Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Goes to Wrong Websites


  • This topic is locked This topic is locked
65 replies to this topic

#1 rawiswarden

rawiswarden

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 17 December 2009 - 12:02 PM

I got a trojan and have removed almost all the stuff, using various free mal ware programs. but whenever I search on google, I will randomly get links I"m not clicking on. The most common are those Google Scam ads, which talk about making money, and the ad which acts like its downloading a virus to My Computer and then tried to install a virus as an anti virus. Of course, the latter is annoying because I have to end task on Firefox to browse the web again.

Any help is appreciated!

-------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:18 AM, on 12/17/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Russell Warden\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\RUSSEL~1\AppData\Local\Temp\roawsxencm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [lnlcby] RUNDLL32.EXE C:\Windows\TEMP\msrxqrnw.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lnlcby] RUNDLL32.EXE C:\Windows\TEMP\msrxqrnw.dll,w (User 'Default user')
O4 - S-1-5-18 Startup: scandisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: scandisk.lnk = ? (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\Windows\system32\shdocvw.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\system32\curslib.dll
O23 - Service: ALG - Adaptec, Inc. - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: vds - Sony Corporation - (no file)
O23 - Service: VSS - VIA Technologies Inc.,Ltd - (no file)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12899 bytes

Edited by rawiswarden, 17 December 2009 - 11:39 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:03 PM

Posted 29 December 2009 - 04:16 PM

Hello and welcome to Bleeping Computer!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 rawiswarden

rawiswarden
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 30 December 2009 - 02:55 AM

Whenever I go to run that file, it says An unknown error has occured, terminating. Here is an updated Hijack log, if this helps any. I also keep having a svhost in my temp folder request access to the internet. I've denied it, since I read that the file shouldn't be in the temp folder. I also experienced a few days ago that every couple minutes, my firewall would detect a trojan trying to download and stop it. So obviously something is still on my computer :( I ran spydoctor, spybot search and destroy, and various other things that each removed stuff the others missed. But apparently something is still hidden deep down. I've went through to all the files created on the day of infection and checked/deleted them. But obviously I missed something.

Also, a few buttons on my start menu don't work: Control Panel, and Default Programs. But they work fine when a shortcut is created on desktop

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:38 AM, on 12/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\TEMP\joiw.tmp\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [lnlcby] RUNDLL32.EXE C:\Windows\TEMP\msrxqrnw.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lnlcby] RUNDLL32.EXE C:\Windows\TEMP\msrxqrnw.dll,w (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\Windows\system32\shdocvw.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\system32\curslib.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ALG - Adaptec, Inc. - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: vds - Sony Corporation - (no file)
O23 - Service: VSS - VIA Technologies Inc.,Ltd - (no file)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13643 bytes

Edited by rawiswarden, 30 December 2009 - 02:57 AM.


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:03 PM

Posted 30 December 2009 - 12:30 PM

Hello, rawiswarden
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 rawiswarden

rawiswarden
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 31 December 2009 - 12:32 AM

I tried running that scan three times. Each time I got that blue screen of death and it rebooted.

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:03 PM

Posted 31 December 2009 - 06:49 AM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 rawiswarden

rawiswarden
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 31 December 2009 - 11:13 AM

I disabled all the AV stuff and used task manager to end the various programs I was using before the log. Whenever I click the renamed file, a Combofix/status bar appears and loads. But when it gets to the end, nothing happens. I've read the help instructions and your instructions twice and I'm not sure what I could be doing wrong. Seems fairly straight forward.

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:03 PM

Posted 31 December 2009 - 12:17 PM

Hi,

McAfee is known to be a problem. Please uninstall it, reboot and run Combofix. We will reinstall it later.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 rawiswarden

rawiswarden
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 January 2010 - 06:23 PM

I uninstalled my virus scanners. Exited out of all the malware scanners. Disables Windows defender and the firewall. Save the file as schrauber.exe on my desktop. And it still only loads the bar and then does nothing. This is frustrating, I apologize.

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:03 PM

Posted 02 January 2010 - 05:29 AM

Hi,

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 rawiswarden

rawiswarden
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 02 January 2010 - 12:55 PM

OTL logfile created on: 1/2/2010 11:39:21 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Russell Warden\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227.85 Gb Total Space | 108.89 Gb Free Space | 47.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.80 Gb Total Space | 0.84 Gb Free Space | 46.75% Space Free | Partition Type: FAT32

Computer Name: RUSSELLWARDEN
Current User Name: Russell Warden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/02 11:38:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Warden\Desktop\OTL.exe
PRC - [2010/01/01 22:19:16 | 22,120,88626 | ---- | M] (Igor Pavlov) -- C:\Users\Russell Warden\Downloads\garmin_rmu_cnnant2010_30(2).exe
PRC - [2009/12/24 19:53:32 | 00,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/12/17 07:57:38 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/14 12:07:23 | 09,659,240 | ---- | M] (GARMIN Ltd.) -- C:\Users\Russell Warden\AppData\Local\Temp\7zS4252.tmp\Windows\Setup.exe
PRC - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/10/28 20:21:22 | 10,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:34 | 00,022,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2009/10/11 04:17:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/29 04:09:20 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/01/20 20:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 20:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/10/31 15:13:44 | 00,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/19 06:20:31 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/09/19 06:20:05 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/09/06 06:24:10 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/08/28 18:27:12 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 18:27:10 | 00,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 22:05:18 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 22:05:18 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 10:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe


