Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Results Redirection


  • This topic is locked This topic is locked
41 replies to this topic

#1 Snafoo

Snafoo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 14 November 2010 - 10:28 PM

I use Mozilla Firefox. Whenever I go to one of Google's search results I'm redirected to either an unknown search engine or http://google.com/webhp.

I've tried disabling all plugins/add-ons, and even installing a new version of Firefox, but the problem still persists.

I've attached my DDS and GMER logs.

Any help would be greatly appreciated!

Thanks,
Snafoo

Attached Files

  • Attached File  DDS.txt   14.41KB   2 downloads
  • Attached File  ark.log   383bytes   1 downloads

Edited by Snafoo, 14 November 2010 - 10:57 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

    Bleeping Cookie


  • Malware Response Team
  • 4,059 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:I don't know.
  • Local time:02:15 AM

Posted 22 November 2010 - 04:57 PM

Hello and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Snafoo

Snafoo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 22 November 2010 - 05:36 PM

Along with the problem stated in my original post. It seems as if this malware is stealing my passwords. One of my MSN accounts keep signing in, sending people messages, and signing out. I have many MSN accounts, but the only one that has been infiltrated is the one I sign into through my browser. So it seems as if this malware is getting passwords through that.

I've done a MalwareBytes scan and removed all found infections, but the problems still persist.

DDS.txt

DDS (Ver_10-11-10.01) - NTFS_AMD64  
Run by Carl at 17:10:05.41 on Mon 11/22/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2047.223 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Subversion\bin\httpd.exe
C:\Windows\system32\java.exe
C:\Program Files\Subversion\bin\httpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\Users\Carl\Desktop\gmer.exe
C:\Users\Carl\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: {D762890D-154B-404C-AB7C-88C747EC2329} = 8.8.8.8,8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
Hosts: 0.0.0.0 virusscan.jotti.org
Hosts: 0.0.0.0 virustotal.com
Hosts: 0.0.0.0 scanner.virus.org
Hosts: 0.0.0.0 virscan.org
Hosts: 0.0.0.0       www.scanner.virus.org

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Carl\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Windows\System32\drivers\BdfNdisf6.sys [2009-10-19 87048]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2009-10-19 89096]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-9-22 103432]
R2 CollabNetSubversionServer;CollabNet Subversion Server;C:\Program Files\Subversion\bin\httpd.exe [2010-10-25 24635]
R2 CSVNConsole;CollabNet Subversion Edge;"java" "-classpath" "C:\Program Files\Subversion\svcwrapper\wrapper.jar" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files\Subversion\svcwrapper\..\appserver" "-Dwrapper.config=C:\Program Files\Subversion\svcwrapper\conf\wrapper.conf" "-Dwrapper.additional.1x=-Xrs" "org.rzo.yajsw.boot.WrapperServiceBooter"  --> java [?]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2010-2-26 6159656]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-4-26 1101600]
R3 BDFM;BDFM;C:\Windows\System32\drivers\bdfm.sys [2009-12-7 163936]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 VBoxMouse;VirtualBox Guest Mouse Service;C:\Windows\System32\drivers\VBoxMouse.sys [2010-3-25 51600]
S1 VBoxSF;VirtualBox Shared Folders;C:\Windows\System32\drivers\VBoxSF.sys [2010-3-25 249168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gogoc;gogo6 gogoCLIENT;C:\Program Files\gogo6\gogoCLIENT\gogoc.exe [2010-1-8 519976]
S2 sshd;CYGWIN sshd;C:\cygwin\bin\cygrunsrv.exe [2010-5-15 68096]
S2 VBoxService;VirtualBox Guest Additions Service;system32\VBoxService.exe --> system32\VBoxService.exe [?]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-7 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-1 1038088]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-7-26 61952]
S3 netr28ux;Compact Wireless-G USB Network Adapter;C:\Windows\System32\drivers\netr28ux.sys [2009-5-25 966144]
S3 svnserver;svnserver;C:\Server\SVN\bin\svnserve.exe --service -r C:\Repositories\Souran --> C:\Server\SVN\bin\svnserve.exe --service -r C:\Repositories\Souran [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-6-8 42896]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-2-26 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]

=============== Created Last 30 ================

2010-11-22 02:52:44	--------	d-----w-	C:\Users\Carl\AppData\Roaming\Gyazo
2010-11-22 02:52:22	--------	d-----w-	C:\Program Files (x86)\Gyazo
2010-11-21 15:01:18	--------	d-----w-	C:\$WINDOWS.~BT
2010-11-21 14:55:59	--------	d-----w-	C:\Users\Carl\AppData\Roaming\Malwarebytes
2010-11-21 14:51:11	--------	d-----w-	C:\Binaries
2010-11-21 14:50:28	38224	----a-w-	C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-21 14:50:25	24664	----a-w-	C:\Windows\System32\drivers\mbam.sys
2010-11-21 14:50:25	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-21 14:50:25	--------	d-----w-	C:\PROGRA~3\Malwarebytes
2010-11-18 03:26:26	--------	d-----w-	C:\Program Files\Subversion
2010-11-18 03:10:05	455680	----a-w-	C:\Windows\System32\deployJava1.dll
2010-11-16 04:41:58	--------	d-----w-	C:\Program Files (x86)\phpDesigner 7
2010-11-16 00:21:16	1864192	----a-w-	C:\Windows\System32\ExplorerFrame.dll
2010-11-15 17:47:37	--------	d-----w-	C:\var
2010-11-15 03:16:03	388096	----a-r-	C:\Users\Carl\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-15 03:15:56	--------	d-----w-	C:\Program Files (x86)\Trend Micro
2010-11-15 00:45:30	--------	d-----w-	C:\Users\Carl\AppData\Local\VisualAssist
2010-11-15 00:44:12	4068864	----a-w-	C:\Windows\System32\mf.dll
2010-11-15 00:44:12	257024	----a-w-	C:\Windows\System32\mfreadwrite.dll
2010-11-15 00:44:12	206848	----a-w-	C:\Windows\System32\mfps.dll
2010-11-15 00:44:12	196608	----a-w-	C:\Windows\SysWow64\mfreadwrite.dll
2010-11-15 00:44:12	1888256	----a-w-	C:\Windows\System32\WMVDECOD.DLL
2010-11-15 00:44:12	1619456	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-15 00:44:11	3181568	----a-w-	C:\Windows\SysWow64\mf.dll
2010-11-14 16:34:14	--------	d-sh--w-	C:\$RECYCLE.BIN
2010-11-13 23:02:07	--------	d-----w-	C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
2010-11-13 22:22:11	--------	d-----w-	C:\Program Files (x86)\Resource Hacker
2010-11-13 22:17:28	--------	d-----w-	C:\Program Files\Speccy
2010-11-13 21:26:22	332288	----a-w-	C:\Windows\System32\uxtheme.dll.backup
2010-11-13 21:26:17	2851328	----a-w-	C:\Windows\System32\themeui.dll.backup
2010-11-13 21:26:15	44544	----a-w-	C:\Windows\System32\themeservice.dll.backup
2010-11-13 05:56:47	94040	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\8ec018b01cb82f71a\DSETUP.dll
2010-11-13 05:56:47	525656	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\8ec018b01cb82f71a\DXSETUP.exe
2010-11-13 05:56:08	--------	d-----w-	C:\Users\Carl\AppData\Local\Windows Live
2010-10-30 02:02:37	--------	d-----w-	C:\Users\Carl\AppData\Roaming\Digsby
2010-10-30 02:02:37	--------	d-----w-	C:\Users\Carl\AppData\Local\Digsby
2010-10-30 02:02:37	--------	d-----w-	C:\PROGRA~3\Digsby
2010-10-30 01:58:10	--------	d-----w-	C:\Program Files (x86)\Digsby
2010-10-26 21:45:48	961024	----a-w-	C:\Windows\System32\CPFilters.dll
2010-10-26 21:45:48	641536	----a-w-	C:\Windows\SysWow64\CPFilters.dll
2010-10-26 21:45:48	552960	----a-w-	C:\Windows\System32\msdri.dll
2010-10-26 21:45:48	288256	----a-w-	C:\Windows\System32\MSNP.ax
2010-10-26 21:45:48	258560	----a-w-	C:\Windows\System32\mpg2splt.ax
2010-10-26 21:45:48	204288	----a-w-	C:\Windows\SysWow64\MSNP.ax
2010-10-26 21:45:48	199680	----a-w-	C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 21:45:41	27008	----a-w-	C:\Windows\System32\drivers\Diskdump.sys

