Help
This topic is locked
Great. Here it is:
OTL logfile created on: 10/7/2011 3:46:47 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\B\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.98 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 40.87% Memory free
7.95 Gb Paging File | 4.62 Gb Available in Paging File | 58.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.16 Gb Total Space | 250.31 Gb Free Space | 41.99% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 955.03 Gb Free Space | 51.26% Space Free | Partition Type: NTFS
Drive E: | 4.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 14.91 Gb Total Space | 13.65 Gb Free Space | 91.59% Space Free | Partition Type: FAT32
Computer Name: PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/07 15:45:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2011/10/05 10:28:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/02 00:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/31 20:35:28 | 008,118,928 | ---- | M] (Ventis Media Inc.) -- C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
PRC - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/02/06 01:00:56 | 000,174,592 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-service.exe
PRC - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/04/26 19:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2009/06/04 03:28:42 | 003,670,016 | ---- | M] () -- C:\Program Files (x86)\SoulseekNS\slsk.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/05 10:28:16 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/30 08:12:40 | 000,412,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 08:12:39 | 003,696,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 08:11:13 | 000,142,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 08:11:12 | 000,253,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 08:11:10 | 002,403,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/27 19:00:50 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/12 21:06:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/12 21:06:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/12 21:06:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/12 21:06:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/12 19:53:13 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/12 19:53:10 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/03/31 20:36:32 | 001,041,040 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\hpCDBurn.dll
MOD - [2011/03/31 20:36:26 | 000,217,744 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_wma.dll
MOD - [2011/03/31 20:36:24 | 000,074,384 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_wav.dll
MOD - [2011/03/31 20:36:20 | 000,164,496 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_vorbis.dll
MOD - [2011/03/31 20:36:18 | 000,130,192 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_wave.dll
MOD - [2011/03/31 20:36:16 | 000,242,320 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_ogg.dll
MOD - [2011/03/31 20:36:16 | 000,127,632 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_mpc.dll
MOD - [2011/03/31 20:36:08 | 000,184,976 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_flac_codec.dll
MOD - [2011/03/31 20:36:06 | 000,127,120 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_ape.dll
MOD - [2011/03/31 20:36:06 | 000,084,624 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_flac.dll
MOD - [2011/03/31 20:36:00 | 000,188,560 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_iRiverH.dll
MOD - [2011/03/31 20:36:00 | 000,154,256 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_USBMass1.dll
MOD - [2011/03/31 20:35:50 | 000,770,192 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_iPod.dll
MOD - [2011/03/31 20:35:50 | 000,455,312 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_aac.dll
MOD - [2011/03/31 20:35:50 | 000,233,616 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_WMDM.dll
MOD - [2011/03/31 20:35:50 | 000,160,912 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\out_MMDS.dll
MOD - [2011/03/31 20:35:50 | 000,098,960 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_wmp3.dll
MOD - [2011/03/31 20:35:48 | 000,861,840 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_iPhone.dll
MOD - [2011/03/31 20:35:48 | 000,053,904 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\MMHelper.dll
MOD - [2011/03/31 20:35:46 | 000,131,728 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\WMAuth.dll
MOD - [2011/03/31 20:35:36 | 000,103,056 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Equalize.dll
MOD - [2011/03/31 20:35:28 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll
MOD - [2011/03/31 20:34:56 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\SQLite3MM.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
MOD - [2010/07/12 07:52:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll
MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2010/01/25 19:18:22 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll
MOD - [2010/01/25 19:18:22 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll
MOD - [2009/06/04 03:28:42 | 003,670,016 | ---- | M] () -- C:\Program Files (x86)\SoulseekNS\slsk.exe
