malware possibly from bearshare

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

malware possibly from bearshare need help removing

#1 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 23 January 2012 - 02:37 AM

I downloaded bearshare awhile ago. I deleted most of it from the registry but i see there is a bearshare file combined with a google file and i cannot delete it. The only problems i've had is sometimes my computer wont turn on the first time i hit the power button, but it will the second time. Or the light on the power button will turn on but the screen remains black and i have to do a hard shutdown. Also I have to manually turn on the windows firewall and windows defender every startup. I checked the services and both of them say the startup type is automatic, guessing the malware is to blame. Any help is greatly appreciated.

Heres a log from hijack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:19:02 PM, on 1/22/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\windows defender\MSASCui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8007 bytes

This post has been edited by scottalex00: 23 January 2012 - 03:55 AM

#2 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 23 January 2012 - 02:40 AM

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by scott at 21:20:17 on 2012-01-22
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.1772 [GMT -6:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\vssvc.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080814
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{0834883D-1ECC-497A-842C-82122AB929C8} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
IFEO: AcroRd32.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: dsc.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: garminlifetime.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: googleupdater.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: msoxmled.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\93ugmk47.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\93ugmk47.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-25 73728]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-22 652872]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-25 111616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-22 20464]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-23 03:18:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{48ea3e3d-1d33-4d55-8e31-6624b02838a7}\offreg.dll
2012-01-23 03:06:22 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{48ea3e3d-1d33-4d55-8e31-6624b02838a7}\mpengine.dll
2012-01-23 02:50:20 -------- d--h--w- C:\$AVG
2012-01-23 01:44:25 388096 ----a-r- c:\users\scott\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-23 01:44:25 -------- d-----w- c:\program files\Trend Micro
2012-01-22 19:28:00 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2012-01-22 19:27:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-22 19:27:52 -------- d-----w- c:\programdata\Malwarebytes
2012-01-22 19:27:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-14 04:55:22 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-14 04:55:22 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-14 04:55:22 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-14 04:55:22 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-14 04:55:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-14 04:55:22 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-14 04:44:12 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-14 04:44:12 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-14 04:44:12 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-14 04:44:12 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-11 05:52:55 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 05:52:55 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 05:52:55 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 05:52:54 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 05:52:54 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 05:52:53 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 05:52:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 05:52:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-26 16:44:31 -------- d-----w- c:\programdata\Garmin
2011-12-26 16:43:58 -------- d-----w- c:\users\scott\appdata\roaming\Garmin
2011-12-26 16:43:48 -------- d-----w- c:\program files\Garmin
.
==================== Find3M ====================
.
2011-12-10 21:13:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 20:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 21:21:01.46 ===============

#3 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 23 January 2012 - 02:41 AM

DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2008 4:42:03 AM
System Uptime: 1/22/2012 7:37:51 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | Microprocessor | 1867/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 35.781 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.66 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: AcroRd32.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: dsc.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: garminlifetime.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: googleupdater.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: msoxmled.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: mstore.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: roxio_central36.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: unbind.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: winword.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AviSynth 2.5
Bejeweled 3
BitTorrent
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
D3DX10
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
DivX Setup
DVD Decrypter (Remove Only)
Free RAR Extract Frog
Garmin Lifetime Updater
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Laptop Integrated Webcam Driver (1.04.01.1011)
Malwarebytes Anti-Malware version 1.60.0.1800
MediaDirect
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
PeerBlock 1.1 (r518)
QuickSet
QuickTime
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Segoe UI
Tetris
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
Videora iPod Converter 6
Virtual DJ Pro Full - Atomix Productions
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
1/22/2012 7:39:50 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/22/2012 7:39:50 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx86 Avgmfx86 Avgtdix CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2012 6:38:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2012 6:37:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/22/2012 6:37:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/22/2012 6:37:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/22/2012 6:37:02 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
1/22/2012 6:37:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
1/22/2012 5:51:14 PM, Error: EventLog [6008] - The previous system shutdown at 5:41:59 PM on 1/22/2012 was unexpected.
1/22/2012 5:28:09 PM, Error: EventLog [6008] - The previous system shutdown at 5:20:13 PM on 1/22/2012 was unexpected.
1/22/2012 2:11:07 PM, Error: EventLog [6008] - The previous system shutdown at 2:07:25 PM on 1/22/2012 was unexpected.
.
==== End Of File ===========================

This post has been edited by scottalex00: 23 January 2012 - 02:44 AM

#4 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 23 January 2012 - 02:44 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-23 01:18:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: l3whw2wx.exe; Driver: C:\Users\scott\AppData\Local\Temp\fgloypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xADA727A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xADA72848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xADA728E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xADA72980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 826FDB74 4 Bytes [A0, 27, A7, AD]
.text ntkrnlpa.exe!KeSetEvent + 621 826FDDA4 8 Bytes [48, 28, A7, AD, E4, 28, A7, ...] {DEC EAX; SUB [EDI-0x58d71b53], AH; LODSD }
.text ntkrnlpa.exe!KeSetEvent + 681 826FDE04 4 Bytes [80, 29, A7, AD] {SUB BYTE [ECX], 0xa7; LODSD }
? C:\Users\scott\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[5044] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 67E8B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5044] USER32.dll!GetWindowInfo 7666428E 5 Bytes JMP 680136FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!SetWindowLongA 7665E7CD 5 Bytes JMP 68263A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!SetWindowLongW 766613B4 5 Bytes JMP 68263A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!GetWindowInfo 7666428E 5 Bytes JMP 6800C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!TrackPopupMenu 766714F3 5 Bytes JMP 6800CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Files - GMER 1.0.15 ----