========== Modules (SafeList) ==========

MOD - [2010/01/02 11:38:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Warden\Desktop\OTL.exe
MOD - [2009/11/14 11:51:20 | 00,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wmiApSrv)
SRV - File not found [Unknown | Stopped] -- -- (UI0Detect)
SRV - File not found [Unknown | Stopped] -- -- (TrustedInstaller)
SRV - File not found [On_Demand | Stopped] -- -- (SNMPTRAP)
SRV - File not found [On_Demand | Stopped] -- -- (RpcLocator)
SRV - File not found [On_Demand | Stopped] -- -- (ehSched)
SRV - File not found [On_Demand | Stopped] -- -- (ehRecvr)
SRV - File not found [On_Demand | Stopped] -- -- (ALG)
SRV - [2009/12/24 19:53:32 | 00,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/24 19:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/29 04:09:20 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/20 20:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 23:11:44 | 00,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 12:36:38 | 02,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 20:52:32 | 00,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/06 06:24:10 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/08/28 18:27:12 | 00,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 18:27:10 | 00,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 22:05:18 | 00,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 01:51:32 | 00,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 01:51:30 | 01,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 01:51:30 | 01,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 01:51:30 | 00,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 01:51:30 | 00,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 10:53:04 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 10:52:48 | 00,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/01/10 17:51:06 | 00,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 04:21:20 | 00,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 04:02:08 | 00,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 03:46:16 | 00,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 00:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {8CE11043-9A15-4207-A565-0C94C42D590D}:1.0
FF - prefs.js..extensions.enabledItems: {EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}:0.35

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 08:04:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 07:57:48 | 00,000,000 | ---D | M]