==================== Find3M  ====================

2010-11-13 21:26:22	332288	----a-w-	C:\Windows\System32\uxtheme.dll
2010-11-13 21:26:17	2851328	----a-w-	C:\Windows\System32\themeui.dll
2010-11-13 21:26:15	44544	----a-w-	C:\Windows\System32\themeservice.dll
2010-10-14 06:36:52	15451288	----a-w-	C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50	13642904	----a-w-	C:\Windows\SysWow64\xlivefnt.dll
2010-09-22 15:17:00	28672	----a-w-	C:\Windows\SysWow64\NSREG.DLL
2010-09-11 04:40:11	423656	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43	347648	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 15:17:46	94208	----a-w-	C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46	69632	----a-w-	C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17	1192960	----a-w-	C:\Windows\System32\wininet.dll
2010-09-08 05:34:34	57856	----a-w-	C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04	978432	----a-w-	C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15	44544	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38	482816	----a-w-	C:\Windows\System32\html.iec
2010-09-08 03:35:30	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31	386048	----a-w-	C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16	1638912	------w-	C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09	12625920	----a-w-	C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49	12625408	----a-w-	C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34	3123712	----a-w-	C:\Windows\System32\win32k.sys
2010-08-31 04:32:30	954752	----a-w-	C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30	954288	----a-w-	C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02	236032	----a-w-	C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48	9728	----a-w-	C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04	463360	----a-w-	C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48	402944	----a-w-	C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26	161792	----a-w-	C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28	148992	----a-w-	C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58	109056	----a-w-	C:\Windows\SysWow64\t2embed.dll

============= FINISH: 17:11:20.98 ===============

I'm on Windows 7, and the only GMER scan options I have can be seen here:
http://gyazo.com/82cbe5d3487defbca862475227810c97.png

I don't know whether or not this is a problem or not. When I scan with it though, it says that it hasn't found any system modifications. I've attached the Attach.txt log generated by DDS.

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 51,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 25 November 2010 - 05:43 AM

Hello, and sorry for the delay.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Snafoo

Snafoo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 25 November 2010 - 09:32 PM

I'm away from home at the moment, as I'm at family's for the holidays. I'll be home Sunday, so could we postpone this until then?

Your help is very much appreciated, and I can't wait to remove this annoying and invasive malware from my system!

Thanks,
Snafoo

Edited by Snafoo, 25 November 2010 - 09:32 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 51,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 26 November 2010 - 04:23 AM

Okay, thank your for letting me know. :)
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Snafoo

Snafoo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 28 November 2010 - 08:07 PM

Alright. I'm home now!

Here's that log that you wanted.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Ultimate Edition
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	 EVGA
BIOS Manufacturer:		Phoenix Technologies, LTD
System Manufacturer:		 EVGA
System Product Name:		132-CK-NF78
Logical Drives Mask:		0x0000000d