File C:\Users\scott\Pavark 0 bytes

---- EOF - GMER 1.0.15 ----

#5 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 29 January 2012 - 02:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/439516 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 30 January 2012 - 08:24 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

We'll remove Bearshare afterwards but first let's check you're clean here

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#7 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 30 January 2012 - 08:27 PM

I ran norton's scan and it found a trojan which was deleted. I also used malwarebytes and spybot which removed threats.
And lastly, i used superantispyware which removed threats and also let me delete a bearshare file that wouldn't let me
delete it even if i was the admin. So here are updated logs that i would greatly appreciate anyone to look over and make
sure there arent any threats or rootkits remaining. also im unable to create a restore point even when i turn on the volume shadow copy
to automatic. It comes up with the error 0x8004230F.

and yes i do have have the windows cd/dvd.

======================================================

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by scott at 18:25:53 on 2012-01-30
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2051 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\aestsrv.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080814
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080814
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.2.0.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.2.0.10\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.2.0.10\coIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{0834883D-1ECC-497A-842C-82122AB929C8} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
IFEO: AcroRd32.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: dsc.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: garminlifetime.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: googleupdater.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: msoxmled.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\93ugmk47.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\93ugmk47.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1302000.00a\symds.sys [2012-1-25 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1302000.00a\symefa.sys [2012-1-25 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-21 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1302000.00a\ccsetx86.sys [2012-1-25 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120126.003\IDSvix86.sys [2012-1-26 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1302000.00a\ironx86.sys [2012-1-25 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1302000.00a\symtdiv.sys [2012-1-25 344184]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-25 73728]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-25 652872]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.2.0.10\ccsvchst.exe [2012-1-25 138760]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-25 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-26 106104]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-25 111616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-25 20464]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-25 21:15:35 344184 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symtdiv.sys
2012-01-25 21:15:34 897656 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symefa.sys
2012-01-25 21:15:34 340088 ----a-r- c:\windows\system32\drivers\nis\1302000.00a\symds.sys
2012-01-25 21:15:34 314488 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symnets.sys
2012-01-25 21:15:33 566904 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtsp.sys
2012-01-25 21:15:33 31864 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtspx.sys
2012-01-25 21:15:33 149624 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ironx86.sys
2012-01-25 21:15:33 132744 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ccsetx86.sys
2012-01-25 21:15:24 -------- d-----w- c:\windows\system32\drivers\nis\1302000.00A
2012-01-25 21:12:15 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-01-25 20:44:32 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-25 20:44:32 -------- d-----w- c:\program files\Symantec
2012-01-25 20:44:32 -------- d-----w- c:\program files\common files\Symantec Shared
2012-01-25 20:43:52 -------- d-----w- c:\program files\Norton Internet Security
2012-01-25 20:43:41 -------- d-----w- c:\program files\NortonInstaller
2012-01-25 20:16:48 -------- d-----w- c:\users\scott\appdata\roaming\AVG10
2012-01-25 20:13:45 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-25 20:13:45 -------- d-----w- c:\programdata\AVG10
2012-01-25 07:47:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-25 07:47:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-25 07:36:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 07:36:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 07:30:55 -------- d-----w- c:\users\scott\appdata\roaming\SUPERAntiSpyware.com
2012-01-25 07:30:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-25 07:30:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 17:46:34 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d55f09e0-8514-4c5e-9ded-88d913c177d4}\mpengine.dll
2012-01-23 01:44:25 388096 ----a-r- c:\users\scott\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-23 01:44:25 -------- d-----w- c:\program files\Trend Micro
2012-01-22 19:28:00 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2012-01-22 19:27:52 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 04:55:22 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-14 04:55:22 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-14 04:55:22 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-14 04:55:22 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-14 04:55:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-14 04:55:22 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-14 04:44:12 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-14 04:44:12 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-14 04:44:12 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-14 04:44:12 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-11 05:52:55 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 05:52:55 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 05:52:55 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 05:52:54 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 05:52:54 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 05:52:53 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 05:52:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 05:52:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-10 21:13:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 20:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:26:33.92 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-30 19:24:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: l3whw2wx.exe; Driver: C:\Users\scott\AppData\Local\Temp\fgloypow.sys