[2009/08/30 13:46:53 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Extensions
[2010/01/01 11:47:25 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions
[2009/12/30 23:04:56 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/09/01 17:51:46 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/28 10:44:21 | 00,000,000 | ---D | M] (recipefox) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}
[2009/11/26 20:23:16 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain
[2010/01/01 11:47:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/15 14:31:23 | 00,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: (366488 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12613 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/11/29 09:03:22 | 00,000,077 | ---- | M] () - I:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{107c6490-b456-11de-8dce-001e3d8bce14}\Shell - "" = AutoRun
O33 - MountPoints2\{107c6490-b456-11de-8dce-001e3d8bce14}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\Shell - "" = AutoRun
O33 - MountPoints2\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 20:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/02 11:38:45 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Warden\Desktop\OTL.exe
[2010/01/02 10:53:32 | 00,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2010/01/02 10:53:32 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/01/02 10:53:11 | 00,000,000 | ---D | C] -- C:\Garmin
[2010/01/01 20:24:36 | 22,120,88626 | ---- | C] (Igor Pavlov) -- C:\Users\Russell Warden\Documents\garmin_rmu_cnnant2010_30.exe
[2010/01/01 15:46:01 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/30 23:11:07 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\Download Manager
[2009/12/30 23:05:13 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\GARMIN
[2009/12/30 14:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft PData
[2009/12/28 11:15:09 | 00,000,000 | ---D | C] -- C:\SonySupport
[2009/12/25 08:28:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/25 08:28:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/24 19:53:31 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\Spyware Terminator
[2009/12/24 19:53:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2009/12/24 19:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/12/24 15:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/24 15:54:39 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/24 15:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/24 15:12:16 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2009/12/24 15:12:16 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2009/12/24 15:12:16 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2009/12/24 15:10:23 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/12/24 15:10:22 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009/12/24 15:10:11 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/12/24 15:10:11 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/12/24 15:09:51 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/12/24 15:09:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/24 15:09:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/24 15:09:41 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\PC Tools
[2009/12/24 15:09:41 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/12/24 10:31:28 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\AVG8
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/02 11:43:36 | 06,553,600 | -HS- | M] () -- C:\Users\Russell Warden\ntuser.dat
[2010/01/02 11:38:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Warden\Desktop\OTL.exe
[2010/01/02 11:19:24 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/02 11:11:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 11:11:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 11:03:03 | 00,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203817234-2473519870-951006852-1000UA.job
[2010/01/01 21:29:55 | 22,120,88626 | ---- | M] (Igor Pavlov) -- C:\Users\Russell Warden\Documents\garmin_rmu_cnnant2010_30.exe
[2010/01/01 21:03:06 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203817234-2473519870-951006852-1000Core.job
[2010/01/01 15:45:56 | 03,879,975 | ---- | M] () -- C:\Users\Russell Warden\Desktop\schrauber.exe
[2010/01/01 15:17:59 | 00,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/01 15:17:59 | 00,607,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/01 15:17:59 | 00,106,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/01 15:11:08 | 00,000,332 | -HS- | M] () -- C:\Windows\tasks\Sixlzttq.job
[2010/01/01 15:11:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 15:09:23 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/01 15:09:05 | 00,524,288 | -HS- | M] () -- C:\Users\Russell Warden\ntuser.dat{eb1ece63-95a0-11de-86f6-001e3d8bce14}.TMContainer00000000000000000001.regtrans-ms
[2010/01/01 15:09:05 | 00,065,536 | -HS- | M] () -- C:\Users\Russell Warden\ntuser.dat{eb1ece63-95a0-11de-86f6-001e3d8bce14}.TM.blf
[2010/01/01 15:08:39 | 03,076,967 | -H-- | M] () -- C:\Users\Russell Warden\AppData\Local\IconCache.db
[2010/01/01 15:01:18 | 00,001,493 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2009/12/30 23:37:21 | 25,463,8374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/30 14:18:04 | 00,000,117 | ---- | M] () -- C:\Windows\System32\$$tmp.bat
[2009/12/28 11:15:18 | 00,001,629 | ---- | M] () -- C:\Users\Russell Warden\Desktop\Sony Download Taxi.lnk
[2009/12/27 11:29:21 | 01,179,648 | ---- | M] () -- C:\Users\Russell Warden\Documents\Shawns_Humor_Lecture.ppt
[2009/12/24 19:53:45 | 00,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2009/12/24 19:53:32 | 00,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/12/24 15:54:41 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/24 15:46:13 | 00,000,036 | ---- | M] () -- C:\Users\Russell Warden\AppData\Local\housecall.guid.cache
[2009/12/23 13:39:22 | 00,010,240 | ---- | M] () -- C:\Users\Russell Warden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 11:13:10 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/01 15:45:49 | 03,879,975 | ---- | C] () -- C:\Users\Russell Warden\Desktop\schrauber.exe
[2010/01/01 15:01:18 | 00,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2009/12/30 14:18:04 | 00,000,117 | ---- | C] () -- C:\Windows\System32\$$tmp.bat
[2009/12/28 11:15:18 | 00,001,629 | ---- | C] () -- C:\Users\Russell Warden\Desktop\Sony Download Taxi.lnk
[2009/12/27 11:28:30 | 01,179,648 | ---- | C] () -- C:\Users\Russell Warden\Documents\Shawns_Humor_Lecture.ppt
[2009/12/24 19:53:45 | 00,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2009/12/24 19:53:32 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/12/24 15:54:41 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/24 15:46:13 | 00,000,036 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\housecall.guid.cache
[2009/12/24 15:12:17 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/12/24 15:12:16 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2009/12/24 15:12:16 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2009/12/24 15:12:16 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2009/12/24 15:12:16 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2009/12/24 15:10:23 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009/12/24 15:10:11 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009/12/24 15:10:11 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009/12/24 15:09:51 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/12/22 11:13:10 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/15 14:45:00 | 00,000,680 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\d3d9caps.dat
[2009/12/15 14:32:04 | 00,132,096 | RHS- | C] () -- C:\Windows\System32\odbcconf7.dll
[2009/11/16 16:08:50 | 00,000,032 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\xobni_installer_updater.log
[2009/10/20 08:03:47 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/10/01 18:15:13 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/11 17:03:05 | 00,010,240 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 04:11:49 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/30 16:20:05 | 00,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/02/16 17:14:36 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/02/16 16:02:48 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/16 16:02:48 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/16 16:02:48 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2008/02/16 16:01:16 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/30 12:44:52 | 00,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/02 11:19:57 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\.purple
[2009/11/10 09:27:57 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\AT&T
[2010/01/01 11:29:31 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Azureus
[2010/01/02 10:29:17 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\GARMIN
[2009/11/29 18:11:13 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\GrabPro
[2009/12/27 11:28:32 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\gtk-2.0
[2009/12/10 06:07:36 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Orbit
[2009/12/24 19:54:43 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Spyware Terminator
[2009/12/15 14:31:25 | 00,000,000 | -HSD | M] -- C:\Users\Russell Warden\AppData\Roaming\SystemProc
[2009/12/15 22:34:51 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Uniblue
[2010/01/01 15:09:18 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/01 15:11:08 | 00,000,332 | -HS- | M] () -- C:\Windows\Tasks\Sixlzttq.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


OTL Extras logfile created on: 1/2/2010 11:39:22 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Russell Warden\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227.85 Gb Total Space | 108.89 Gb Free Space | 47.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.80 Gb Total Space | 0.84 Gb Free Space | 46.75% Space Free | Partition Type: FAT32