Kernel Drivers (total 221):
  0x02E4C000 \SystemRoot\system32\ntoskrnl.exe
  0x02E03000 \SystemRoot\system32\hal.dll
  0x00BAC000 \SystemRoot\system32\kdcom.dll
  0x00C86000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CCA000 \SystemRoot\system32\PSHED.dll
  0x00CDE000 \SystemRoot\system32\CLFS.SYS
  0x00D3C000 \SystemRoot\system32\CI.dll
  0x00EED000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F91000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00FA0000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FF7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E5F000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E74000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00ED0000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00ED7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00C1A000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00C23000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00C4D000 \SystemRoot\system32\DRIVERS\nvstor.sys
  0x01044000 \SystemRoot\system32\DRIVERS\storport.sys
  0x010A6000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x010B1000 \SystemRoot\system32\drivers\fltmgr.sys
  0x010FD000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01111000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
  0x01240000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0116C000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013E3000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01424000 \SystemRoot\System32\Drivers\cng.sys
  0x01497000 \SystemRoot\System32\drivers\pcw.sys
  0x014A8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x014B2000 \SystemRoot\system32\drivers\ndis.sys
  0x016F9000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01759000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01803000 \SystemRoot\System32\drivers\tcpip.sys
  0x01784000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x017CE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x0164C000 \SystemRoot\System32\Drivers\spldr.sys
  0x01654000 \SystemRoot\System32\drivers\rdyboost.sys
  0x0168E000 \SystemRoot\System32\Drivers\mup.sys
  0x016A0000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x016A9000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x016E3000 \SystemRoot\system32\DRIVERS\disk.sys
  0x015A4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x017F6000 \SystemRoot\System32\Drivers\Null.SYS
  0x01413000 \SystemRoot\System32\Drivers\Beep.SYS
  0x0122A000 \SystemRoot\System32\drivers\vga.sys
  0x01200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x011CA000 \SystemRoot\System32\drivers\watchdog.sys
  0x0141A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x011DA000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x011E3000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x011EC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01000000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01011000 \SystemRoot\system32\DRIVERS\BdfNdisf6.sys
  0x03EF1000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03F0F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03F1C000 \SystemRoot\system32\drivers\afd.sys
  0x03FA6000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03FEB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03E26000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03E3C000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
  0x03E50000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03E9B000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03EB8000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x04092000 \SystemRoot\system32\drivers\vpcvmm.sys
  0x040E9000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
  0x040F5000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
  0x04125000 \SystemRoot\SysWOW64\drivers\truecrypt.sys
  0x04165000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x04179000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0x04193000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x041E4000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x041F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x04000000 \SystemRoot\System32\drivers\discache.sys
  0x0400F000 \SystemRoot\system32\drivers\csc.sys
  0x03ED3000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03E5F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03E70000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
  0x02C9C000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x02CC2000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0F055000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x0FD7F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x02CD8000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0FD81000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x0FDC7000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x0FDD4000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x0FDE0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x0F000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0F00F000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x0F01A000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x02C56000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x04255000 \SystemRoot\system32\drivers\ctaud2k.sys
  0x042FB000 \SystemRoot\system32\drivers\portcls.sys
  0x04338000 \SystemRoot\system32\drivers\drmk.sys
  0x0435A000 \SystemRoot\system32\drivers\ks.sys
  0x0439D000 \SystemRoot\system32\drivers\ctoss2k.sys
  0x043CE000 \SystemRoot\system32\drivers\ctprxy2k.sys
  0x043D6000 \SystemRoot\system32\drivers\ksthunk.sys
  0x043DC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x04200000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x04210000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
  0x04213000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x0422C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x04235000 \SystemRoot\system32\drivers\povrtdev.sys
  0x0F02B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x02DCC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x04240000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x044E4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04513000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0452E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0454F000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04569000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04574000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04583000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
  0x045AA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x045AC000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x045BE000 \SystemRoot\system32\DRIVERS\vpcusb.sys
  0x045DB000 \SystemRoot\system32\DRIVERS\usbrpm.sys
  0x045EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x04400000 \SystemRoot\system32\DRIVERS\vpchbus.sys
  0x0443C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x04447000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x044A1000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x044AE000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
  0x044B6000 \SystemRoot\system32\DRIVERS\VBoxMouse.sys
  0x044C1000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04A3A000 \SystemRoot\system32\drivers\ha20x2k.sys
  0x04C5C000 \SystemRoot\system32\drivers\HdAudio.sys
  0x04CB8000 \SystemRoot\system32\drivers\emupia2k.sys
  0x04D02000 \SystemRoot\system32\drivers\ctsfm2k.sys
  0x04D3A000 \SystemRoot\system32\drivers\ctac32k.sys
  0x04C00000 \SystemRoot\System32\drivers\CTHWIUT.SYS
  0x04C1B000 \SystemRoot\System32\drivers\CT20XUT.SYS
  0x0504E000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
  0x051AB000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x051B9000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x051C3000 \SystemRoot\System32\Drivers\dump_nvstor.sys
  0x05000000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x00040000 \SystemRoot\System32\win32k.sys
  0x05013000 \SystemRoot\System32\drivers\Dxapi.sys
  0x0501F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x0503C000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x051EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x01E7C000 \SystemRoot\system32\DRIVERS\ae1000w7.sys
  0x01F91000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x01F9E000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00550000 \SystemRoot\System32\TSDDD.dll
  0x006C0000 \SystemRoot\System32\cdd.dll
  0x00860000 \SystemRoot\System32\ATMFD.DLL
  0x01FAC000 \SystemRoot\system32\drivers\luafv.sys
  0x01FCF000 \SystemRoot\system32\drivers\WudfPf.sys
  0x01E00000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x01E36000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x0386E000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x038C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x038D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x038EC000 \SystemRoot\system32\drivers\HTTP.sys
  0x039B4000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x039D2000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x03800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x046A4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x046F2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x04715000 \SystemRoot\System32\Drivers\adfs.SYS
  0x0472D000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
  0x0474A000 \SystemRoot\system32\drivers\npf.sys
  0x04756000 \SystemRoot\system32\drivers\peauth.sys
  0x04600000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0460B000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x04638000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x05A78000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x05ADF000 \SystemRoot\System32\DRIVERS\srv.sys
  0x05B75000 \SystemRoot\system32\DRIVERS\bdfm.sys
  0x05B9F000 \SystemRoot\system32\DRIVERS\BDHV.SYS
  0x05BBE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x771F0000 \Windows\System32\ntdll.dll
  0x483D0000 \Windows\System32\smss.exe
  0xFF510000 \Windows\System32\apisetschema.dll
  0xFFF40000 \Windows\System32\autochk.exe
  0xFF2F0000 \Windows\System32\ole32.dll
  0x770D0000 \Windows\System32\kernel32.dll
  0xFF090000 \Windows\System32\iertutil.dll
  0x76FD0000 \Windows\System32\user32.dll
  0xFF040000 \Windows\System32\ws2_32.dll
  0xFF030000 \Windows\System32\nsi.dll
  0xFEF60000 \Windows\System32\usp10.dll
  0x773C0000 \Windows\System32\normaliz.dll
  0xFEEF0000 \Windows\System32\gdi32.dll
  0xFEE70000 \Windows\System32\shlwapi.dll
  0xFEE20000 \Windows\System32\Wldap32.dll
  0xFEC40000 \Windows\System32\setupapi.dll
  0xFEC20000 \Windows\System32\sechost.dll
  0xFEAA0000 \Windows\System32\urlmon.dll
  0xFEA20000 \Windows\System32\difxapi.dll
  0xFE940000 \Windows\System32\advapi32.dll
  0xFE830000 \Windows\System32\msctf.dll
  0xFE810000 \Windows\System32\imagehlp.dll
  0xFE770000 \Windows\System32\comdlg32.dll
  0xFE640000 \Windows\System32\wininet.dll
  0xFD8B0000 \Windows\System32\shell32.dll
  0xFD780000 \Windows\System32\rpcrt4.dll
  0xFD6A0000 \Windows\System32\oleaut32.dll
  0xFD600000 \Windows\System32\msvcrt.dll
  0x773B0000 \Windows\System32\psapi.dll
  0xFD5F0000 \Windows\System32\lpk.dll
  0xFD5C0000 \Windows\System32\imm32.dll
  0xFD520000 \Windows\System32\clbcatq.dll
  0xFD480000 \Windows\System32\comctl32.dll
  0xFD440000 \Windows\System32\wintrust.dll
  0xFD2D0000 \Windows\System32\crypt32.dll
  0xFD290000 \Windows\System32\cfgmgr32.dll
  0xFD220000 \Windows\System32\KernelBase.dll
  0xFD200000 \Windows\System32\devobj.dll
  0xFD1F0000 \Windows\System32\msasn1.dll
  0x76E10000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):
       0 System Idle Process
       4 System
     444 C:\Windows\System32\smss.exe
     536 csrss.exe
     612 csrss.exe
     620 C:\Windows\System32\wininit.exe
     660 C:\Windows\System32\winlogon.exe
     736 C:\Windows\System32\services.exe
     744 C:\Windows\System32\lsass.exe
     752 C:\Windows\System32\lsm.exe
     868 C:\Windows\System32\svchost.exe
     956 C:\Windows\System32\nvvsvc.exe
    1008 C:\Windows\System32\svchost.exe
     556 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
     944 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1260 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1384 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\nvvsvc.exe
    1520 C:\Windows\System32\wisptis.exe
    1556 C:\Windows\System32\svchost.exe
    1748 C:\Windows\System32\spoolsv.exe
    1788 C:\Windows\System32\svchost.exe
    1888 C:\Windows\SysWOW64\svchost.exe
    1956 C:\Windows\System32\svchost.exe
    2020 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1600 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1816 C:\Program Files\Subversion\bin\httpd.exe
    1912 C:\Windows\System32\java.exe
    1080 C:\Program Files\Subversion\bin\httpd.exe
    2672 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2912 C:\Windows\System32\Wacom_Tablet.exe
    2968 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    2992 C:\Windows\System32\svchost.exe
    2332 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3384 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3424 C:\Windows\System32\SearchIndexer.exe
    3676 C:\Windows\System32\svchost.exe
    4412 C:\Windows\System32\svchost.exe
    4420 C:\Windows\System32\taskhost.exe
    4668 C:\Windows\System32\dwm.exe
    4712 C:\Windows\explorer.exe
     500 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    4904 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3216 C:\Windows\System32\wisptis.exe
    3528 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    5116 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    4264 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
    4220 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    2876 C:\Windows\System32\svchost.exe
    4296 C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
    4856 C:\PROGRA~2\MICROS~3\Office12\OUTLOOK.EXE
    4804 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
    3816 taskhost.exe
    1188 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    4176 C:\Windows\System32\SearchProtocolHost.exe
    3368 C:\Windows\System32\SearchFilterHost.exe
    1536 C:\Users\Carl\Desktop\MBRCheck.exe
    1236 C:\Windows\System32\conhost.exe
    4488 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: WDC WD3000HLFS-01G6U, Rev: 04.0

