out any sort of issue with the router involved.

I'm not an expert, but this happened to me before (cause and specifics unknown), and it looks very much like some process is hijacking all outgoing HTTP requests from my computer, and attempting to reroute them to sites that my HOSTS file is blocking (if the symptoms would indicate that). Some of the data I saw in the reports I provided identified multiple connections to the "1e100.net" domain being established in Chrome. That looks eerily similar to the cryptic addresses that are shown in the excerpt from the HOSTS file in the last report I provided.

Wonder if this is hinting at a rogue BHO or something else entirely.

Any additional help I can provide you will be given with utmost speed and sincerity.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users