Computer Name: RUSSELLWARDEN
Current User Name: Russell Warden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* File not found
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A9A03AE-E5CB-4DF5-9405-E86DC4325BE5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{75344F0D-1A8C-42D5-8240-CB4615ADF292}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CB2B288-81D5-4B90-ACB2-05921ED102DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8CBA6E8C-9080-4321-946C-91F57CC38916}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CEF5637-D986-49EB-AC7D-808C7540EAE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D7955FB-DEF5-4E69-8E9A-468BAB312CB7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A76428EC-C4D7-4AA7-80DB-DD8A13E12759}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6CEE7C-62A4-478E-BC06-888861B2D9D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C50BDB97-E760-4F8D-80B2-D7FE1B20DA34}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5FD2C93-736B-4675-BA7B-6E3F4BA796F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0281C503-1277-4452-8921-7988EEA44FB1}" = protocol=6 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{07D917DC-5DE1-4152-909A-541B6933A464}" = protocol=17 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{09D95805-E929-4BC7-A4A3-A1DA2F27E798}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1077200D-3232-41F7-B820-4CE10C167D84}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{124263BF-A0B6-4D2E-BF57-4D6A1C53D440}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{137E0271-7C34-411F-83A6-41CCDD0EE484}" = protocol=6 | dir=out | app=system |
"{1B358138-8144-4FDD-91F5-9586CE7BB9B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DE3941C-D65B-40CB-8497-3A1729A0E5FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{202B70E4-8343-4C27-8CE7-6E11DA15DB39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36689E16-7235-44DD-B8F9-65DFE1DAB7C6}" = protocol=17 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6A81D3BA-4F20-4CC2-A1A7-C347E2C9A426}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76026796-674D-4F04-99CC-812675418B63}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FFA32BF-ED2B-4018-B7D5-D33155786288}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8867A319-1219-4FBC-9281-B0B84127C785}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{90314F3B-25E3-44B2-9013-BD58EE60BECE}" = protocol=6 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{96360E5C-958E-4FEC-B723-D3CD8BF59275}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97322565-546F-4807-9414-D677687D4198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97EAE3A6-7EF7-4B01-983A-A5F5453AD853}" = protocol=17 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9F2E0107-5D35-4DE0-8FF6-4B3CE138B297}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB531B2E-8FFF-43AD-8808-1C18D6F30A2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF497541-703D-4E9F-B885-0EC13304DE17}" = protocol=6 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C0E8CF57-5FF8-418B-BAC7-3C7555BFFA15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2E6A2C6-11C3-4FD1-A081-5670856AD5A5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E2387578-5B7B-40B0-9848-55016C8E4CC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E3134D98-31D1-439B-8E35-C3EDE83234DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E68C09D3-1244-4213-B1D7-1B9F0C7F63DC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EBE1777C-131E-4F59-A5A6-90FC19B5C1F3}" = protocol=17 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F83A0B90-7378-4A65-AAF9-0D3F09F28053}" = protocol=6 | dir=in | app=c:\users\russell warden\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{471C1907-4489-4DC7-A591-467C121FE7F8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{9954D1DA-59CF-4145-A041-5BA94F10C1B2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{C2AAF7BF-5B3B-478E-96C0-9769BB641338}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{2E79F11D-BFF6-4328-8D0F-DB47A2B44B72}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{3F9B770C-6B9D-4831-B797-C8679A5EC6EE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F64DED80-C48D-4564-BB96-AE1AB1F843CB}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D7DF917E-C963-42B4-AD48-837ACA6D8859}" = AT&T Internet Security Suite
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{e353844d-2650-4682-a3cb-27706fd38a30}" = Nero 9
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alarm_is1" = Alarm 2.0.4
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Orbit_is1" = Orbit Downloader
"Pidgin" = Pidgin
"PROPLUS" = Microsoft Office Professional Plus 2007
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"Spyware Doctor" = Spyware Doctor 7.0
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Service Utility" = VAIO Service Utility

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:03 PM

Posted 03 January 2010 - 07:08 AM

Hi,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - [2010/01/01 22:19:16 | 22,120,88626 | ---- | M] (Igor Pavlov) -- C:\Users\Russell Warden\Downloads\garmin_rmu_cnnant2010_30(2).exe
    PRC - [2009/11/14 12:07:23 | 09,659,240 | ---- | M] (GARMIN Ltd.) -- C:\Users\Russell Warden\AppData\Local\Temp\7zS4252.tmp\Windows\Setup.exe
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
    FF - prefs.js..extensions.enabledItems: {8CE11043-9A15-4207-A565-0C94C42D590D}:1.0
    FF - prefs.js..extensions.enabledItems: {EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}:0.35
    [2009/12/30 23:04:56 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2009/09/01 17:51:46 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2009/11/28 10:44:21 | 00,000,000 | ---D | M] (recipefox) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}
    [2009/11/26 20:23:16 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain
    [2010/01/01 11:47:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/12/15 14:31:23 | 00,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
    O32 - AutoRun File - [2005/11/29 09:03:22 | 00,000,077 | ---- | M] () - I:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{107c6490-b456-11de-8dce-001e3d8bce14}\Shell - "" = AutoRun
    O33 - MountPoints2\{107c6490-b456-11de-8dce-001e3d8bce14}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\Shell - "" = AutoRun
    O33 - MountPoints2\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    [2010/01/01 15:11:08 | 00,000,332 | -HS- | M] () -- C:\Windows\tasks\Sixlzttq.job
    [2009/12/15 14:32:04 | 00,132,096 | RHS- | C] () -- C:\Windows\System32\odbcconf7.dll
    @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 rawiswarden

rawiswarden
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 03 January 2010 - 11:35 AM

