Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

DDS and hjt logs

Started by db336 , Nov 29 2009 09:45 AM

  • This topic is locked This topic is locked
4 replies to this topic

#1 db336

db336

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:28 AM

Posted 29 November 2009 - 09:45 AM

My computer is running fine. Iwas just wondering if someone would look at my logs to make sure nothing is going on without me realizing it. Thank you for your time.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:14 AM, on 11/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\nfpesys.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\home\Desktop\Dan\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = bleep off y0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Folder Password Expert USB 2.1.0.6] C:\Windows\system32\nfpesys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files (x86)\iMacros\imacros.dll (file missing)
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files (x86)\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files (x86)\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files (x86)\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11938 bytes


DDS


DDS (Ver_09-11-29.01) - NTFSX64
Run by home at 9:39:31.77 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2412 [GMT -5:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Network Edition *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\nfpesys.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~2\AVG\AVG8\avgfws8.exe
C:\Windows\SysWOW64\bgsvcgen.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~2\AVG\AVG8\avgam.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files (x86)\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\home\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = bleep off y0
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files (x86)\imacros\imacros.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [AVG8_TRAY] c:\progra~2\avg\avg8\avgtray.exe
mRun: [ArcSoft Connection Service] "c:\program files (x86)\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Folder Password Expert USB 2.1.0.6] c:\windows\system32\nfpesys.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
dRun: [MySpaceIM] c:\program files (x86)\myspace\im\MySpaceIM.exe
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files (x86)\imacros\imacros.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files (x86)\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg8\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\gtxz1vn3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files (x86)\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\users\home\appdata\roaming\mozilla\firefox\profiles\gtxz1vn3.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files (x86)\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\home\appdata\local\google\update\1.2.121.17\npGoogleOneClick.dll
FF - plugin: c:\users\home\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 AvgRkx64;AvgRkx64;c:\windows\system32\drivers\avgrkx64.sys [2009-1-7 14856]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-18 53488]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2008-10-31 29464]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2008-10-30 427016]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2008-10-30 33416]
R1 AvgTdiA;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdia.sys [2008-10-31 133640]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~2\avg\avg8\avgemc.exe [2009-4-26 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~2\avg\avg8\avgwdsvc.exe [2009-1-7 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~2\avg\avg8\avgfws8.exe [2009-4-26 1370488]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2009-2-8 269648]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files (x86)\twc\medicsp2\bin\sprtsvc.exe [2007-11-30 202280]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-1 22104]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\drivers\VSTDPV6.SYS [2006-11-2 1523712]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\drivers\VSTBS26.SYS [2006-11-2 392704]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-2 89920]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-10-31 1038088]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 27648]
S3 pbfilter;pbfilter;c:\program files (x86)\peerblock\pbfilter.sys [2009-10-2 19544]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-6-17 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-7-9 48640]
S4 SITomcat;SI Tomcat;c:\program files (x86)\gm spo\esi\apache group\tomcat 4.1\bin\tomcat.exe [2003-10-27 65536]
S4 SITransbase;SI Transbase;c:\program files (x86)\gm spo\esi\transbase\tbmux32.exe [2001-11-20 165376]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-26 04:01:10 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-26 04:01:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 21:53:21 1869824 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 21:53:21 1797120 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 21:53:21 1401856 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-25 21:53:20 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-25 21:53:14 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-25 21:53:14 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-19 21:23:19 0 d-----w- c:\program files\iPod
2009-11-19 21:23:18 0 d-----w- c:\program files\iTunes
2009-11-19 21:23:18 0 d-----w- c:\program files (x86)\iTunes
2009-11-17 04:17:32 0 d-----w- c:\program files (x86)\Windows Portable Devices
2009-11-17 04:17:30 0 d-----w- c:\program files\Windows Portable Devices
2009-11-17 04:17:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 04:17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 04:00:20 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-16 20:25:57 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-16 20:25:57 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-11-16 20:25:57 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-11-16 20:25:57 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-16 20:25:57 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-11-16 20:25:57 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-11-11 04:08:24 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2009-11-11 04:08:24 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2009-11-11 00:24:04 441856 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 00:24:04 355328 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-11 00:24:03 2751488 ----a-w- c:\windows\system32\win32k.sys
2009-11-04 02:40:04 5939712 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-04 02:40:02 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2009-11-04 02:40:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-31 20:47:53 0 --sha-w- c:\windows\syswow64\+
2009-10-31 20:47:50 172544 --sha-w- c:\windows\syswow64\nfpesys.exe
2009-10-31 20:47:44 0 d-----w- c:\program files (x86)\Uninstall Folder Password Expert USB
2009-10-31 17:06:26 0 d-----w- c:\program files\Adobe
2009-10-31 17:03:49 0 d-----w- c:\windows\syswow64\spool
2009-10-31 17:00:12 0 d-----w- c:\program files\common files\Macrovision Shared
2009-10-31 17:00:06 0 d-----w- c:\program files (x86)\common files\Macrovision Shared