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/17 12:01:30 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/08 03:25:04 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/16 03:19:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 03:19:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/12 00:20:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/04/12 00:07:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/02/06 01:00:56 | 000,174,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Subsonic\subsonic-service.exe -- (Subsonic)
SRV - [2010/10/27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2006/08/10 04:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 04:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/08/05 12:01:43 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/08 04:15:52 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/08 02:47:06 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/21 19:48:34 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/22 00:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/11/22 00:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/10/27 15:50:28 | 000,055,336 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/10/27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/10/27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/29 22:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/29 22:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/20 23:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/08/10 02:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/12 01:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/08 07:02:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/08/09 04:32:46 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\RxFilter.sys -- (RxFilter)
DRV:64bit: - [2006/07/24 03:00:00 | 000,052,664 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/08 07:02:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/08/09 04:32:46 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 E4 64 73 E3 F8 CB 01 [binary data]
IE - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "http://zinkwink.com/?tmp=redir_bho_bing&prt=zsharefqbho&keywords="
FF - user.js..keyword.URL: "http://zinkwink.com/?tmp=redir_bho_bing&prt=zsharefqbho&keywords="
FF - user.js..keyword.enabled: 1
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/05 09:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 10:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/20 14:48:30 | 000,000,000 | ---D | M]
[2011/04/11 22:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2011/09/27 19:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions
[2011/08/17 21:20:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/27 19:01:51 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions\disconnect@disconnect.me
[2011/04/27 02:42:05 | 000,000,931 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\dictionary.xml
[2011/04/27 02:42:19 | 000,001,633 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\googletranslate.xml
[2011/04/12 05:14:14 | 000,001,504 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\imdb.xml
[2011/09/20 14:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/21 20:43:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 14:35:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/05 09:47:10 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\BRIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OD00TXGW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/05 10:28:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/04/21 20:40:30 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: AdBlock = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.13_0\
CHR - Extension: AVG Safe Search = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\
O1 HOSTS File: ([2011/04/16 03:40:56 | 000,001,365 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3396689360-4079377520-1477700731-1000..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A86BB6FE-23A4-4513-ADFC-35BD26E9BE02}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/11 19:09:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/07 15:45:47 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2011/10/07 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\tdsskiller
[2011/10/07 12:33:04 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
[2011/10/07 12:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/07 12:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/07 12:32:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/07 12:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/07 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/07 12:31:07 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brian\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/07 11:31:12 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\MiniRegTool64
[2011/10/06 12:08:25 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\oct 6-a
[2011/10/06 12:08:16 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\first
[2011/10/05 09:45:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/10/01 11:13:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\dds.scr
[2011/09/27 18:53:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/27 18:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/27 18:52:02 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\AVG2012