---- System - GMER 1.0.15 ----

SSDT 897DD890 ZwAlertResumeThread
SSDT 897DD250 ZwAlertThread
SSDT 897ED5A8 ZwAllocateVirtualMemory
SSDT 87D24648 ZwAlpcConnectPort
SSDT 897DD950 ZwAssignProcessToJobObject
SSDT 897CB938 ZwCreateMutant
SSDT 897EEC40 ZwCreateSymbolicLinkObject
SSDT 897DDD60 ZwCreateThread
SSDT 897DDAC8 ZwDebugActiveProcess
SSDT 897DA0F8 ZwDuplicateObject
SSDT 897CBD60 ZwFreeVirtualMemory
SSDT 897D8EE8 ZwImpersonateAnonymousToken
SSDT 897DD7C8 ZwImpersonateThread
SSDT 87D245D0 ZwLoadDriver
SSDT 897CBC80 ZwMapViewOfSection
SSDT 897DD1B0 ZwOpenEvent
SSDT 897DDC48 ZwOpenProcess
SSDT 897ED678 ZwOpenProcessToken
SSDT 897DDE30 ZwOpenSection
SSDT 897DA1C8 ZwOpenThread
SSDT 897F0828 ZwProtectVirtualMemory
SSDT 897DD310 ZwResumeThread
SSDT 897CBA30 ZwSetContextThread
SSDT 897CBAF0 ZwSetInformationProcess
SSDT 897DD4B8 ZwSetSystemInformation
SSDT 897DAA68 ZwSuspendProcess
SSDT 897F00F8 ZwSuspendThread
SSDT 897DA2D8 ZwTerminateProcess
SSDT 897ED358 ZwTerminateThread
SSDT 897CBBC0 ZwUnmapViewOfSection
SSDT 897ED4D8 ZwWriteVirtualMemory
SSDT 897F0998 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820BA8A0 8 Bytes [90, D8, 7D, 89, 50, D2, 7D, ...] {NOP ; FDIVR DWORD [EBP-0x77]; PUSH EAX; SAR BYTE [EBP-0x77], CL}
.text ntkrnlpa.exe!KeSetEvent + 131 820BA8B4 4 Bytes [A8, D5, 7E, 89] {TEST AL, 0xd5; JLE 0xffffffffffffff8d}
.text ntkrnlpa.exe!KeSetEvent + 13D 820BA8C0 4 Bytes [48, 46, D2, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 820BA914 4 Bytes [50, D9, 7D, 89] {PUSH EAX; FNSTCW [EBP-0x77]}
.text ntkrnlpa.exe!KeSetEvent + 1F5 820BA978 4 Bytes [38, B9, 7C, 89]
.text ...
? C:\Users\scott\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2624] USER32.dll!SetWindowLongA 7738E7CD 5 Bytes JMP 65593A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2624] USER32.dll!SetWindowLongW 773913B4 5 Bytes JMP 65593A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2624] USER32.dll!GetWindowInfo 7739428E 5 Bytes JMP 6533C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2624] USER32.dll!TrackPopupMenu 773A14F3 5 Bytes JMP 6533CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!LdrLoadDll 77BD9378 5 Bytes JMP 651BB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!GetWindowInfo 7739428E 5 Bytes JMP 653436FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#8 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 30 January 2012 - 08:35 PM

I've posted above you, scottalex00

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#9 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 31 January 2012 - 01:14 AM

ok i did the scan, and almost 3 hrs in i crashed. My av was on, idk if thats the cause. I ended up completing the scan in safe mode.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 23:25:27
-----------------------------
23:25:27.109 OS Version: Windows 6.0.6002 Service Pack 2
23:25:27.109 Number of processors: 2 586 0xF0D
23:25:27.109 ComputerName: SCOTT-PC UserName: scott
23:25:32.335 Initialize success
23:25:47.498 AVAST engine defs: 12013000
23:25:51.804 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:25:51.820 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
23:25:51.866 Disk 0 MBR read successfully
23:25:51.882 Disk 0 MBR scan
23:25:51.882 Disk 0 Windows VISTA default MBR code
23:25:51.882 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
23:25:51.929 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10240 MB offset 145408
23:25:51.944 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225602 MB offset 21116928
23:25:51.944 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
23:25:51.991 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
23:25:51.991 Disk 0 scanning sectors +488394752
23:25:52.054 Disk 0 scanning C:\Windows\system32\drivers
23:26:01.133 Service scanning
23:26:04.814 Modules scanning
23:26:07.264 Disk 0 trace - called modules:
23:26:07.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
23:26:07.295 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658aa10]
23:26:07.295 3 CLASSPNP.SYS[8bfd08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85ab1030]
23:26:09.385 AVAST engine scan C:\Windows
23:26:12.458 AVAST engine scan C:\Windows\system32
23:29:16.601 AVAST engine scan C:\Windows\system32\drivers
23:29:33.932 AVAST engine scan C:\Users\scott
23:59:04.236 AVAST engine scan C:\ProgramData
00:04:27.577 Scan finished successfully
00:04:44.675 Disk 0 MBR has been saved successfully to "C:\Users\scott\Desktop\MBR.dat"
00:04:44.675 The log file has been saved successfully to "C:\Users\scott\Desktop\aswMBRscan.txt"

#10 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 31 January 2012 - 07:20 PM

Please download and run Combofix

Please download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Comfix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#11 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 31 January 2012 - 11:39 PM

ComboFix 12-01-31.01 - scott 01/31/2012 22:25:17.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2116 [GMT -6:00]
Running from: c:\users\scott\Desktop\comfix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-01-31 17:42 . 2012-01-31 19:19 -------- d-----w- c:\windows\system32\drivers\NIS\1305000.091
2012-01-26 21:00 . 2012-01-26 21:01 -------- d-----w- c:\users\Administrator
2012-01-25 21:12 . 2011-11-24 02:23 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-01-25 20:44 . 2012-01-31 17:44 -------- d-----w- c:\program files\Symantec
2012-01-25 20:44 . 2012-01-31 17:43 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-25 20:44 . 2012-01-25 20:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-01-25 20:43 . 2012-01-25 20:43 -------- d-----w- c:\program files\Norton Internet Security
2012-01-25 20:43 . 2012-01-25 20:43 -------- d-----w- c:\program files\NortonInstaller
2012-01-25 20:16 . 2012-01-25 20:16 -------- d-----w- c:\users\scott\AppData\Roaming\AVG10
2012-01-25 20:13 . 2012-01-25 20:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-25 07:47 . 2012-01-25 08:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-25 07:36 . 2012-01-25 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 07:36 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 07:30 . 2012-01-25 07:30 -------- d-----w- c:\users\scott\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 07:30 . 2012-01-25 07:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-23 01:44 . 2012-01-23 01:44 388096 ----a-r- c:\users\scott\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-23 01:44 . 2012-01-23 01:44 -------- d-----w- c:\program files\Trend Micro
2012-01-22 19:28 . 2012-01-22 19:28 -------- d-----w- c:\users\scott\AppData\Roaming\Malwarebytes
2012-01-14 04:55 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-14 04:55 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-14 04:55 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-14 04:55 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-14 04:55 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-14 04:55 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-14 04:44 . 2012-01-14 04:44 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-14 04:44 . 2012-01-14 04:44 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-14 04:44 . 2012-01-14 04:44 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-14 04:44 . 2012-01-14 04:44 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-11 05:52 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 05:52 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 05:52 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 05:52 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 05:52 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 05:52 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 05:52 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 05:52 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:13 . 2011-05-19 19:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-13 19:00 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 20:29 . 2011-01-30 04:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-13 19:00 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-04 14:54 . 2011-12-13 19:00 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-14 04:44 . 2011-12-06 18:27 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2011-09-24 405504]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-12-15 16:40 1446248 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 23:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-09 00:44 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-14 09:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ECenter"=c:\dell\E-Center\EULALauncher.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SYMIM
*Deregistered* - mfehidk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 16:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-14 19:57]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 23:19]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 23:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\93ugmk47.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 22:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-31 22:35:49
ComboFix-quarantined-files.txt 2012-02-01 04:35
.
Pre-Run: 36,649,259,008 bytes free
Post-Run: 36,559,147,008 bytes free
.
- - End Of File - - 1FC0323DA3609C8B6FB01CA44DFD1DFA