========== OTL ==========
No active process named garmin_rmu_cnnant2010_30(2).exe was found!
No active process named Setup.exe was found!
Prefs.js: "http://www.google.com/ig" removed from browser.startup.homepage
Prefs.js: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 removed from extensions.enabledItems
Prefs.js: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0 removed from extensions.enabledItems
Prefs.js: {8CE11043-9A15-4207-A565-0C94C42D590D}:1.0 removed from extensions.enabledItems
Prefs.js: {EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}:0.35 removed from extensions.enabledItems
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGpsControl.plugin\Contents\Resources\English.lproj folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGpsControl.plugin\Contents\Resources folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGpsControl.plugin\Contents\MacOS folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGpsControl.plugin\Contents folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGpsControl.plugin folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\zh-TW folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\zh-CN folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\vi-VN folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\uk-UA folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\tr-TR folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\sv-SE folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\sr-RS folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\sk-SK folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\ru-RU folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\ro-RO folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\pt-PT folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\pt-BR folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\pl-PL folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\nl-NL folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\mn-MN folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\ko-KR folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\kk-KZ folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\ja-JP folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\it-IT folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\hu-HU folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\he-IL folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\gl-ES folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\ga-IE folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\fr-FR folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\fi-FI folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\et-EE folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\es-ES folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\es-AR folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\en-GB folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\el-GR folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\de-DE folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\da-DK folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\cs-CZ folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\ca-AD folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6\ar folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations\0.9.6 folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\translations folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\defaults\preferences folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\defaults folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\components folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome\skin\classic folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome\skin folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome\locale\en-US folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome\locale folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome\content\colorPicker folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome\content folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\defaults\preferences folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\defaults folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\chrome\recipefox\skin\globale folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\chrome\recipefox\skin folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\chrome\recipefox\locale\en-US folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\chrome\recipefox\locale folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\chrome\recipefox\content folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\chrome\recipefox folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593}\chrome folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{EA6F5510-6F4D-11DC-B4DA-1B6D56D89593} folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\skin folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\locale\en-US folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\locale folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\defaults\preferences folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\defaults folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\components folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\chrome\content folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain\chrome folder moved successfully.
C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\historyblock@kain folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\ not found.
File I:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{107c6490-b456-11de-8dce-001e3d8bce14}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107c6490-b456-11de-8dce-001e3d8bce14}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{107c6490-b456-11de-8dce-001e3d8bce14}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107c6490-b456-11de-8dce-001e3d8bce14}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b94ad7c-9ecd-11de-9c59-001e3d8bce14}\ not found.
File H:\LaunchU3.exe not found.
C:\Windows\Tasks\Sixlzttq.job moved successfully.
C:\Windows\System32\odbcconf7.dll moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.

OTL by OldTimer - Version 3.1.20.1 log created on 01032010_103444

#14 rawiswarden

rawiswarden
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 03 January 2010 - 11:42 AM

OTL logfile created on: 1/3/2010 10:37:01 AM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Russell Warden\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227.85 Gb Total Space | 109.89 Gb Free Space | 48.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RUSSELLWARDEN
Current User Name: Russell Warden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\Temp\login.exe ()
PRC - C:\Windows\Temp\win16.exe ()
PRC - C:\Windows\Temp\cmd.exe ()
PRC - C:\Windows\Temp\drweb.exe ()
PRC - C:\Windows\Temp\mdm.exe ()
PRC - C:\Windows\Temp\jeriv0vce4.exe ()
PRC - c:\iwmtfsk.exe ()
PRC - C:\Windows\System32\winupdate86.exe (oVjlvHNMYbMghh)
PRC - C:\Windows\Temp\csfs.tmp\svchost.exe ()
PRC - C:\Users\Russell Warden\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Russell Warden\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\IObit\IObit Security 360\is360mon.dll (IObit)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BTNCopy.dll (Broadcom Corporation.)


========== Win32 Services (SafeList) ==========

SRV - (wmiApSrv) -- File not found
SRV - (UI0Detect) -- File not found
SRV - (TrustedInstaller) -- File not found
SRV - (SNMPTRAP) -- File not found
SRV - (RpcLocator) -- File not found
SRV - (ehSched) -- File not found
SRV - (ehRecvr) -- File not found
SRV - (ALG) -- File not found
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\System32\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\System32\wbem\vss.mof ()
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RPPKT) Radialpoint Filter (x86) -- C:\Windows\System32\drivers\rp_pkt32.sys (Radialpoint, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\drivers\rp_skt32.sys (Radialpoint, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:02:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 08:04:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 07:57:48 | 00,000,000 | ---D | M]