      Size  Device Name          MBR Status
  --------------------------------------------
    279 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 51,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 29 November 2010 - 04:58 AM

Hi, did you reset your email passwords and did that stop the spamming? Its quite common that mail addresses get hacked, without malware being present.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Snafoo

Snafoo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 29 November 2010 - 07:56 PM

I changed the password on another computer and logged in once on this computer within the past 24 hours, noone has told me about any spamming...but I'm sure that it will use the updated password soon. I'm almost positive that the malware is responsible for it though, as there is no other way that my hotmail could have been hacked.

I'm getting popups and my Google search results are still being redirected.

OTL.txt
OTL logfile created on: 11/29/2010 7:48:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Carl\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 63.27 Gb Free Space | 22.64% Space Free | Partition Type: NTFS
 
Computer Name: CARL-PC | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/11/29 19:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
PRC - [2010/11/24 00:23:52 | 000,048,618 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2010/11/04 20:20:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
PRC - [2010/11/04 20:20:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
PRC - [2010/10/25 05:37:10 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Subversion\bin\httpd.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/17 11:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/11/29 19:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
MOD - [2010/10/14 21:40:28 | 000,237,504 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_55\midas32.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2010/11/17 22:09:48 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\java.exe -- (CSVNConsole)
SRV:[b]64bit:[/b] - [2010/10/25 05:37:10 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Subversion\bin\httpd.exe -- (CollabNetSubversionServer)
SRV:[b]64bit:[/b] - [2010/04/01 12:28:26 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:[b]64bit:[/b] - [2010/04/01 12:28:11 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:[b]64bit:[/b] - [2010/03/25 13:51:04 | 001,339,408 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\VBoxService.exe -- (VBoxService)
SRV:[b]64bit:[/b] - [2010/02/01 14:45:34 | 006,159,656 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:[b]64bit:[/b] - [2010/01/08 15:05:40 | 000,519,976 | ---- | M] (gogo6, Inc.) [Auto | Stopped] -- C:\Program Files\gogo6\gogoCLIENT\gogoc.exe -- (gogoc)
SRV:[b]64bit:[/b] - [2009/12/01 19:05:09 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:[b]64bit:[/b] - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/11/29 19:36:51 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
SRV - [2010/09/10 23:40:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Windows\SysWow64\java.exe -- (CSVNConsole)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/27 20:33:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/07 17:41:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/17 11:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/01 19:05:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/03/18 05:28:46 | 000,068,096 | ---- | M] () [Auto | Stopped] -- C:\cygwin\bin\cygrunsrv.exe -- (sshd)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:[b]64bit:[/b] - [2010/06/30 20:23:16 | 000,061,952 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:[b]64bit:[/b] - [2010/06/08 12:24:58 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:[b]64bit:[/b] - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:[b]64bit:[/b] - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:[b]64bit:[/b] - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:[b]64bit:[/b] - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:[b]64bit:[/b] - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:[b]64bit:[/b] - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:[b]64bit:[/b] - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:[b]64bit:[/b] - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:[b]64bit:[/b] - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:[b]64bit:[/b] - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:[b]64bit:[/b] - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:[b]64bit:[/b] - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:[b]64bit:[/b] - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2010/04/09 16:27:46 | 000,087,048 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BdfNdisf6.sys -- (BdfNdisf)
DRV:[b]64bit:[/b] - [2010/04/01 12:28:15 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:[b]64bit:[/b] - [2010/03/25 13:51:02 | 000,249,168 | ---- | M] (Sun Microsystems, Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\VBoxSF.sys -- (VBoxSF)
DRV:[b]64bit:[/b] - [2010/03/25 13:51:02 | 000,051,600 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxMouse.sys -- (VBoxMouse)
DRV:[b]64bit:[/b] - [2010/02/24 13:12:34 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:[b]64bit:[/b] - [2010/02/09 17:34:35 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:[b]64bit:[/b] - [2010/01/24 14:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:[b]64bit:[/b] - [2010/01/14 23:19:10 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:[b]64bit:[/b] - [2010/01/12 10:25:05 | 000,089,096 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:[b]64bit:[/b] - [2009/11/24 14:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009/09/22 20:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:[b]64bit:[/b] - [2009/09/22 20:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:[b]64bit:[/b] - [2009/09/22 20:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2009/09/22 20:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2009/09/22 08:22:06 | 000,103,432 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV:[b]64bit:[/b] - [2009/09/21 15:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:[b]64bit:[/b] - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/25 12:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/09/04 16:53:34 | 000,071,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1715102159-4157620132-3114693584-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1715102159-4157620132-3114693584-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1715102159-4157620132-3114693584-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1715102159-4157620132-3114693584-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 D3 65 3F C4 31 CB 01  [binary data]
IE - HKU\S-1-5-21-1715102159-4157620132-3114693584-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715102159-4157620132-3114693584-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9051
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9051
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9051
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9051
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9051
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/20 15:57:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/08/12 18:39:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/12 23:43:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/07 15:00:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 17:49:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/11/13 18:02:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010/07/29 10:24:09 | 000,000,000 | ---D | M]
 