[2011/09/27 18:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/18 10:09:19 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Conduit
[2011/09/17 15:21:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/09/17 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Canon
[2011/09/14 03:19:33 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\pdfforge
[2011/09/14 03:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/09/14 03:19:31 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2011/09/14 03:19:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2011/09/14 03:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/11 20:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\streamWriter
[2011/09/11 20:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\streamWriter
[2011/09/08 17:18:00 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\TrueCrypt
[2011/08/19 02:07:08 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Brian\AppData\Roaming\pcouffin.sys
[2011/04/19 23:36:59 | 000,097,792 | ---- | C] (colorcop.net) -- C:\Program Files\ColorCop.exe
[2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/05/05 19:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2006/07/11 14:29:00 | 000,028,672 | R--- | C] ( ) -- C:\Windows\SysWow64\DivXGraphBuilderCallback.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/07 15:48:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/07 15:45:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2011/10/07 15:45:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 15:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3396689360-4079377520-1477700731-1000UA.job
[2011/10/07 14:30:20 | 177,721,343 | ---- | M] () -- C:\Users\Brian\Desktop\UNDER_SIEGE_16X9FF.ISO
[2011/10/07 12:45:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 12:32:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/07 12:31:33 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brian\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/07 09:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3396689360-4079377520-1477700731-1000Core.job
[2011/10/07 08:24:32 | 106,040,092 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/07 02:54:55 | 000,037,148 | ---- | M] () -- C:\Users\Brian\Desktop\BadgeParkRangerF.jpg
[2011/10/07 02:48:49 | 000,169,554 | ---- | M] () -- C:\Users\Brian\Desktop\badge4.jpg
[2011/10/07 02:48:40 | 000,025,622 | ---- | M] () -- C:\Users\Brian\Desktop\badge_special-300x300.jpg
[2011/10/06 18:55:18 | 000,337,035 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/06 17:52:26 | 000,012,902 | ---- | M] () -- C:\Users\Brian\Desktop\eBay Feedback Profile for titanik - Mozilla Firefox_2011-10-06_17-52-04.jpg
[2011/10/06 16:47:02 | 002,365,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/06 16:47:02 | 000,712,218 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/10/06 16:47:02 | 000,662,240 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/10/06 16:47:02 | 000,632,712 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/06 16:47:02 | 000,134,934 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/10/06 16:47:02 | 000,134,236 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/10/06 16:47:02 | 000,110,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/05 10:33:02 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 10:33:02 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 10:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/05 10:25:35 | 3203,051,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/05 10:24:43 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000D-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/10/05 10:24:43 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000D-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/10/05 10:24:43 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000D-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/10/05 09:45:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/05 09:45:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/03 20:19:04 | 000,076,562 | ---- | M] () -- C:\Users\Brian\Desktop\317143_158305647593527_100002422789239_315959_1855121427_n.jpg
[2011/10/03 18:40:13 | 000,108,001 | ---- | M] () -- C:\Users\Brian\Desktop\Drug Town.jpg
[2011/10/02 10:52:49 | 000,014,122 | ---- | M] () -- C:\Users\Brian\Desktop\CNN.com - Breaking News, U.S.jpg
[2011/10/01 11:13:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\dds.scr
[2011/09/28 15:53:21 | 000,956,919 | ---- | M] () -- C:\Users\Brian\Desktop\shark cake.JPG
[2011/09/27 19:00:51 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/23 16:44:51 | 000,646,281 | ---- | M] () -- C:\Users\Brian\Desktop\Roger Close Encounters.jpg
[2011/09/23 16:44:41 | 024,251,048 | ---- | M] () -- C:\Users\Brian\Desktop\Roger Close Encounters.psd
[2011/09/14 18:21:58 | 000,223,064 | ---- | M] () -- C:\Users\Brian\Desktop\Fred Flintstone at AutoZone.jpg
[2011/09/14 12:43:13 | 000,091,504 | ---- | M] () -- C:\Users\Brian\Desktop\werner bahlsen.jpg
[2011/09/14 12:42:38 | 000,098,607 | ---- | M] () -- C:\Users\Brian\Desktop\Unternehmen-0908.JPG
[2011/09/14 12:36:37 | 000,110,068 | ---- | M] () -- C:\Users\Brian\Desktop\bahlsende1.jpg
[2011/09/14 12:32:05 | 000,288,333 | ---- | M] () -- C:\Users\Brian\Desktop\bahlsende.jpg