#12 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 01 February 2012 - 07:40 PM

Please run OTL so we can clear up Bearshare

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Under scan settings, check and check Remove found threats
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
Copy and paste the resulting log in your next reply

If no log is generated that means nothing was found. Please let me know if this happens.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#13 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 01 February 2012 - 11:42 PM

ok heres the otl.txt first

OTL logfile created on: 2/1/2012 8:34:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\scott\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.23% Memory free
7.16 Gb Paging File | 6.11 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 36.73 Gb Free Space | 16.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.66 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Computer Name: SCOTT-PC | User Name: scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Scott\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe (Symantec Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120201.003\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120201.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120131.002\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys (Symantec Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 22:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/31 10:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/01 20:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/13 22:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 22:49:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{30BEAF7C-EF05-4E2F-804B-1C8396BF5635}: C:\Users\scott\AppData\Local\{30BEAF7C-EF05-4E2F-804B-1C8396BF5635} [2010/05/09 04:04:12 | 000,000,000 | ---D | M]

[2012/01/26 14:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2012/01/30 23:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\93ugmk47.default\extensions
[2011/12/26 11:12:16 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\93ugmk47.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/24 18:48:37 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\93ugmk47.default\extensions\firefox@ghostery.com
[2011/12/09 22:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/13 22:44:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
() (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93UGMK47.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93UGMK47.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93UGMK47.DEFAULT\EXTENSIONS\{C72C0C73-4EB0-4FB3-AF0F-074E97326CFD}.XPI
() (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93UGMK47.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93UGMK47.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93UGMK47.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
() (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93UGMK47.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/01/13 22:44:13 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/06/09 16:28:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/06/27 15:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2012/01/03 07:10:44 | 000,182,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/10/30 22:30:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/10/30 22:30:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/10/30 22:30:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/10/30 22:30:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/10/30 22:30:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/10/30 22:30:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/10/30 22:30:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/01/13 22:44:11 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/01/13 22:44:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/13 22:44:11 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/01/13 22:44:11 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/12/06 12:11:27 | 000,002,511 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/13 22:44:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/01/13 22:44:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/01/13 22:44:11 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