[2010/07/28 10:06:37 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Mozilla\Extensions
[2010/07/28 10:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carl\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/13 15:16:57 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/20 09:28:41 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\extensions
[2010/11/13 00:44:00 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/04/20 16:33:26 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/10/27 20:52:14 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\extensions\[email protected]
[2010/11/27 17:07:04 | 000,001,137 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\dictionarycom.xml
[2010/11/27 17:07:04 | 000,001,210 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\filestube.xml
[2010/07/13 13:24:01 | 000,001,504 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\imdb.xml
[2010/11/27 17:07:03 | 000,004,813 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\isohunt-lite.xml
[2009/12/12 23:55:45 | 000,001,626 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\mozilla-add-ons.xml
[2010/11/27 17:07:04 | 000,001,835 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\the-pirate-bay.xml
[2010/04/17 22:18:10 | 000,001,679 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\thepiratebayorg.xml
[2010/11/27 17:07:04 | 000,002,295 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\tvcom.xml
[2010/11/27 17:07:04 | 000,002,087 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8qpo84ko.default\searchplugins\youtube.xml
[2010/11/12 21:01:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/22 21:15:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010/10/13 14:42:34 | 000,001,304 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.0       virusscan.jotti.org
O1 - Hosts: 0.0.0.0       virustotal.com
O1 - Hosts: 0.0.0.0       scanner.virus.org
O1 - Hosts: 0.0.0.0       virscan.org
O1 - Hosts: 0.0.0.0       www.scanner.virus.org
O1 - Hosts: 0.0.0.0       www.virustotal.com
O1 - Hosts: 0.0.0.0       www.virusscan.jotti.org
O1 - Hosts: 0.0.0.0       www.virscan.org
O1 - Hosts: wed by the corresponding host name.
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1715102159-4157620132-3114693584-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hulu.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: youtube.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hulu.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: youtube.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9980a2b7-db23-11de-ac66-00044b1520c4}\Shell - "" = AutoRun
O33 - MountPoints2\{9980a2b7-db23-11de-ac66-00044b1520c4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\steambackup.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/11/29 19:48:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2010/11/28 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\enchant
[2010/11/21 22:28:17 | 002,766,989 | ---- | C] (Ansgar Becker                                               ) -- C:\Users\Carl\Desktop\HeidiSQL_6.0_Setup.exe
[2010/11/21 22:09:42 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\smf_1-1-12_install
[2010/11/21 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Gyazo
[2010/11/21 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2010/11/21 21:52:11 | 001,552,078 | ---- | C] (Toshiyuki Masui                                             ) -- C:\Users\Carl\Desktop\Gyazo-1.0.exe
[2010/11/21 10:01:18 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2010/11/21 09:55:59 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Malwarebytes
[2010/11/21 09:51:11 | 000,000,000 | ---D | C] -- C:\Binaries
[2010/11/21 09:50:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/21 09:50:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/21 09:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/21 09:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/21 09:50:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Carl\Desktop\mbam-setup-1.46.exe
[2010/11/17 22:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Subversion
[2010/11/17 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/17 22:03:06 | 106,458,612 | ---- | C] (CollabNet) -- C:\Users\Carl\Desktop\CollabNetSubversionEdge-1.3.0_setup-x86_64.exe
[2010/11/15 23:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phpDesigner 7
[2010/11/15 19:21:15 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\Shine_2_0_for_Windows_7_by_zainadeel
[2010/11/15 14:14:42 | 000,000,000 | ---D | C] -- C:\Users\Carl\Documents\Web
[2010/11/15 12:47:37 | 000,000,000 | ---D | C] -- C:\var
[2010/11/14 22:17:22 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\vlc
[2010/11/14 22:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/11/14 19:45:30 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Local\VisualAssist
[2010/11/14 11:34:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/14 11:32:36 | 000,259,584 | ---- | C] (www.file.net) -- C:\Users\Carl\Desktop\top100files.exe
[2010/11/13 18:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
[2010/11/13 17:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2010/11/13 17:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/11/13 00:56:08 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Local\Windows Live
[2010/11/10 17:31:30 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\CyberGate v1.07.5
[2010/05/05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009/07/13 18:24:58 | 000,074,240 | ---- | C] (Dritek System Inc.) -- C:\Users\Carl\AppData\Local\frens6.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/11/29 19:52:36 | 000,037,514 | ---- | M] () -- C:\Users\Carl\Desktop\156511_169270993104714_100000654435040_403456_614169_n.jpg
[2010/11/29 19:48:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2010/11/29 19:42:58 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 19:42:58 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 19:41:48 | 003,944,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/29 19:41:48 | 001,247,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/29 19:41:48 | 000,007,284 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/29 19:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/29 19:35:56 | 1609,461,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 01:39:59 | 000,062,092 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-0000000A-00001102-00000005-00311102}.rfx
[2010/11/29 01:39:59 | 000,062,092 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-0000000A-00001102-00000005-00311102}.rfx
[2010/11/29 01:39:59 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-0000000A-00001102-00000005-00311102}.rfx
[2010/11/29 01:39:54 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010/11/29 01:32:58 | 000,016,140 | ---- | M] () -- C:\Users\Carl\Desktop\Twelve Angry Men Character Analysis.docx
[2010/11/29 00:54:11 | 000,003,749 | ---- | M] () -- C:\Users\Carl\Desktop\temp.jpg
[2010/11/29 00:20:23 | 000,075,264 | ---- | M] () -- C:\Users\Carl\Desktop\PBGuest.exe
[2010/11/28 20:07:07 | 000,080,384 | ---- | M] () -- C:\Users\Carl\Desktop\MBRCheck.exe
[2010/11/28 20:07:01 | 009,545,448 | ---- | M] () -- C:\Users\Carl\Desktop\pidgin-2.7.7.exe
[2010/11/27 17:31:46 | 000,588,971 | ---- | M] () -- C:\Users\Carl\Desktop\retirement invitation.docx
[2010/11/27 16:53:53 | 002,819,697 | ---- | M] () -- C:\Users\Carl\Desktop\Invitation page 4.psd
[2010/11/27 16:53:23 | 005,517,923 | ---- | M] () -- C:\Users\Carl\Desktop\Invitation page 3.psd
[2010/11/27 16:52:37 | 003,421,053 | ---- | M] () -- C:\Users\Carl\Desktop\Invitation page 2.psd
[2010/11/27 16:51:43 | 003,772,445 | ---- | M] () -- C:\Users\Carl\Desktop\Invitation Front.psd
[2010/11/24 20:40:59 | 019,985,265 | ---- | M] () -- C:\Users\Carl\Desktop\vlc-1.1.5-win32.exe
[2010/11/24 18:43:02 | 000,027,990 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\phpdesigner.xml
[2010/11/24 16:17:34 | 000,000,600 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\winscp.rnd
[2010/11/23 23:17:45 | 000,014,976 | ---- | M] () -- C:\Users\Carl\Desktop\College Essay.docx
[2010/11/22 22:39:15 | 000,158,781 | ---- | M] () -- C:\Users\Carl\Desktop\watch.htm
[2010/11/22 21:26:59 | 001,329,603 | ---- | M] () -- C:\Users\Carl\Desktop\Fly Crypter V2.6 + USG 1.2 Private For [email protected]
[2010/11/22 17:05:49 | 000,000,000 | ---- | M] () -- C:\Users\Carl\defogger_reenable
[2010/11/22 17:04:12 | 019,421,552 | ---- | M] () -- C:\Users\Carl\Desktop\digsby_setup84.exe
[2010/11/22 17:03:32 | 000,050,477 | ---- | M] () -- C:\Users\Carl\Desktop\Defogger.exe
[2010/11/21 22:28:17 | 002,766,989 | ---- | M] (Ansgar Becker                                               ) -- C:\Users\Carl\Desktop\HeidiSQL_6.0_Setup.exe
[2010/11/21 22:01:33 | 001,389,395 | ---- | M] () -- C:\Users\Carl\Desktop\smf_1-1-12_install.zip
[2010/11/21 21:52:22 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2010/11/21 21:52:11 | 001,552,078 | ---- | M] (Toshiyuki Masui                                             ) -- C:\Users\Carl\Desktop\Gyazo-1.0.exe
[2010/11/21 10:01:33 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/11/21 10:01:33 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/11/21 09:50:30 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/21 09:50:05 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Carl\Desktop\mbam-setup-1.46.exe
[2010/11/19 19:55:26 | 000,000,218 | ---- | M] () -- C:\Users\Carl\.recently-used.xbel
[2010/11/19 17:12:33 | 000,002,306 | ---- | M] () -- C:\Users\Carl\Desktop\omega.contacts.msn.com
[2010/11/18 00:12:13 | 000,011,817 | ---- | M] () -- C:\Users\Carl\Documents\Carl Ferdinand.docx
[2010/11/17 22:05:52 | 106,458,612 | ---- | M] (CollabNet) -- C:\Users\Carl\Desktop\CollabNetSubversionEdge-1.3.0_setup-x86_64.exe
[2010/11/17 01:00:15 | 000,000,162 | -H-- | M] () -- C:\Users\Carl\Documents\~$rl Ferdinand.docx