[2011/09/14 01:39:16 | 000,067,893 | ---- | M] () -- C:\Users\Brian\Desktop\open_sea exhibit monterey aquarium.jpg
[2011/09/14 01:06:26 | 000,061,578 | ---- | M] () -- C:\Users\Brian\Desktop\Park & Bond.pdf
[2011/09/13 18:23:21 | 000,074,673 | ---- | M] () -- C:\Users\Brian\Desktop\Bahlsen.co.jpg
[2011/09/13 14:06:06 | 000,182,441 | ---- | M] () -- C:\Users\Brian\Desktop\National Park Service Patch.jpg
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/12 19:26:31 | 000,083,215 | ---- | M] () -- C:\Users\Brian\Desktop\Brian-Skerry.jpg
[2011/09/09 22:23:13 | 000,164,712 | ---- | M] () -- C:\Users\Brian\Desktop\Zawahiri pizza delivery.jpg
[2011/09/09 22:22:26 | 001,243,525 | ---- | M] () -- C:\Users\Brian\Desktop\Zawahiri pizza delivery.psd
[2011/09/09 20:59:25 | 001,105,068 | ---- | M] () -- C:\Users\Brian\Desktop\roger eagle.jpg
[2011/09/09 20:59:12 | 017,864,955 | ---- | M] () -- C:\Users\Brian\Desktop\roger eagle.psd
[2011/09/09 20:50:54 | 000,078,670 | ---- | M] () -- C:\Users\Brian\Desktop\BooBerryCrunch001.jpg
[2011/09/09 13:59:59 | 000,097,596 | ---- | M] () -- C:\Users\Brian\Desktop\cnn 911 threat.jpg
[2011/09/09 13:51:40 | 000,020,742 | ---- | M] () -- C:\Users\Brian\Desktop\Budweiser-6-Pack_20090802280.jpg
[2011/09/09 13:31:52 | 000,015,587 | ---- | M] () -- C:\Users\Brian\Desktop\PizzaDelivery-30844_19.jpg
[2011/09/09 13:28:05 | 000,015,182 | ---- | M] () -- C:\Users\Brian\Desktop\photo-1308239693720-1-0_520335_465x348.jpg
[2011/09/08 17:43:13 | 000,050,148 | ---- | M] () -- C:\Users\Brian\Desktop\New_horizons_cover.jpg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/07 14:24:58 | 177,721,343 | ---- | C] () -- C:\Users\Brian\Desktop\UNDER_SIEGE_16X9FF.ISO
[2011/10/07 12:32:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/07 02:54:54 | 000,037,148 | ---- | C] () -- C:\Users\Brian\Desktop\BadgeParkRangerF.jpg
[2011/10/07 02:48:48 | 000,169,554 | ---- | C] () -- C:\Users\Brian\Desktop\badge4.jpg
[2011/10/07 02:48:38 | 000,025,622 | ---- | C] () -- C:\Users\Brian\Desktop\badge_special-300x300.jpg
[2011/10/06 17:52:26 | 000,012,902 | ---- | C] () -- C:\Users\Brian\Desktop\eBay Feedback Profile for titanik - Mozilla Firefox_2011-10-06_17-52-04.jpg
[2011/10/05 09:45:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/05 09:45:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/03 20:16:55 | 000,076,562 | ---- | C] () -- C:\Users\Brian\Desktop\317143_158305647593527_100002422789239_315959_1855121427_n.jpg
[2011/10/03 18:40:05 | 000,108,001 | ---- | C] () -- C:\Users\Brian\Desktop\Drug Town.jpg
[2011/10/02 10:52:49 | 000,014,122 | ---- | C] () -- C:\Users\Brian\Desktop\CNN.com - Breaking News, U.S.jpg
[2011/09/30 12:50:41 | 386,500,607 | ---- | C] () -- C:\Users\Brian\Desktop\SUNSETBLVD.ISO
[2011/09/28 16:44:54 | 000,057,117 | ---- | C] () -- C:\Users\Brian\Desktop\33jewberry.jpg
[2011/09/28 15:53:20 | 000,956,919 | ---- | C] () -- C:\Users\Brian\Desktop\shark cake.JPG
[2011/09/23 16:44:49 | 000,646,281 | ---- | C] () -- C:\Users\Brian\Desktop\Roger Close Encounters.jpg
[2011/09/23 16:44:38 | 024,251,048 | ---- | C] () -- C:\Users\Brian\Desktop\Roger Close Encounters.psd
[2011/09/18 21:18:05 | 000,056,029 | ---- | C] () -- C:\Users\Brian\Desktop\Jonny Svarzbein - Facebook Michael Vick.jpg
[2011/09/14 18:21:55 | 000,223,064 | ---- | C] () -- C:\Users\Brian\Desktop\Fred Flintstone at AutoZone.jpg
[2011/09/14 12:43:10 | 000,091,504 | ---- | C] () -- C:\Users\Brian\Desktop\werner bahlsen.jpg
[2011/09/14 12:42:35 | 000,098,607 | ---- | C] () -- C:\Users\Brian\Desktop\Unternehmen-0908.JPG
[2011/09/14 12:36:36 | 000,110,068 | ---- | C] () -- C:\Users\Brian\Desktop\bahlsende1.jpg
[2011/09/14 12:20:53 | 000,288,333 | ---- | C] () -- C:\Users\Brian\Desktop\bahlsende.jpg
[2011/09/14 01:35:36 | 000,067,893 | ---- | C] () -- C:\Users\Brian\Desktop\open_sea exhibit monterey aquarium.jpg
[2011/09/14 01:06:25 | 000,061,578 | ---- | C] () -- C:\Users\Brian\Desktop\Park & Bond.pdf
[2011/09/13 18:23:21 | 000,074,673 | ---- | C] () -- C:\Users\Brian\Desktop\Bahlsen.co.jpg
[2011/09/13 14:06:04 | 000,182,441 | ---- | C] () -- C:\Users\Brian\Desktop\National Park Service Patch.jpg
[2011/09/12 19:26:29 | 000,083,215 | ---- | C] () -- C:\Users\Brian\Desktop\Brian-Skerry.jpg
[2011/09/09 20:59:08 | 017,864,955 | ---- | C] () -- C:\Users\Brian\Desktop\roger eagle.psd
[2011/09/09 20:51:09 | 001,105,068 | ---- | C] () -- C:\Users\Brian\Desktop\roger eagle.jpg
[2011/09/09 20:50:51 | 000,078,670 | ---- | C] () -- C:\Users\Brian\Desktop\BooBerryCrunch001.jpg
[2011/09/09 13:51:36 | 000,020,742 | ---- | C] () -- C:\Users\Brian\Desktop\Budweiser-6-Pack_20090802280.jpg
[2011/09/09 13:35:42 | 000,164,712 | ---- | C] () -- C:\Users\Brian\Desktop\Zawahiri pizza delivery.jpg
[2011/09/09 13:35:32 | 001,243,525 | ---- | C] () -- C:\Users\Brian\Desktop\Zawahiri pizza delivery.psd
[2011/09/09 13:31:49 | 000,015,587 | ---- | C] () -- C:\Users\Brian\Desktop\PizzaDelivery-30844_19.jpg
[2011/09/09 13:28:02 | 000,015,182 | ---- | C] () -- C:\Users\Brian\Desktop\photo-1308239693720-1-0_520335_465x348.jpg
[2011/09/09 13:11:45 | 000,097,596 | ---- | C] () -- C:\Users\Brian\Desktop\cnn 911 threat.jpg
[2011/09/08 17:43:10 | 000,050,148 | ---- | C] () -- C:\Users\Brian\Desktop\New_horizons_cover.jpg
[2011/08/19 02:07:08 | 000,099,384 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\inst.exe