[2009/08/30 13:46:53 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Extensions
[2009/08/30 13:46:53 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/03 10:35:13 | 00,000,000 | ---D | M] -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions
[2009/09/02 19:40:23 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Russell Warden\AppData\Roaming\Mozilla\Firefox\Profiles\x4udo0zd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/03 10:35:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/17 07:57:36 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/17 07:57:37 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 15:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 12:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/12/17 07:57:44 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/09/17 19:28:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/17 19:28:38 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/17 19:28:38 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/17 19:28:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/17 19:28:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/17 19:28:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/17 19:28:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 15:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/30 01:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (366488 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12613 more lines...
O2 - BHO: (C:\Windows\system32\hywfont.dll) - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\System32\hywfont.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [winupdate86.exe] C:\Windows\System32\winupdate86.exe (oVjlvHNMYbMghh)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\Windows\System32\shdocvw.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\winlogon86.exe) - C:\Windows\System32\winlogon86.exe (oVjlvHNMYbMghh)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {A5BF49A2-94F1-42BD-F434-3604812C807D} - ujhsf879fiosdfhgs98fudifmnddfdfd - C:\Windows\System32\hywfont.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Windows\system32\mshlps.dll) - C:\Windows\System32\mshlps.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/03 10:34:44 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/03 06:04:50 | 01,114,112 | ---- | C] (JgmPTVWrsJze) -- C:\Windows\System32\AVR10.exe
[2010/01/03 06:04:43 | 00,025,088 | ---- | C] (oVjlvHNMYbMghh) -- C:\Windows\System32\winupdate86.exe
[2010/01/03 06:04:43 | 00,025,088 | ---- | C] (oVjlvHNMYbMghh) -- C:\Windows\System32\winlogon86.exe
[2010/01/03 06:04:40 | 00,025,088 | ---- | C] (oVjlvHNMYbMghh) -- C:\coptnc.exe
[2010/01/02 12:07:16 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\Desktop\School
[2010/01/02 11:38:45 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Warden\Desktop\OTL.exe
[2010/01/02 10:53:32 | 00,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2010/01/02 10:53:32 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/01/02 10:53:11 | 00,000,000 | ---D | C] -- C:\Garmin
[2010/01/01 20:24:36 | 22,120,88626 | ---- | C] (Igor Pavlov) -- C:\Users\Russell Warden\Documents\garmin_rmu_cnnant2010_30.exe
[2010/01/01 15:46:01 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/30 23:11:07 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\Download Manager
[2009/12/30 23:05:13 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\GARMIN
[2009/12/30 14:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft PData
[2009/12/28 11:15:09 | 00,000,000 | ---D | C] -- C:\SonySupport
[2009/12/25 08:28:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/25 08:28:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/24 19:53:31 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\Spyware Terminator
[2009/12/24 19:53:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2009/12/24 19:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/12/24 15:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/24 15:54:39 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/24 15:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/24 15:12:16 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2009/12/24 15:12:16 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2009/12/24 15:12:16 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2009/12/24 15:10:23 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/12/24 15:10:22 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009/12/24 15:10:11 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/12/24 15:10:11 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/12/24 15:09:51 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/12/24 15:09:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/24 15:09:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/24 15:09:41 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\PC Tools
[2009/12/24 15:09:41 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/12/24 10:31:28 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\AVG8
[2009/12/22 15:18:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/22 15:18:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/22 15:18:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/17 17:15:12 | 00,000,000 | ---D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/17 10:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/17 10:51:32 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/12/17 10:51:27 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/12/16 15:44:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/16 15:44:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/15 22:34:51 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\Uniblue
[2009/12/15 19:08:17 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\Malwarebytes
[2009/12/15 19:08:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/15 19:08:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 17:35:06 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/12/15 16:55:49 | 00,000,000 | ---D | C] -- C:\Users\Russell Warden\AppData\Roaming\McAfee
[2009/12/15 15:40:39 | 00,055,296 | ---- | C] (Radialpoint, Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2009/12/15 15:40:32 | 00,048,384 | ---- | C] (Radialpoint, Inc.) -- C:\Windows\System32\drivers\rp_pkt32.sys
[2009/12/15 15:40:16 | 00,000,000 | ---D | C] -- C:\Program Files\AT&T
[2009/12/15 14:31:24 | 00,000,000 | -HSD | C] -- C:\Users\Russell Warden\AppData\Roaming\SystemProc
[2009/12/09 14:43:38 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/09 14:43:34 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/09 12:00:51 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 12:00:50 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/12/09 12:00:48 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/12/09 11:59:25 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/03 10:40:01 | 00,767,488 | ---- | M] () -- C:\Windows\System32\drivers\qzlmxv.sys
[2010/01/03 10:35:25 | 06,553,600 | -HS- | M] () -- C:\Users\Russell Warden\ntuser.dat
[2010/01/03 10:03:00 | 00,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203817234-2473519870-951006852-1000UA.job
[2010/01/03 09:29:24 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/03 09:29:24 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/03 06:04:59 | 01,114,112 | ---- | M] (JgmPTVWrsJze) -- C:\Windows\System32\AVR10.exe
[2010/01/03 06:04:50 | 00,016,896 | ---- | M] () -- C:\Windows\System32\winhelper86.dll