O1 HOSTS File: ([2012/01/26 18:19:57 | 000,441,037 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15162 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0834883D-1ECC-497A-842C-82122AB929C8}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 22:41:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/31 22:34:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/31 22:23:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/31 22:23:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/31 22:22:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/31 22:22:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/31 22:22:51 | 000,000,000 | ---D | C] -- C:\comfix
[2012/01/31 22:22:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/31 22:19:22 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\scott\Desktop\comfix.exe
[2012/01/30 19:29:18 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\scott\Desktop\aswMBR.exe
[2012/01/25 15:12:15 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2012/01/25 14:44:32 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/01/25 14:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/25 14:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/25 14:43:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/01/25 14:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/01/25 14:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/25 14:16:48 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\AVG10
[2012/01/25 14:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2012/01/25 14:13:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/01/25 01:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/25 01:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/25 01:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/25 01:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/25 01:36:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/25 01:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/25 01:30:55 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/25 01:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/25 01:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/25 01:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/23 19:08:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.exe
[2012/01/22 21:20:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\scott\Desktop\dds.scr
[2012/01/22 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/22 19:44:25 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/22 13:28:00 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\Malwarebytes
[2012/01/22 13:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/10 23:52:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/10 23:52:54 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/10 23:52:54 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/10 23:52:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/10 23:52:53 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 20:28:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 20:24:12 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 20:24:12 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 20:24:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 14:16:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/31 22:19:28 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\scott\Desktop\comfix.exe
[2012/01/31 13:21:37 | 002,342,367 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/01/31 13:21:25 | 000,002,226 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/31 13:19:02 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
[2012/01/31 11:43:15 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/01/31 11:43:15 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/01/31 11:43:15 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/01/31 00:04:44 | 000,000,512 | ---- | M] () -- C:\Users\scott\Desktop\MBR.dat
[2012/01/30 19:30:23 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\scott\Desktop\aswMBR.exe
[2012/01/30 18:29:58 | 000,050,477 | ---- | M] () -- C:\Users\scott\Desktop\Defogger.exe
[2012/01/27 23:12:16 | 000,655,370 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/27 23:12:16 | 000,124,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/27 21:40:48 | 000,043,008 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/01/26 22:40:39 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/26 22:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
[2012/01/26 18:28:24 | 000,006,648 | ---- | M] () -- C:\Users\scott\AppData\Local\d3d9caps.dat
[2012/01/26 18:19:57 | 000,441,037 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/26 15:32:36 | 000,000,940 | ---- | M] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/25 20:47:10 | 000,293,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/25 01:47:51 | 000,001,057 | ---- | M] () -- C:\Users\scott\Desktop\Spybot - Search & Destroy.lnk
[2012/01/25 01:45:06 | 000,002,523 | ---- | M] () -- C:\Users\scott\Desktop\HiJackThis.lnk
[2012/01/25 01:36:28 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 01:30:26 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/23 19:08:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.exe
[2012/01/22 21:23:51 | 000,302,592 | ---- | M] () -- C:\Users\scott\Desktop\l3whw2wx.exe
[2012/01/22 21:20:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\scott\Desktop\dds.scr
[2012/01/08 12:00:27 | 000,000,000 | ---- | M] () -- C:\Users\scott\AppData\Local\{4B8C946E-73F0-4F6C-9CCF-B8C95A40DCC3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/31 22:23:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/31 22:23:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/31 22:23:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/31 22:23:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/31 22:23:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 00:04:44 | 000,000,512 | ---- | C] () -- C:\Users\scott\Desktop\MBR.dat
[2012/01/30 18:29:57 | 000,050,477 | ---- | C] () -- C:\Users\scott\Desktop\Defogger.exe
[2012/01/26 15:32:36 | 000,000,940 | ---- | C] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/25 14:44:32 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/01/25 14:44:32 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/01/25 14:44:27 | 000,002,226 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/25 01:47:51 | 000,001,057 | ---- | C] () -- C:\Users\scott\Desktop\Spybot - Search & Destroy.lnk
[2012/01/25 01:36:28 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 01:30:26 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 21:23:46 | 000,302,592 | ---- | C] () -- C:\Users\scott\Desktop\l3whw2wx.exe
[2012/01/22 19:44:25 | 000,002,523 | ---- | C] () -- C:\Users\scott\Desktop\HiJackThis.lnk
[2012/01/08 12:00:27 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\{4B8C946E-73F0-4F6C-9CCF-B8C95A40DCC3}
[2011/05/24 22:55:33 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\{57F77F57-316A-4FD2-978A-B06B10574CB1}
[2011/04/24 16:49:42 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/04/03 02:43:05 | 000,000,552 | ---- | C] () -- C:\Users\scott\AppData\Local\d3d8caps.dat
[2011/02/07 11:29:30 | 000,000,001 | -H-- | C] () -- C:\Windows\mulch200.ini