[2010/11/17 00:38:03 | 003,167,506 | ---- | M] () -- C:\Users\Carl\Desktop\ZTheBucket Template.psd
[2010/11/15 19:47:20 | 002,013,044 | ---- | M] () -- C:\Users\Carl\Desktop\steelOrb_for_Windows_7_by_AP_GRAPHIK.rar
[2010/11/14 22:35:51 | 000,007,603 | ---- | M] () -- C:\Users\Carl\AppData\Local\resmon.resmoncfg
[2010/11/14 22:30:29 | 000,630,272 | ---- | M] () -- C:\Users\Carl\Desktop\dds.scr
[2010/11/14 19:38:59 | 000,000,000 | RHS- | M] () -- C:\winx.ld
[2010/11/14 19:38:58 | 000,203,836 | RHS- | M] () -- C:\grldr
[2010/11/14 11:32:36 | 000,259,584 | ---- | M] (www.file.net) -- C:\Users\Carl\Desktop\top100files.exe
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Carl\Desktop\gmer.exe
[2010/11/06 00:00:02 | 001,409,496 | ---- | M] () -- C:\Users\Carl\Desktop\Untitled-1.psd
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/11/29 01:32:57 | 000,016,140 | ---- | C] () -- C:\Users\Carl\Desktop\Twelve Angry Men Character Analysis.docx
[2010/11/29 00:20:23 | 000,075,264 | ---- | C] () -- C:\Users\Carl\Desktop\PBGuest.exe
[2010/11/28 20:07:07 | 000,080,384 | ---- | C] () -- C:\Users\Carl\Desktop\MBRCheck.exe
[2010/11/28 20:06:46 | 009,545,448 | ---- | C] () -- C:\Users\Carl\Desktop\pidgin-2.7.7.exe
[2010/11/27 16:58:04 | 000,588,971 | ---- | C] () -- C:\Users\Carl\Desktop\retirement invitation.docx
[2010/11/27 16:53:52 | 002,819,697 | ---- | C] () -- C:\Users\Carl\Desktop\Invitation page 4.psd
[2010/11/27 16:53:22 | 005,517,923 | ---- | C] () -- C:\Users\Carl\Desktop\Invitation page 3.psd
[2010/11/27 16:52:36 | 003,421,053 | ---- | C] () -- C:\Users\Carl\Desktop\Invitation page 2.psd
[2010/11/27 16:51:42 | 003,772,445 | ---- | C] () -- C:\Users\Carl\Desktop\Invitation Front.psd
[2010/11/24 20:40:47 | 019,985,265 | ---- | C] () -- C:\Users\Carl\Desktop\vlc-1.1.5-win32.exe
[2010/11/22 22:39:09 | 000,158,781 | ---- | C] () -- C:\Users\Carl\Desktop\watch.htm
[2010/11/22 21:26:50 | 001,329,603 | ---- | C] () -- C:\Users\Carl\Desktop\Fly Crypter V2.6 + USG 1.2 Private For [email protected]
[2010/11/22 17:05:49 | 000,000,000 | ---- | C] () -- C:\Users\Carl\defogger_reenable
[2010/11/22 17:04:02 | 019,421,552 | ---- | C] () -- C:\Users\Carl\Desktop\digsby_setup84.exe
[2010/11/22 17:03:27 | 000,050,477 | ---- | C] () -- C:\Users\Carl\Desktop\Defogger.exe
[2010/11/21 22:01:31 | 001,389,395 | ---- | C] () -- C:\Users\Carl\Desktop\smf_1-1-12_install.zip
[2010/11/21 21:52:22 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2010/11/21 10:01:08 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/11/21 10:01:08 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/11/21 09:50:30 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/19 19:55:26 | 000,000,218 | ---- | C] () -- C:\Users\Carl\.recently-used.xbel
[2010/11/19 17:12:33 | 000,002,306 | ---- | C] () -- C:\Users\Carl\Desktop\omega.contacts.msn.com
[2010/11/17 01:00:15 | 000,000,162 | -H-- | C] () -- C:\Users\Carl\Documents\~$rl Ferdinand.docx
[2010/11/17 01:00:13 | 000,011,817 | ---- | C] () -- C:\Users\Carl\Documents\Carl Ferdinand.docx
[2010/11/16 00:40:08 | 000,027,990 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\phpdesigner.xml
[2010/11/15 20:59:58 | 000,003,749 | ---- | C] () -- C:\Users\Carl\Desktop\temp.jpg
[2010/11/15 19:47:12 | 002,013,044 | ---- | C] () -- C:\Users\Carl\Desktop\steelOrb_for_Windows_7_by_AP_GRAPHIK.rar
[2010/11/15 17:44:50 | 003,167,506 | ---- | C] () -- C:\Users\Carl\Desktop\ZTheBucket Template.psd
[2010/11/14 22:32:24 | 000,296,448 | ---- | C] () -- C:\Users\Carl\Desktop\gmer.exe
[2010/11/14 22:30:29 | 000,630,272 | ---- | C] () -- C:\Users\Carl\Desktop\dds.scr
[2010/11/14 19:38:59 | 000,000,000 | RHS- | C] () -- C:\winx.ld
[2010/11/14 19:38:58 | 000,203,836 | RHS- | C] () -- C:\grldr
[2010/11/05 23:59:55 | 001,409,496 | ---- | C] () -- C:\Users\Carl\Desktop\Untitled-1.psd
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/22 10:17:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\NSREG.DLL
[2010/08/20 12:59:02 | 000,004,461 | ---- | C] () -- C:\Windows\ProxyChecker.INI
[2010/07/28 15:44:21 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2010/07/28 15:44:21 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2010/07/19 22:22:44 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/22 17:58:38 | 000,000,600 | ---- | C] () -- C:\Users\Carl\AppData\Local\PUTTY.RND
[2010/06/16 14:53:25 | 000,009,728 | ---- | C] () -- C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 12:25:35 | 000,000,020 | ---- | C] () -- C:\Windows\window-title-changer.INI
[2010/05/05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010/04/28 14:59:58 | 000,000,320 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2010/04/26 20:10:26 | 000,001,758 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\Profile0.dat
[2010/04/09 20:57:25 | 000,870,128 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\mcs.rma
[2010/04/09 20:57:25 | 000,000,004 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\75922E
[2010/04/01 00:14:56 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010/03/13 11:59:28 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/02/19 10:54:10 | 000,000,025 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\bdfvconp.ini
[2010/01/07 17:25:36 | 000,007,603 | ---- | C] () -- C:\Users\Carl\AppData\Local\resmon.resmoncfg
[2010/01/01 20:04:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\nvPerfHUDUtil.dll
[2010/01/01 20:01:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2009/12/20 19:16:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/12/20 10:20:47 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009/12/15 22:23:40 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/12/05 11:37:25 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/22 16:14:51 | 000,000,600 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\winscp.rnd
[2009/11/21 14:21:31 | 000,000,432 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/21 14:20:49 | 000,007,266 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/21 14:04:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/21 14:04:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007/07/19 11:50:12 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
[2006/03/02 07:51:21 | 018,612,197 | -H-- | C] () -- C:\Users\Carl\AppData\Roaming\Carllog.dat
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/10/23 21:06:17 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\.minecraft
[2010/11/29 19:52:41 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\.purple
[2009/12/05 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\acccore
[2009/11/21 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Bioshock
[2010/02/27 15:21:12 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Bioshock2
[2009/12/25 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\BitDefender
[2010/04/01 00:20:53 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Dropbox
[2010/11/28 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\enchant
[2010/01/12 20:06:35 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\EurekaLog
[2010/02/22 17:13:00 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\GetRightToGo
[2009/12/06 20:16:23 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Golly
[2010/01/07 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\GrabPro
[2010/11/29 01:21:32 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\gtk-2.0
[2010/11/21 21:52:44 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Gyazo
[2009/12/08 16:20:55 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\HeidiSQL
[2009/12/03 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\ICSharpCode
[2009/12/03 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\JetBrains
[2009/12/13 16:27:43 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\LimeWire
[2010/04/29 19:57:03 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Mael
[2010/07/26 20:29:10 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\MotioninJoy
[2010/06/01 19:36:53 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\NavNet Solutions
[2010/11/13 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Notepad++
[2010/08/12 00:42:46 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\NuSphere
[2009/12/05 16:08:19 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\ooVoo Details
[2010/08/11 23:54:02 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Opera
[2010/04/10 10:50:09 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Orbit
[2010/11/15 23:42:00 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\phpDesigner
[2010/03/13 22:20:59 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\PMS
[2010/08/30 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Publish Providers
[2010/06/05 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\PyScripter
[2009/12/05 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\River Past G5
[2010/08/30 15:01:18 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Sony
[2009/12/13 23:11:30 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\SoundSpectrum
[2010/03/12 16:51:24 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\spynet
[2009/12/18 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Subversion
[2006/03/20 12:59:17 | 000,000,000 | RHSD | M] -- C:\Users\Carl\AppData\Roaming\System32
[2010/04/15 18:03:21 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\TeamViewer
[2010/03/13 00:49:18 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Thinstall
[2010/07/28 10:06:37 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Thunderbird
[2010/09/15 00:39:24 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\TrueCrypt
[2010/11/02 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\uTorrent
[2010/11/28 22:59:56 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\VisualAssist
[2010/08/28 02:01:04 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Wireshark
[2010/11/24 15:45:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:1489AFE4
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83