==================== Find3M ====================

2009-11-17 04:17:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 04:17:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 04:17:29 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 04:17:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-03 01:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 00:13:28 20 ---h--w- c:\programdata\PKP_DLbx.DAT
2009-10-13 21:34:40 57 ----a-w- c:\program files (x86)\hotdog.ini
2009-10-01 12:50:29 53248 ----a-w- c:\windows\syswow64\zlib.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 00:52:02 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 00:51:59 110080 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 00:51:54 573440 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 00:51:50 433152 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 00:51:46 218624 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 00:51:45 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 00:51:45 113152 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 00:51:42 46592 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 00:51:40 295936 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 00:51:40 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 00:51:34 214528 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 00:51:33 75264 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 00:51:32 37376 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:27:43 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-09-25 02:10:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:09:10 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-09-25 02:00:39 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:56:42 643072 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\syswow64\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\syswow64\XpsPrint.dll
2009-09-25 01:40:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:40:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:39:09 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\syswow64\OpcServices.dll
2009-09-25 01:36:16 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\syswow64\XpsGdiConverter.dll
2009-09-25 01:36:08 1548800 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:35:49 328192 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:35:48 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\syswow64\XpsRasterService.dll
2009-09-25 01:34:58 1269248 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:33:48 792576 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\syswow64\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\syswow64\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\syswow64\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\syswow64\dxdiag.exe
2009-09-25 01:32:22 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:53 519680 ----a-w- c:\windows\syswow64\d3d11.dll
2009-09-25 01:31:53 196608 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:51 326656 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:47 625664 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:31:41 287744 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:31:36 981504 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\syswow64\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\syswow64\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\syswow64\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\syswow64\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\syswow64\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\syswow64\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\syswow64\d3d10core.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\syswow64\DWrite.dll
2009-09-25 01:26:38 47616 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:26:26 1548800 ----a-w- c:\windows\system32\DWrite.dll
2009-09-25 01:26:26 1142272 ----a-w- c:\windows\system32\FntCache.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\syswow64\winspool.drv
2009-09-16 23:49:02 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 23:49:02 342016 ----a-w- c:\windows\system32\winspool.drv
2009-09-16 23:49:02 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-10 17:09:22 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:49:49 10626560 ----a-w- c:\windows\syswow64\wmp.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-09-10 15:27:55 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:27:25 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-09-10 02:07:01 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:06:32 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:05:45 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\syswow64\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\syswow64\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\syswow64\UIAnimation.dll
2009-09-04 11:54:24 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\syswow64\msasn1.dll
2008-06-18 02:06:42 174 --sha-w- c:\program files\desktop.ini
2008-06-18 02:06:42 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2005-09-14 00:36:00 172544 --sha-w- c:\windows\syswow64\nfpesys.exe

============= FINISH: 9:39:48.06 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:28 AM

Posted 10 December 2009 - 10:19 PM

Hello db336,

I see no malware, but you have some programs that need updating.


P2P WARNING

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected.

I would recommend that you uninstall µTorrent, however that choice is up to you.

If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

**************


I see on the log the Coupon Printer for Windows is installed on your computer:
This program is known to be bundled with adware/spyware.

For more information please see this:
A Closer Look at Coupons.com

To uninstall Coupon Printer for Windows:

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon.
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":
Coupon Printer for Windows


**************

You are using an outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
    Adobe Reader 6.0.1
    Adobe Reader 8.1.5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.
Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.

You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/

**************

Mozilla Firefox (3.0.4) is out of date.
You should download Mozilla Firefox 3.5.5

**************

Your AVG 8.5 antivirus is out of date.

Please download, install and run AVG 9.0 antivirus
Please note that any previous version of AVG Free will be un-installed automatically during the installation of the new AVG Free.


**************

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Please download Java Version 6 Update 17
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 3
    J2SE Runtime Environment 5.0 Update 6
    Java 6 Update 5
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.
Now you are good to go. :(

Edited by SifuMike, 10 December 2009 - 10:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 db336

db336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:28 AM

Posted 12 December 2009 - 07:11 AM

thanks a lot. i appreciate it!

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:28 AM

Posted 12 December 2009 - 11:49 AM

Your very welcome. It's always nice to hear that someone appreciates the help we are giving. :(
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:28 AM

Posted 17 December 2009 - 03:31 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·