[2011/02/02 00:11:31 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/07/23 09:05:56 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ajupomubarax.dll
[2010/07/23 00:06:17 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ifuducenafidaco.dll
[2010/07/22 22:04:05 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\erovupom.dll
[2010/07/22 00:53:03 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\alidahigusudiho.dll
[2010/07/21 22:51:03 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\evevaxitig.dll
[2010/07/21 18:33:46 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ucadotibuxer.dll
[2010/07/21 11:02:13 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ucukigatekudat.dll
[2010/07/20 23:33:54 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\isuvurovilox.dll
[2010/07/20 17:43:37 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ipogilimelumorun.dll
[2010/07/20 15:09:28 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\unesiyov.dll
[2010/07/20 10:18:13 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ugadewiy.dll
[2010/07/20 01:24:32 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ididinigowe.dll
[2010/07/20 00:39:34 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\etogavim.dll
[2010/07/19 23:11:21 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\exovanuzafa.dll
[2010/07/19 21:09:22 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\amidadot.dll
[2010/07/19 19:00:55 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\utoxehotep.dll
[2010/07/19 11:52:36 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\imidohugili.dll
[2010/07/19 09:33:54 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ajugoforeqonofa.dll
[2010/07/18 23:08:07 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ekosifefela.dll
[2010/07/18 21:06:12 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ecukigat.dll
[2010/07/18 17:06:07 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\umahugewuxi.dll
[2010/07/18 15:04:04 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ayiwumezimimi.dll
[2010/07/14 22:15:32 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\elebufebos.dll
[2010/07/14 17:50:36 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\owezageyabeguyo.dll
[2010/07/14 15:48:38 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\obukexug.dll
[2010/07/14 11:08:14 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ikikofeginu.dll
[2010/07/14 02:25:53 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\obufokel.dll
[2010/07/14 00:23:52 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\aqamecusuramujo.dll
[2010/07/13 22:36:11 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\axubadis.dll
[2010/07/13 16:39:44 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\izasajubij.dll
[2010/07/13 12:10:00 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\iqevoyoh.dll
[2010/07/13 04:58:27 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\oqupekamosarev.dll
[2010/07/12 14:31:39 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\igiyijiw.dll
[2010/07/12 13:01:26 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ulajurijafe.dll
[2010/07/12 01:37:18 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ivecigit.dll
[2010/07/11 19:31:41 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ihamiyumihoy.dll
[2010/07/11 15:10:49 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ejuxawodafuvel.dll
[2010/07/10 23:54:01 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ovebehamicunojag.dll
[2010/07/10 22:22:22 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ecaxayot.dll
[2010/07/10 15:16:42 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ayuxuvijuki.dll
[2010/07/10 13:01:49 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\onadebib.dll
[2010/07/10 00:52:54 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\oderabat.dll
[2010/07/09 14:09:47 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\awegaqab.dll
[2010/07/09 09:42:31 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\usejifigoci.dll
[2010/04/30 16:46:16 | 000,000,120 | ---- | C] () -- C:\Users\scott\AppData\Local\Qqixeciluv.dat
[2010/04/30 16:46:16 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\Efuwodoruv.bin
[2010/04/30 16:44:34 | 000,000,020 | ---- | C] () -- C:\Users\scott\AppData\Roaming\wzmjhy.dat
[2009/12/06 22:48:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/06 22:47:43 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/12/06 22:46:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/12/08 17:18:36 | 000,006,648 | ---- | C] () -- C:\Users\scott\AppData\Local\d3d9caps.dat
[2008/09/01 20:53:58 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/09/01 20:53:50 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/01 20:53:45 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/08/26 01:21:26 | 000,084,480 | ---- | C] () -- C:\Users\scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/25 06:41:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/25 06:10:28 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/25 06:10:28 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/25 06:10:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/25 06:10:28 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/08/25 06:10:28 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/25 06:10:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/25 03:38:59 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/08/21 21:55:56 | 000,000,752 | ---- | C] () -- C:\Users\scott\AppData\Roaming\wklnhst.dat
[2008/08/14 03:29:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/14 03:22:05 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/14 03:22:05 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 16:11:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/20 20:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 06:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:46:27 | 000,293,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,655,370 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,124,332 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/25 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\AVG10
[2012/02/01 00:08:22 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\BitTorrent
[2011/04/07 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\FreeFileViewer
[2011/12/26 11:13:51 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Garmin
[2010/11/09 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\gtk-2.0
[2011/04/07 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\HTML Executable
[2010/12/16 12:26:50 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Philipp Winterberg
[2011/03/08 23:46:33 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Red Kawa
[2010/12/06 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Registry Mechanic
[2011/04/04 02:52:50 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Rovio
[2008/08/25 03:32:23 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Template
[2011/02/02 04:17:40 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tmp
[2011/02/01 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\TuneUp Software
[2010/10/26 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Windows Live Writer
[2012/02/01 14:35:30 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D431AA5F