< End of report >

Extras.txt
OTL Extras logfile created on: 11/29/2010 7:48:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Carl\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 63.27 Gb Free Space | 22.64% Space Free | Partition Type: NTFS
 
Computer Name: CARL-PC | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Users\Carl\AppData\Local\Aptana Studio 3\AptanaStudio3.exe File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Users\Carl\AppData\Local\Aptana Studio 3\AptanaStudio3.exe File not found
 
[HKEY_USERS\S-1-5-21-1715102159-4157620132-3114693584-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\Carl\AppData\Local\Aptana Studio 3\AptanaStudio3.exe" "%1" File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\Carl\AppData\Local\Aptana Studio 3\AptanaStudio3.exe" "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe:*:Enabled:River Past Video Cleaner Pro -- File not found
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe:*:Enabled:River Past Video Cleaner Pro -- File not found
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{13EA8B24-92CF-4AEB-B9C3-D3F374E35A7B}" = CollabNet Subversion Edge
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{36A415C2-7181-421D-92C9-8255766E0FF3}" = TortoiseSVN 1.6.10.19898 (64 bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A53AA900-BB2C-3325-8945-6ED5F826BD70}" = Microsoft Visual Studio 2008 Performance Tools - ENU
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B667020E-A9D9-4E75-BDDE-A03E0FB96062}" = Oracle VM VirtualBox 3.2.4
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EAA190F4-FF0D-4D28-A4E7-E0A20E1DDDFA}" = BitDefender Total Security 2010
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"Defraggler" = Defraggler
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"Speccy" = Speccy
"Sun VirtualBox Guest Additions" = Sun VirtualBox Guest Additions 3.1.6
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{119F2A4D-8B51-4169-8F6C-D06DEF922C6D}" = VisualSVN 2.0.2
"{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3039B4CC-4A06-4FDC-B380-11A358420B25}_is1" = NavNet NG
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{514F054F-C222-4D0F-B82A-F15A14587E3E}" = JetBrains ReSharper 4.5
"{53AF0BC2-3B54-421A-8810-BB58D94E6450}" = SharpDevelop 3.1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.1.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{655CD886-3B90-4E4D-B314-92BDA9B08C86}" = Vegas Movie Studio HD 9.0
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.16
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}" = Native x86 Runtime for Visual C++ 2008 Feature Pack (v.9.0.30411)
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}.vc_x86runtime_30411_00" = Visual C++ 2008 Feature Pack - x86 - v9.0.30411.00
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F16837E3-B99C-4F39-BB40-E95D54CA5182}" = NVIDIA Design Garage
"{F1F1A2AD-A1CE-4D9D-B510-31F280B45E0B}" = Microsoft Expression Encoder 3
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BrainWave Generator" = BrainWave Generator
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Console Launcher" = Creative Console Launcher
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo II" = Diablo II
"Digsby" = Digsby
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HeidiSQL_is1" = HeidiSQL 6.0
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"I-Doser 4.50" = I-Doser 4.50
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MessenPass" = NirSoft MessenPass
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Performance Tools - ENU" = Microsoft Visual Studio 2008 Performance Tools SP1 - ENU
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"msn-pecan" = MSN (pecan) protocol plug-in
"NirSoft Mail PassView" = NirSoft Mail PassView
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"phpDesigner7_is1" = phpDesigner 7 version 7.2.3
"Pidgin" = Pidgin
"pidgin-guifications" = Guifications Plugin (remove only)
"pidgin-send-screenshot" = Send Screenshot Plugin (remove only)
"PowerISO" = PowerISO
"PROR" = Microsoft Office Professional 2007 Trial
"ProxyChecker" = ProxyChecker (remove only)
"RegexBuddy 3" = JGsoft RegexBuddy 3 v.3.2.1
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 5" = TeamViewer 5
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Visual Assist X" = Visual Assist X
"Visual Basic 5 Runtime Modules" = Visual Basic 5 Runtime Modules
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.5
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.2.4 beta
"Wireshark" = Wireshark 1.2.10
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1715102159-4157620132-3114693584-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/17/2010 9:05:39 AM | Computer Name = Carl-PC | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 10/17/2010 9:05:45 AM | Computer Name = Carl-PC | Source = TabletServiceWacom | ID = 0
Description = 
 