[2010/01/03 06:04:48 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2010/01/03 06:04:46 | 00,002,854 | ---- | M] () -- C:\Windows\System32\critical_warning.html
[2010/01/03 06:04:44 | 00,015,000 | ---- | M] () -- C:\Windows\System32\hywfont.dll
[2010/01/03 06:04:43 | 00,027,136 | ---- | M] () -- C:\opxfox.exe
[2010/01/03 06:04:43 | 00,016,384 | ---- | M] () -- C:\iwmtfsk.exe
[2010/01/03 06:04:40 | 00,025,088 | ---- | M] (oVjlvHNMYbMghh) -- C:\Windows\System32\winupdate86.exe
[2010/01/03 06:04:40 | 00,025,088 | ---- | M] (oVjlvHNMYbMghh) -- C:\Windows\System32\winlogon86.exe
[2010/01/03 06:04:40 | 00,025,088 | ---- | M] (oVjlvHNMYbMghh) -- C:\coptnc.exe
[2010/01/02 21:03:00 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203817234-2473519870-951006852-1000Core.job
[2010/01/02 19:59:24 | 00,012,133 | ---- | M] () -- C:\Users\Russell Warden\Desktop\Riddle.docx
[2010/01/02 12:09:37 | 00,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/02 12:09:37 | 00,607,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/02 12:09:37 | 00,106,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/02 11:38:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Warden\Desktop\OTL.exe
[2010/01/02 11:19:24 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/01 21:29:55 | 22,120,88626 | ---- | M] (Igor Pavlov) -- C:\Users\Russell Warden\Documents\garmin_rmu_cnnant2010_30.exe
[2010/01/01 15:45:56 | 03,879,975 | ---- | M] () -- C:\Users\Russell Warden\Desktop\schrauber.exe
[2010/01/01 15:11:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 15:09:23 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/01 15:09:05 | 00,524,288 | -HS- | M] () -- C:\Users\Russell Warden\ntuser.dat{eb1ece63-95a0-11de-86f6-001e3d8bce14}.TMContainer00000000000000000001.regtrans-ms
[2010/01/01 15:09:05 | 00,065,536 | -HS- | M] () -- C:\Users\Russell Warden\ntuser.dat{eb1ece63-95a0-11de-86f6-001e3d8bce14}.TM.blf
[2010/01/01 15:08:39 | 03,076,967 | -H-- | M] () -- C:\Users\Russell Warden\AppData\Local\IconCache.db
[2010/01/01 15:01:18 | 00,001,493 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2009/12/30 23:37:21 | 25,463,8374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/30 14:18:04 | 00,000,117 | ---- | M] () -- C:\Windows\System32\$$tmp.bat
[2009/12/28 11:15:18 | 00,001,629 | ---- | M] () -- C:\Users\Russell Warden\Desktop\Sony Download Taxi.lnk
[2009/12/27 11:29:21 | 01,179,648 | ---- | M] () -- C:\Users\Russell Warden\Documents\Shawns_Humor_Lecture.ppt
[2009/12/24 19:53:45 | 00,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2009/12/24 19:53:32 | 00,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/12/24 15:54:41 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/24 15:46:13 | 00,000,036 | ---- | M] () -- C:\Users\Russell Warden\AppData\Local\housecall.guid.cache
[2009/12/23 13:39:22 | 00,010,240 | ---- | M] () -- C:\Users\Russell Warden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 11:13:10 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/17 10:53:07 | 00,001,874 | ---- | M] () -- C:\Users\Russell Warden\Desktop\HijackThis.lnk
[2009/12/17 08:14:00 | 00,366,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/16 22:24:54 | 00,000,280 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/12/16 22:24:47 | 00,000,284 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/12/16 18:12:56 | 00,366,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091217-081359.backup
[2009/12/16 08:19:24 | 00,377,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/15 22:38:57 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/15 22:38:57 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/15 16:07:33 | 00,000,680 | ---- | M] () -- C:\Users\Russell Warden\AppData\Local\d3d9caps.dat
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/03 06:04:57 | 00,767,488 | ---- | C] () -- C:\Windows\System32\drivers\qzlmxv.sys
[2010/01/03 06:04:50 | 00,016,896 | ---- | C] () -- C:\Windows\System32\winhelper86.dll
[2010/01/03 06:04:48 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2010/01/03 06:04:46 | 00,002,854 | ---- | C] () -- C:\Windows\System32\critical_warning.html
[2010/01/03 06:04:44 | 00,015,000 | ---- | C] () -- C:\Windows\System32\hywfont.dll
[2010/01/03 06:04:43 | 00,027,136 | ---- | C] () -- C:\opxfox.exe
[2010/01/03 06:04:43 | 00,016,384 | ---- | C] () -- C:\iwmtfsk.exe
[2010/01/02 19:55:00 | 00,012,133 | ---- | C] () -- C:\Users\Russell Warden\Desktop\Riddle.docx
[2010/01/01 15:45:49 | 03,879,975 | ---- | C] () -- C:\Users\Russell Warden\Desktop\schrauber.exe
[2010/01/01 15:01:18 | 00,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2009/12/30 14:18:04 | 00,000,117 | ---- | C] () -- C:\Windows\System32\$$tmp.bat
[2009/12/28 11:15:18 | 00,001,629 | ---- | C] () -- C:\Users\Russell Warden\Desktop\Sony Download Taxi.lnk
[2009/12/27 11:28:30 | 01,179,648 | ---- | C] () -- C:\Users\Russell Warden\Documents\Shawns_Humor_Lecture.ppt
[2009/12/24 19:53:45 | 00,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2009/12/24 19:53:32 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/12/24 15:54:41 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/24 15:46:13 | 00,000,036 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\housecall.guid.cache
[2009/12/24 15:12:17 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/12/24 15:12:16 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2009/12/24 15:12:16 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2009/12/24 15:12:16 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2009/12/24 15:12:16 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2009/12/24 15:10:23 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009/12/24 15:10:11 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009/12/24 15:10:11 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009/12/24 15:09:51 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/12/22 11:13:10 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/17 10:53:07 | 00,001,874 | ---- | C] () -- C:\Users\Russell Warden\Desktop\HijackThis.lnk
[2009/12/16 22:24:47 | 00,000,284 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/12/16 22:24:23 | 00,000,280 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/12/15 22:38:57 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/12/15 22:38:57 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/12/15 19:43:22 | 25,463,8374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/15 14:45:00 | 00,000,680 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\d3d9caps.dat
[2009/11/16 16:08:50 | 00,000,032 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\xobni_installer_updater.log
[2009/10/20 08:03:47 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/10/01 18:15:13 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/11 17:03:05 | 00,010,240 | ---- | C] () -- C:\Users\Russell Warden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 04:11:49 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/30 16:20:05 | 00,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/02/16 17:14:36 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/02/16 16:02:48 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/16 16:02:48 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/16 16:02:48 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2008/02/16 16:01:16 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/30 12:44:52 | 00,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:03 PM