< End of report >

and the extras.txt

OTL Extras logfile created on: 2/1/2012 8:34:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\scott\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.23% Memory free
7.16 Gb Paging File | 6.11 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 36.73 Gb Free Space | 16.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.66 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Computer Name: SCOTT-PC | User Name: scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0112F91D-C185-46E3-B2A6-FDBFF83E964F}" = lport=1900 | protocol=6 | dir=in | name=xbox |
"{09890D66-4365-4C57-A570-495F4107F537}" = lport=10281 | protocol=6 | dir=in | name=xbox |
"{0F5D4B9C-F4F9-4CF8-B26A-E074E6033C6E}" = rport=138 | protocol=17 | dir=out | app=system |
"{10286693-634E-4946-BDA1-FE4E33CB7D94}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1960CF55-CF66-4350-A2BD-3AC24941C54D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1A92FD36-9838-4756-B509-3AD9835A83C9}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1F89A603-6EA9-4C4F-BBA2-6F17201B1F4A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{288E5DE5-C8C1-453E-92DD-39C365EB40AD}" = lport=139 | protocol=6 | dir=in | app=system |
"{2AB532C6-1BE6-4EC0-BBFF-C665F78B3B39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E3D2494-318B-4ED4-85FB-5FB1895E0334}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33B1FD98-7D33-4524-8945-A348C18C3BFE}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3BAACC7C-6F87-4600-8754-4E86954C59E8}" = lport=10280 | protocol=6 | dir=in | name=xbox |
"{42346229-8D8F-43BF-9738-F145D3905708}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{460E1A9D-8F11-4029-8928-C3F2E14D1C0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C71C273-25AF-4569-9538-BBADB63FF6CC}" = lport=10284 | protocol=6 | dir=in | name=xbox |
"{4EC9C980-71A8-43CF-963A-591ED5D6271A}" = rport=445 | protocol=6 | dir=out | app=system |
"{50A4D29F-2968-4F83-B538-A43F04373773}" = rport=137 | protocol=17 | dir=out | app=system |
"{55B34B24-0FFC-4F8C-B013-BDB2E8A12159}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DF1B7DE-250A-4243-9FE4-9B1F63F7225A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63F58D88-AEE8-4720-9164-C100E2440CA3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{64A9CAB3-7108-4AED-88EC-47D8A193B61A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6548AEAD-5987-4BAE-A5BF-5B8F8FA2443E}" = lport=10243 | protocol=6 | dir=in | name=xbox |
"{67A44D60-2E41-4119-AC3E-FF94F0F473E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E70604B-7F04-4B7B-92ED-4ED2783C4FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{71D50A0D-5790-4810-8DE3-6BBEEAC0ACB0}" = rport=10244 | protocol=6 | dir=out | app=system |
"{796AC0DC-F411-4DB9-94E7-4B40A536CC14}" = lport=10282 | protocol=6 | dir=in | name=xbox |
"{7DF7F69A-E5A7-4792-B683-EC20CEB4257A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82F939D5-264C-437D-BA2F-D23DFB704AD8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92588303-AF99-4FED-B304-AB6F9A84F420}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95406C74-9A84-4E09-9FA3-3F75A73DCF4D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99835818-1AB7-4A9C-B88C-B35F9C3EBC2E}" = rport=139 | protocol=6 | dir=out | app=system |
"{B7614E81-E26C-4F36-87F5-B4BBC18FD6AD}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE3CCBE2-18CA-4AFF-819C-6C306002FB84}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF979B9B-0569-44C6-BC36-42F77E67DC85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C5BE31D3-A249-4363-A4D0-132CCD1B4175}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C69DBB54-1F0F-4267-95B5-B2AC1310557A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C7E2A022-323B-4590-A79F-628DE1A5C982}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D93FAD51-644C-4475-81E7-C0DAA50A4ECC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DDFAEFFC-FB48-4E3E-993E-6B3E5690F216}" = lport=10244 | protocol=6 | dir=in | app=system |
"{E199C074-BD1E-4D64-A9D8-61F445CB29BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E37B73B2-DE58-4B25-BA0F-9FF0E08748C5}" = lport=10283 | protocol=6 | dir=in | name=xbox |
"{E8A8243F-CCBB-442D-B235-9B79EF615F55}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA6F3E64-4E8A-46D9-9001-CF3097FE960D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F5C2BA3D-706E-456E-99AA-9D5372043ECE}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6ABDFEE-BED1-4795-88F5-637D07418C87}" = lport=2869 | protocol=6 | dir=in | name=xbox |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EB0206-627E-45AD-9432-D0EECDAB4F88}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{226A5F87-088E-47E0-B0D6-49CEB3C12329}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{238E1307-97C1-42AA-9710-9AA64EE80824}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4552C99D-7831-480A-9E6C-4C87497EA1B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{572F4915-1F61-4215-97A5-A25F72F7C581}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A3BBA39-27CA-47F7-95A3-72D98AD49DC4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{627C996E-DE0D-4804-8064-7BF8CE1B05CF}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{63AEF9BC-8475-4B92-873E-8B8267F6FD2D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{75A91E96-4360-4807-B0DE-A5F0D57FFF9E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7A97AD2C-ACAC-4143-8529-B3F6B209747E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{7B312116-BA96-4162-BAD6-35BCEAA4AF41}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8F81F07A-AC22-4AAF-AFF6-168C89099918}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9E00678F-8691-4F48-BEE8-0C16FCF67BD5}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9EA47CEC-57F8-4A71-BCD7-2BC026886E28}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A24A4609-7879-4DDB-9AAB-6C69F117C82F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B1B77C10-442D-4280-90BB-9F33226DA4AE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BAE0CF03-89A8-4D48-BC04-E0E3A80AAF5B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB807417-7FC7-47A2-AED6-61C93AE73EE6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BE841E1E-334E-4806-B33D-F36769DE5E07}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C1B433EE-D359-477F-A325-EB977BF433A1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C7C1385C-18A2-42B7-A347-CDA46FD95F26}" = protocol=6 | dir=out | app=system |
"{CB0C9F64-C6F1-4007-8CD1-B1B0DA2AC752}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E4DB55C7-37D4-41C5-9320-4DAFF02F296E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E52E023D-A2E6-4C94-AA41-11D64BD3CAB7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E604D85D-8034-4D8C-8C71-2D0904656753}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA5C39A5-D66A-4DFE-8CDE-23EAC11DDA1E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EC0DBD26-0E9E-46F8-B44B-41045436435E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EDF2C4DF-1C98-4797-9F8C-140C4B3182EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F229F619-8C82-4F1C-BF8A-0C0AFD0E29AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{91024D82-8964-4AF2-9AE8-AE79720BB6B7}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{E4E08096-4CBA-4B1E-9775-8D053D1F1919}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{719EC622-DFEE-4740-A89F-EFC9D387E9B9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{C0220F3E-14A3-439B-91A9-C1E44A941E56}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}" = Garmin Lifetime Updater
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AviSynth" = AviSynth 2.5
"Bejeweled 31.0" = Bejeweled 3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Updater" = Google Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 2:25:16 AM | Computer Name = scott-PC | Source = VSS | ID = 40
Description =

Error - 2/1/2012 2:25:16 AM | Computer Name = scott-PC | Source = VSS | ID = 12292
Description =

Error - 2/1/2012 4:28:24 AM | Computer Name = scott-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/1/2012 4:35:52 AM | Computer Name = scott-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 6:31:38 AM | Computer Name = scott-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/1/2012 6:31:44 AM | Computer Name = scott-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/1/2012 2:11:15 PM | Computer Name = scott-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 3:04:06 PM | Computer Name = scott-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/1/2012 4:02:56 PM | Computer Name = scott-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 10:24:39 PM | Computer Name = scott-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 1/23/2012 6:57:02 PM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 16:57:02, Mon, Jan 23, 12 Error - Unable to decrypt string

Error - 1/26/2012 4:47:13 PM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 14:47:13, Thu, Jan 26, 12 Error - Unable to gain access to user store

Error - 1/26/2012 5:01:46 PM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 15:01:46, Thu, Jan 26, 12 Error - Unable to switch user context, authentication
information not set correctly

Error - 1/26/2012 8:12:19 PM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 18:12:19, Thu, Jan 26, 12 Error - Unable to switch user context, authentication
information not set correctly

Error - 1/26/2012 8:28:27 PM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 18:28:27, Thu, Jan 26, 12 Error - Unable to gain access to user store

Error - 1/27/2012 12:57:43 AM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 22:57:43, Thu, Jan 26, 12 Error - Unable to gain access to user store

Error - 1/27/2012 12:57:43 AM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 22:57:43, Thu, Jan 26, 12 Error - Unable to decrypt string

Error - 1/30/2012 12:53:49 AM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 22:53:49, Sun, Jan 29, 12 Error - Unable to gain access to user store

Error - 1/30/2012 1:58:44 PM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 11:58:44, Mon, Jan 30, 12 Error - Unable to gain access to user store