Error - 10/17/2010 9:06:11 AM | Computer Name = Carl-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskhost.exe, version: 1.856.0.523, time
 stamp: 0x4c87f74e  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0x00000000  Fault offset: 0x00000000  Faulting process id: 0x1064  Faulting application
 start time: 0x01cb6dfc0f331030  Faulting application path: C:\Users\Carl\AppData\Roaming\taskhost.exe
Faulting
 module path: unknown  Report Id: 4ffca220-d9ef-11df-aadf-c96cc2191f88
 
Error - 10/17/2010 9:06:11 AM | Computer Name = Carl-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 5.141.0.908, time
 stamp: 0x4c563ae2  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0x00000000  Fault offset: 0x00000000  Faulting process id: 0x390  Faulting application
 start time: 0x01cb6dfc0f338560  Faulting application path: C:\Users\Carl\AppData\Roaming\svchost.exe
Faulting
 module path: unknown  Report Id: 4fff1320-d9ef-11df-aadf-c96cc2191f88
 
Error - 10/17/2010 9:06:12 AM | Computer Name = Carl-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 5.141.0.908, time
 stamp: 0x4c563ae2  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0x00000000  Fault offset: 0x00000000  Faulting process id: 0x394  Faulting application
 start time: 0x01cb6dfc0f338560  Faulting application path: C:\Users\Carl\AppData\Roaming\svchost.exe
Faulting
 module path: unknown  Report Id: 5055bea0-d9ef-11df-aadf-c96cc2191f88
 
Error - 10/17/2010 11:03:43 AM | Computer Name = Carl-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 10/17/2010 11:03:43 AM | Computer Name = Carl-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 10/18/2010 5:07:12 PM | Computer Name = Carl-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
 for ServerName     .
 
Error - 10/18/2010 5:07:14 PM | Computer Name = Carl-PC | Source = MSSQL$SQLEXPRESS | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 10/18/2010 5:07:14 PM | Computer Name = Carl-PC | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
[ Media Center Events ]
Error - 2/17/2010 1:21:15 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 12:21:12 PM - Error connecting to the internet.  12:21:12 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 2:21:33 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 1:21:33 PM - Error connecting to the internet.  1:21:33 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 2:21:43 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 1:21:38 PM - Error connecting to the internet.  1:21:38 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 3:23:06 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 2:23:06 PM - Error connecting to the internet.  2:23:06 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 3:23:24 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 2:23:11 PM - Error connecting to the internet.  2:23:11 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 4:23:37 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 3:23:37 PM - Error connecting to the internet.  3:23:37 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 4:23:48 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 3:23:42 PM - Error connecting to the internet.  3:23:42 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 11:48:03 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 10:48:03 PM - Error connecting to the internet.  10:48:03 PM -     Unable
 to contact server..  
 
Error - 2/17/2010 11:48:14 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 10:48:08 PM - Error connecting to the internet.  10:48:08 PM -     Unable
 to contact server..  
 
Error - 3/21/2010 11:21:38 PM | Computer Name = Carl-PC | Source = MCUpdate | ID = 0
Description = 11:21:34 PM - Error connecting to the internet.  11:21:34 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 11/29/2010 2:31:43 AM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom  VBoxSF
 
Error - 11/29/2010 8:36:08 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VirtualBox
 Guest Additions Service service to connect.
 
Error - 11/29/2010 8:36:08 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7000
Description = The VirtualBox Guest Additions Service service failed to start due
 to the following error:   %%1053
 
Error - 11/29/2010 8:36:30 PM | Computer Name = Carl-PC | Source = APPHOSTSVC | ID = 9010
Description = 
 
Error - 11/29/2010 8:37:02 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CollabNet
 Subversion Edge service to connect.
 
Error - 11/29/2010 8:37:02 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7000
Description = The CollabNet Subversion Edge service failed to start due to the following
 error:   %%1053
 
Error - 11/29/2010 8:37:10 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
 
Error - 11/29/2010 8:37:23 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7038
Description = The sshd service was unable to log on as .\cyg_server with the currently
 configured password due to the following error:   %%1326    To ensure that the service
 is configured properly, use the Services snap-in in Microsoft Management Console
 (MMC).
 
Error - 11/29/2010 8:37:23 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7000
Description = The CYGWIN sshd service failed to start due to the following error:
   %%1069
 
Error - 11/29/2010 8:37:34 PM | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom  VBoxSF
 
 
< End of report >


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 51,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 30 November 2010 - 07:15 AM

You would be surprised how often hotmail passwords are hacked without malware being present. Hackers use all kind of scams to trick people in giving their passwords ("you want to know who blocked you on MSN, click here" for example).

You can add your own mail address in your contact list so you'll receive spam as well if it is send out. That way you can verify it yourself.

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    FF - prefs.js..network.proxy.ftp: "127.0.0.1"
    FF - prefs.js..network.proxy.ftp_port: 9051
    FF - prefs.js..network.proxy.gopher: "127.0.0.1"
    FF - prefs.js..network.proxy.gopher_port: 9051
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 9051
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 9051
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 9051
    
    :commands
    [emptytemp]
    [resethosts]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Snafoo

Snafoo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 30 November 2010 - 07:21 PM

I've never put my e-mail address in any of those phishing sites/scam forms before, so I don't know.

Report
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[resethosts]> in the current context!
 
OTL by OldTimer - Version 3.2.17.3 log created on 11302010_191526

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 51,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 01 December 2010 - 04:35 AM

Did you copy all text into the custom scan/fix field? Starting with :otl, ending with [resethosts] and everything inbetween? It looks like something went wrong.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Snafoo

Snafoo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 December 2010 - 06:56 AM

Redid it.

All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 9051 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.gopher
Prefs.js: 9051 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 9051 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 9051 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 9051 removed from network.proxy.ssl_port
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Carl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11189104 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: cyg_server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 614400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 11.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.17.3 log created on 12022010_065209

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 51,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 02 December 2010 - 07:14 AM

Hi again,


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Snafoo

Snafoo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 December 2010 - 07:02 PM

Just letting you know that my Google search results are still being redirected.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/2/2010 7:01:56 PM
mbam-log-2010-12-02 (19-01-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 577136
Time elapsed: 1 hour(s), 28 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Carl\Downloads\BitDefender 2010 All Products Patch v3.0A (BOX!) [RH]\BitDefender 2010 All Products Patch v3.0A (BOX!)\BitDefender 2010 All Products Patch v3.0A.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Edited by Snafoo, 02 December 2010 - 07:03 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users