[2011/08/19 02:07:08 | 000,007,859 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\pcouffin.cat
[2011/08/19 02:07:08 | 000,001,167 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\pcouffin.inf
[2011/04/14 19:31:35 | 000,001,057 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\vso_ts_preview.xml
[2011/04/14 00:52:05 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\rx_image.Cache
[2011/04/14 00:10:31 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/12 03:42:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/12 01:57:23 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/12 01:53:42 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2011/04/12 00:07:12 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/04/12 00:07:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/04/11 22:15:55 | 000,043,514 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/11 22:15:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/11 22:15:28 | 000,028,548 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/05/05 19:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/05/05 19:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/05/05 19:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/04/02 05:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006/08/16 13:47:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/08/09 04:19:50 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/08/09 04:19:50 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll
[2006/08/09 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\besch.exe
[2006/08/09 01:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\besched.dll
[2005/07/15 11:36:35 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\DivXsm.exe
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\lockres.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Documents\Flight Simulator X Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Documents\dvd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Documents\Adobe Scripts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\werner bahlsen.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\video:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Unternehmen-0908.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\tumblr_lqr4f28rv01qin4vco1_500.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\tdsskiller:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\shark cake.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Roger Close Encounters.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\open_sea exhibit monterey aquarium.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\oct 6-a:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\New_horizons_cover.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\National Park Service Patch.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\MiniRegTool64:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Fred Flintstone at AutoZone.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\first:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Drug Town.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Danger:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Budweiser-6-Pack_20090802280.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Brian-Skerry.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\BooBerryCrunch001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\bahlsende1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\Bahlsen.co.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\BadgeParkRangerF.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\badge4.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Brian\Desktop\badge_special-300x300.jpg:Roxio EMC Stream
< End of report >
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Infected with zshare/zinkwink redirect to Bing i remove and it keeps coming back
Back to top
#17
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,817
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 07 October 2011 - 06:13 PM
Please open OTL.
Also please reboot, run OTL, you may set all sections including files to None, only Registry section should be Safe List. Post OTL.txt to your reply.
- Copy the text in code box and paste it to Custom Scans/Fixes section:
:otl FF - prefs.js..keyword.URL: "http://zinkwink.com/?tmp=redir_bho_bing&prt=zsharefqbho&keywords=" FF - user.js..keyword.URL: "http://zinkwink.com/?tmp=redir_bho_bing&prt=zsharefqbho&keywords=" FF - user.js..keyword.enabled: 1 :commands [emptytemp]
- Click Run Fix button.
- If the fix needed a reboot please do it.
- After finished a log will open. Copy and paste the log to your reply.
Also please reboot, run OTL, you may set all sections including files to None, only Registry section should be Safe List. Post OTL.txt to your reply.
#18
- New Member
-
- Group: Members
- Posts: 12
- Joined: 01-October 11
Posted 07 October 2011 - 06:44 PM
Step 1: It rebooted with this log pasted below.
Step 2: Also please reboot, run OTL, you may set all sections including files to None, only Registry section should be Safe List. Post OTL.txt to your reply.
I want to be certain that I understand. I should check "none" for Processes, Service, Modules etc? And Files Created/Modified Within?
Safe List for both Standard Registry and Extra Registry?