Error - 1/30/2012 1:58:44 PM | Computer Name = scott-PC | Source = WLAN-Tray | ID = 0
Description = 11:58:44, Mon, Jan 30, 12 Error - Unable to decrypt string

[ Media Center Events ]
Error - 11/25/2008 2:50:58 AM | Computer Name = scott-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/31/2009 5:06:18 AM | Computer Name = scott-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 1/31/2009 5:17:31 AM | Computer Name = scott-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 1/31/2009 6:42:47 AM | Computer Name = scott-PC | Source = McrMgr | ID = 107
Description =

Error - 1/31/2009 2:11:31 PM | Computer Name = scott-PC | Source = McrMgr | ID = 107
Description =

Error - 4/2/2009 7:33:46 PM | Computer Name = scott-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/4/2009 2:01:05 PM | Computer Name = scott-PC | Source = Mcx2Dvcs | ID = 405
Description =

[ System Events ]
Error - 2/1/2012 4:02:57 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 4:02:58 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 4:02:58 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 10:24:39 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 10:24:40 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 10:24:40 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 10:28:47 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 10:28:49 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 10:29:04 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2012 10:29:05 PM | Computer Name = scott-PC | Source = Service Control Manager | ID = 7000
Description =

[ TuneUp Events ]
Error - 1/26/2012 2:47:33 AM | Computer Name = scott-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 1/26/2012 2:47:33 AM | Computer Name = scott-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 1/26/2012 2:47:33 AM | Computer Name = scott-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

< End of report >

#14 scottalex00

New Member

Group: Members
Posts: 14
Joined: 22-January 12

Posted 01 February 2012 - 11:47 PM

and nothing came up in the ESET scan except this

C:\Users\scott\Downloads\Norton IS 2012 FINAL + NTR2012 BETA [.h10.]\1BOX_NTR2012_v4.02\1BOX_NTR2012.exe Win32/Packed.Autoit.E.Gen application

but i use this to renew my Norton IS. I know cracks will show up as a threat when you scan them but is there any way to see if they are actually safe.
I understand if you cant tell me but you would rock.

#15 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 02 February 2012 - 06:00 PM

The crack is being read as being infected by a trojan/backdoor and that's real. Time to get rid.

As for Bearshare, I couldn't find the entry earlier but I did find a large number of malicious dll files...open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2010/07/23 09:05:56 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ajupomubarax.dll
[2010/07/23 00:06:17 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ifuducenafidaco.dll
[2010/07/22 22:04:05 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\erovupom.dll
[2010/07/22 00:53:03 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\alidahigusudiho.dll
[2010/07/21 22:51:03 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\evevaxitig.dll
[2010/07/21 18:33:46 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ucadotibuxer.dll
[2010/07/21 11:02:13 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ucukigatekudat.dll
[2010/07/20 23:33:54 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\isuvurovilox.dll
[2010/07/20 17:43:37 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ipogilimelumorun.dll
[2010/07/20 15:09:28 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\unesiyov.dll
[2010/07/20 10:18:13 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ugadewiy.dll
[2010/07/20 01:24:32 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ididinigowe.dll
[2010/07/20 00:39:34 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\etogavim.dll
[2010/07/19 23:11:21 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\exovanuzafa.dll
[2010/07/19 21:09:22 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\amidadot.dll
[2010/07/19 19:00:55 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\utoxehotep.dll
[2010/07/19 11:52:36 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\imidohugili.dll
[2010/07/19 09:33:54 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ajugoforeqonofa.dll
[2010/07/18 23:08:07 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ekosifefela.dll
[2010/07/18 21:06:12 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ecukigat.dll
[2010/07/18 17:06:07 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\umahugewuxi.dll
[2010/07/18 15:04:04 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ayiwumezimimi.dll
[2010/07/14 22:15:32 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\elebufebos.dll
[2010/07/14 17:50:36 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\owezageyabeguyo.dll
[2010/07/14 15:48:38 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\obukexug.dll
[2010/07/14 11:08:14 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ikikofeginu.dll
[2010/07/14 02:25:53 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\obufokel.dll
[2010/07/14 00:23:52 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\aqamecusuramujo.dll
[2010/07/13 22:36:11 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\axubadis.dll
[2010/07/13 16:39:44 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\izasajubij.dll
[2010/07/13 12:10:00 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\iqevoyoh.dll
[2010/07/13 04:58:27 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\oqupekamosarev.dll
[2010/07/12 14:31:39 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\igiyijiw.dll
[2010/07/12 13:01:26 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ulajurijafe.dll
[2010/07/12 01:37:18 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ivecigit.dll
[2010/07/11 19:31:41 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ihamiyumihoy.dll
[2010/07/11 15:10:49 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ejuxawodafuvel.dll
[2010/07/10 23:54:01 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ovebehamicunojag.dll
[2010/07/10 22:22:22 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ecaxayot.dll
[2010/07/10 15:16:42 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\ayuxuvijuki.dll
[2010/07/10 13:01:49 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\onadebib.dll
[2010/07/10 00:52:54 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\oderabat.dll
[2010/07/09 14:09:47 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\awegaqab.dll
[2010/07/09 09:42:31 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\usejifigoci.dll
[2010/04/30 16:46:16 | 000,000,120 | ---- | C] () -- C:\Users\scott\AppData\Local\Qqixeciluv.dat
[2010/04/30 16:46:16 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Local\Efuwodoruv.bin
[2010/04/30 16:44:34 | 000,000,020 | ---- | C] () -- C:\Users\scott\AppData\Roaming\wzmjhy.dat
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D431AA5F
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please rerun OTL and post the new log

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)