Posted 03 January 2010 - 12:09 PM

Hi,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - C:\Windows\Temp\login.exe ()
    PRC - C:\Windows\Temp\win16.exe ()
    PRC - C:\Windows\Temp\cmd.exe ()
    PRC - C:\Windows\Temp\drweb.exe ()
    PRC - C:\Windows\Temp\mdm.exe ()
    PRC - C:\Windows\Temp\jeriv0vce4.exe ()
    PRC - c:\iwmtfsk.exe ()
    PRC - C:\Windows\System32\winupdate86.exe (oVjlvHNMYbMghh)
    PRC - C:\Windows\Temp\csfs.tmp\svchost.exe ()
    SRV - (wmiApSrv) -- File not found
    SRV - (UI0Detect) -- File not found
    SRV - (TrustedInstaller) -- File not found
    SRV - (SNMPTRAP) -- File not found
    SRV - (RpcLocator) -- File not found
    SRV - (ehSched) -- File not found
    SRV - (ehRecvr) -- File not found
    SRV - (ALG) -- File not found
    O2 - BHO: (C:\Windows\system32\hywfont.dll) - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\System32\hywfont.dll ()
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [winupdate86.exe] C:\Windows\System32\winupdate86.exe (oVjlvHNMYbMghh)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\winlogon86.exe) - C:\Windows\System32\winlogon86.exe (oVjlvHNMYbMghh)
    O22 - SharedTaskScheduler: {A5BF49A2-94F1-42BD-F434-3604812C807D} - ujhsf879fiosdfhgs98fudifmnddfdfd - C:\Windows\System32\hywfont.dll ()
    [2010/01/03 06:04:50 | 01,114,112 | ---- | C] (JgmPTVWrsJze) -- C:\Windows\System32\AVR10.exe
    [2010/01/03 06:04:43 | 00,025,088 | ---- | C] (oVjlvHNMYbMghh) -- C:\Windows\System32\winupdate86.exe
    [2010/01/03 06:04:43 | 00,025,088 | ---- | C] (oVjlvHNMYbMghh) -- C:\Windows\System32\winlogon86.exe
    [2010/01/03 06:04:40 | 00,025,088 | ---- | C] (oVjlvHNMYbMghh) -- C:\coptnc.exe
    [2010/01/03 06:04:59 | 01,114,112 | ---- | M] (JgmPTVWrsJze) -- C:\Windows\System32\AVR10.exe
    [2010/01/03 06:04:50 | 00,016,896 | ---- | M] () -- C:\Windows\System32\winhelper86.dll
    [2010/01/03 06:04:48 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
    [2010/01/03 06:04:46 | 00,002,854 | ---- | M] () -- C:\Windows\System32\critical_warning.html
    [2010/01/03 06:04:44 | 00,015,000 | ---- | M] () -- C:\Windows\System32\hywfont.dll
    [2010/01/03 06:04:43 | 00,027,136 | ---- | M] () -- C:\opxfox.exe
    [2010/01/03 06:04:43 | 00,016,384 | ---- | M] () -- C:\iwmtfsk.exe
    [2010/01/03 06:04:40 | 00,025,088 | ---- | M] (oVjlvHNMYbMghh) -- C:\Windows\System32\winupdate86.exe
    [2010/01/03 06:04:40 | 00,025,088 | ---- | M] (oVjlvHNMYbMghh) -- C:\Windows\System32\winlogon86.exe
    [2010/01/03 06:04:40 | 00,025,088 | ---- | M] (oVjlvHNMYbMghh) -- C:\coptnc.exe
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users