-------------------------------------------
All processes killed
========== OTL ==========
Prefs.js: "http://zinkwink.com/?tmp=redir_bho_bing&prt=zsharefqbho&keywords=" removed from keyword.URL
C:\Users\Brian\AppData\Roaming\Mozilla\FireFox\Profiles\od00txgw.default\user.js moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Brian
->Temp folder emptied: 16912041 bytes
->Temporary Internet Files folder emptied: 269058529 bytes
->Java cache emptied: 804268 bytes
->FireFox cache emptied: 1061057986 bytes
->Google Chrome cache emptied: 166663644 bytes
->Flash cache emptied: 13082161 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205204 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 234329045 bytes
Total Files Cleaned = 1,681.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 10072011_161748
Files\Folders moved on Reboot...
C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\subsonic\ehcache\chatCache.data scheduled to be moved on reboot.
File move failed. C:\Windows\temp\subsonic\ehcache\musicFolderCache.data scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_BRIAN-PC$\2412 not found!
C:\Windows\temp\e4j8BDA.tmp_dir9448\exe4jlib.jar moved successfully.
C:\Windows\temp\JETAC16.tmp moved successfully.
Registry entries deleted on Reboot...
Step 2: Also please reboot, run OTL, you may set all sections including files to None, only Registry section should be Safe List. Post OTL.txt to your reply.
I want to be certain that I understand. I should check "none" for Processes, Service, Modules etc? And Files Created/Modified Within?
Safe List for both Standard Registry and Extra Registry?
-------------------------------------------
All processes killed
========== OTL ==========
Prefs.js: "http://zinkwink.com/?tmp=redir_bho_bing&prt=zsharefqbho&keywords=" removed from keyword.URL
C:\Users\Brian\AppData\Roaming\Mozilla\FireFox\Profiles\od00txgw.default\user.js moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Brian
->Temp folder emptied: 16912041 bytes
->Temporary Internet Files folder emptied: 269058529 bytes
->Java cache emptied: 804268 bytes
->FireFox cache emptied: 1061057986 bytes
->Google Chrome cache emptied: 166663644 bytes
->Flash cache emptied: 13082161 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205204 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 234329045 bytes
Total Files Cleaned = 1,681.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 10072011_161748
Files\Folders moved on Reboot...
C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\subsonic\ehcache\chatCache.data scheduled to be moved on reboot.
File move failed. C:\Windows\temp\subsonic\ehcache\musicFolderCache.data scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_BRIAN-PC$\2412 not found!
C:\Windows\temp\e4j8BDA.tmp_dir9448\exe4jlib.jar moved successfully.
C:\Windows\temp\JETAC16.tmp moved successfully.
Registry entries deleted on Reboot...
#19
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,817
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 07 October 2011 - 06:51 PM
Only Standard Registry need to be set on Safe List, all the rest could be set to none.
#20
- New Member
-
- Group: Members
- Posts: 12
- Joined: 01-October 11
Posted 07 October 2011 - 07:13 PM
OTL logfile created on: 10/7/2011 5:10:40 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Brian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.98 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 53.63% Memory free
7.95 Gb Paging File | 5.66 Gb Available in Paging File | 71.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.16 Gb Total Space | 252.01 Gb Free Space | 42.27% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 955.10 Gb Free Space | 51.27% Space Free | Partition Type: NTFS
Drive J: | 14.91 Gb Total Space | 13.65 Gb Free Space | 91.59% Space Free | Partition Type: FAT32
Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 E4 64 73 E3 F8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/05 09:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 10:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/20 14:48:30 | 000,000,000 | ---D | M]
[2011/04/11 22:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2011/09/27 19:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions
[2011/08/17 21:20:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/27 19:01:51 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions\disconnect@disconnect.me
[2011/04/27 02:42:05 | 000,000,931 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\dictionary.xml
[2011/04/27 02:42:19 | 000,001,633 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\googletranslate.xml
[2011/04/12 05:14:14 | 000,001,504 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\imdb.xml
[2011/09/20 14:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/21 20:43:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 14:35:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/05 09:47:10 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\BRIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OD00TXGW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/05 10:28:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/04/21 20:40:30 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: AdBlock = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.13_0\
CHR - Extension: AVG Safe Search = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\
O1 HOSTS File: ([2011/04/16 03:40:56 | 000,001,365 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A86BB6FE-23A4-4513-ADFC-35BD26E9BE02}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/11 19:09:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
< End of report >
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Brian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.98 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 53.63% Memory free
7.95 Gb Paging File | 5.66 Gb Available in Paging File | 71.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.16 Gb Total Space | 252.01 Gb Free Space | 42.27% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 955.10 Gb Free Space | 51.27% Space Free | Partition Type: NTFS
Drive J: | 14.91 Gb Total Space | 13.65 Gb Free Space | 91.59% Space Free | Partition Type: FAT32
Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 E4 64 73 E3 F8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/05 09:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 10:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/20 14:48:30 | 000,000,000 | ---D | M]
[2011/04/11 22:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2011/09/27 19:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions
[2011/08/17 21:20:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/27 19:01:51 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\extensions\disconnect@disconnect.me
[2011/04/27 02:42:05 | 000,000,931 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\dictionary.xml
[2011/04/27 02:42:19 | 000,001,633 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\googletranslate.xml
[2011/04/12 05:14:14 | 000,001,504 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\od00txgw.default\searchplugins\imdb.xml
[2011/09/20 14:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/21 20:43:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 14:35:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/05 09:47:10 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\BRIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OD00TXGW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/05 10:28:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/04/21 20:40:30 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: AdBlock = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.13_0\
CHR - Extension: AVG Safe Search = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\
O1 HOSTS File: ([2011/04/16 03:40:56 | 000,001,365 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A86BB6FE-23A4-4513-ADFC-35BD26E9BE02}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/11 19:09:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
< End of report >
#21
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,817
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 07 October 2011 - 07:17 PM
The OTL is run after reboot and it is gone now, can you confirm?
#22
- New Member
-
- Group: Members
- Posts: 12
- Joined: 01-October 11
Posted 07 October 2011 - 07:28 PM
That was OTL after reboot, correct.
Is it gone? It is right now. I rebooted and I don't see it in keyword.URL right now. In fact, I rebooted twice. I think you got it and hope it doesn't return in a couple days as it was doing before.
What happened? Did it create a profile (js?) that kept resetting back to zinkwink/bing?
Thank you very much.
Is it gone? It is right now. I rebooted and I don't see it in keyword.URL right now. In fact, I rebooted twice. I think you got it and hope it doesn't return in a couple days as it was doing before.
What happened? Did it create a profile (js?) that kept resetting back to zinkwink/bing?
Thank you very much.
#23
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,817
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 07 October 2011 - 07:37 PM
You are most welcome. 
In case it came back send me a personal message and I will reopen the topic.
Yes it had created a user.js that kept coming back.
I strongly recommend the following:
Happy Surfing TomTomTom.
In case it came back send me a personal message and I will reopen the topic.
Quote
Did it create a profile (js?) that kept resetting back to zinkwink/bing?
Yes it had created a user.js that kept coming back.
I strongly recommend the following:
- To Clear the Java Runtime Environment (JRE) cache, do this:
- Click Start > Settings > Control Panel.
- Double-click the Java icon.
-The Java Control Panel appears. - Click "Settings" under Temporary Internet Files.
-The Temporary Files Settings dialog box appears. - Click "Delete Files".
-The Delete Temporary Files dialog box appears.
-There are three options on this window to clear the cache.- Delete Files
- View Applications
- View Applets
- Delete Files
- Click "OK" on Delete Temporary Files window.
-Note: This deletes all the Downloaded Applications and Applets from the cache. - Click "OK" on Temporary Files Settings window.
- Close the Java Control Panel.
- Click Start > Settings > Control Panel.
- Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Microsoft: ‘Unprecedented Wave of Java Exploitation’
- Drive-by Trojan preying on out-of-date Java installations
- Ghosts of Java Haunt Users
Please follow these steps to remove older version Java components and update:- Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
- Look for "Java Platform, Standard Edition".
- Click the "Download JRE" button to the right.
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- From the list, select your OS and Platform (32-bit or 64-bit).
- If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
Go to
> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.- Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
- If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
- When the Java Setup - Welcome window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
- The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:- Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
- Click Ok and reboot your computer.
- Microsoft: ‘Unprecedented Wave of Java Exploitation’
Happy Surfing TomTomTom.
#24
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,817
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 17 October 2011 - 03:51 AM
This thread will now be closed since the issue seems to be resolved.
If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.
Every one else should start a new topic.
If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.
Every one else should start a new topic.
