Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking links, usually on google, redirects to spam


  • This topic is locked This topic is locked
19 replies to this topic

#1 Garylisk

Garylisk

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 03 February 2010 - 07:29 AM

First, I want to say that RootRepeal doesn't work on 64-bit OS's, so I could not create Ark.txt. I hope it's not necessary.

In Firefox, have not tried other browsers, sometimes when I click a link, particularly with google, it is redirecting me to a site full of ads rather than the site the link was supposed to lead to. I started having the issue a couple days ago, and thought it was something with the websites. I saw the domain "asklots.com" popping up a lot. However, even after blocking it in my hosts file, it's still happening, now from a domain "admarketplace.com" I think. Anyway, I am fairly sure it's some sort of malware on my machine that's doing it, because I doubt big sites like battle.net and microsoft.com have such ad redirection, but links to their domains have dropped me onto these ad pages.

I will stop blabbering and get to the log... by the way, RootRepeal doesn't work on my 64 bit OS.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Gary at 6:18:31.01 on Wed 02/03/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2578 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mumble\dbus-daemon.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gary\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [xpsysClient] rundll32.exe "c:\users\gary\appdata\local\xpsysclient\xpsysClient.dll", DllInit
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files (x86)\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\gary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files (x86)\microsoft office\office14\officesas\officeSASscheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\gary\appdata\roaming\mozilla\firefox\profiles\jdnc1k6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com
FF - plugin: c:\progra~2\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\sony\media go\npmediago.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-3 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-18 54480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-2-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclk64.sys [2009-9-15 42088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-11-6 1038088]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-1-25 55808]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2009-11-26 32896]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2009-11-26 32896]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4924336]
S3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]

=============== Created Last 30 ================

2010-02-03 12:18:29 0 d-----w- c:\temp\F49B.tmp
2010-02-03 11:48:04 0 d-----w- c:\temp\WPDNSE
2010-02-03 08:03:41 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 08:01:59 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-03 08:01:51 0 d-----w- c:\programdata\Lavasoft
2010-02-03 08:01:51 0 d-----w- c:\program files (x86)\Lavasoft
2010-02-03 07:47:22 0 d-----w- C:\!KillBox
2010-02-03 07:00:11 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-03 07:00:11 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-02-01 10:17:13 0 d-----w- c:\users\gary\appdata\roaming\runic games
2010-02-01 10:10:16 0 d-----w- c:\program files (x86)\Runic Games
2010-01-31 12:03:05 93 ----a-w- c:\windows\SMM_HCEditor.INI
2010-01-31 11:46:06 0 d-----w- c:\program files (x86)\common files\Solveig Multimedia
2010-01-31 11:46:04 0 d-----w- c:\program files (x86)\HyperCam 3
2010-01-31 11:45:53 2 ----a-w- c:\users\gary\tenmy.ini
2010-01-31 11:45:52 71744 ----a-w- c:\users\gary\pod.exe
2010-01-31 07:16:15 777 ----a-w- C:\Receipt.asp.htm
2010-01-31 07:16:15 0 d-----w- C:\Receipt.asp_files
2010-01-30 11:39:21 0 d-----w- C:\mms
2010-01-26 21:39:29 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 21:39:29 2870272 ----a-w- c:\windows\explorer.exe
2010-01-26 21:39:29 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-26 21:39:26 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-26 21:39:26 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-25 22:46:17 82 ----a-w- c:\windows\mafosav.INI
2010-01-25 11:55:27 0 d-----w- c:\program files\HyCam2
2010-01-25 11:26:18 28 ----a-w- c:\windows\lagarith.ini
2010-01-25 10:38:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
2010-01-25 10:37:33 90112 ----a-w- c:\windows\syswow64\MijFrc.dll
2010-01-25 10:37:33 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-01-25 10:37:33 55808 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2010-01-25 10:37:33 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-01-25 10:37:33 0 d-----w- c:\users\gary\appdata\roaming\MotioninJoy
2010-01-25 10:37:33 0 d-----w- c:\programdata\MotioninJoy
2010-01-25 10:37:33 0 d-----w- c:\program files\MotioninJoy
2010-01-25 10:34:54 0 d-----w- C:\ds3drv_dx
2010-01-21 22:00:13 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-21 22:00:12 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-21 22:00:12 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 22:00:12 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-21 22:00:11 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-21 22:00:11 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-21 22:00:11 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-21 19:15:45 7442329 ----a-w- c:\users\gary\SolveigMM HyperCam 3.0.912.18.exe
2010-01-19 11:22:55 140582 ----a-w- C:\Q1ifC.jpg
2010-01-19 11:22:04 774660 ----a-w- C:\Pd81R.jpg
2010-01-19 11:20:46 84295 ----a-w- C:\sBV9G.jpg
2010-01-18 07:53:42 355 ----a-w- c:\users\gary\iDPS.xml
2010-01-18 07:31:56 3337216 ----a-r- C:\Combat_1.4.3.xls
2010-01-15 10:30:20 212931 ----a-w- C:\WoWScrnShot_051609_193815.jpg
2010-01-15 06:25:25 0 d-----w- C:\stobinst
2010-01-13 04:18:09 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 04:18:09 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 04:18:09 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 04:18:09 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 06:23:05 87633 ----a-w- C:\bingo3.jpg
2010-01-12 06:22:49 92069 ----a-w- C:\bingo2.jpg
2010-01-12 06:22:34 92535 ----a-w- C:\bingo1.jpg

==================== Find3M ====================

2010-02-03 11:54:25 394382 ----a-w- c:\windows\system32\perfh011.dat
2010-02-03 11:54:25 104340 ----a-w- c:\windows\system32\perfc011.dat
2010-01-14 17:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2009-12-17 12:32:57 67802 ----a-w- c:\windows\War3Unin.dat
2009-12-17 12:30:20 2829 ----a-w- c:\windows\War3Unin.pif
2009-12-17 12:30:20 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-14 05:15:57 202344 ----a-w- c:\windows\system32\nvcod178.dll
2009-11-14 00:15:00 645224 ----a-w- c:\windows\system32\nvuninst.exe
2009-10-29 11:57:07 31548 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2009-10-29 11:57:07 31548 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2009-10-29 11:57:07 141988 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2009-10-29 11:57:07 141988 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 6:19:27.20 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:46 PM

Posted 10 February 2010 - 12:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 11 February 2010 - 01:33 AM

I will get right on getting you the information. I am definitely going to have to get you the information again as I had already tried to fix the issue myself prior to being told to not do so - I got pretty mad about it, though, and tried running some Anti Root Kit programs, thinking it could have been a root kit. Nothing was found, but the issue persisted, so I uninstalled Firefox and installed Chrome. I prefer Firefox, but have been using Chrome and not had any problems with click hijacking.

Anyway, I appreciate you taking the time. I will compile the information requested tonight (I just got off work, I am a late-shifter) and post it here. If nothing is apparent after looking at the info and having me run whatever tests you think would be helpful, I would say the issue is, at least for now, not affecting me.

I'll reply again with updated DDS and the other requested info soon.

#4 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 11 February 2010 - 06:33 AM

New DDS:


DDS (Ver_09-12-01.01) - NTFSX64
Run by Gary at 5:09:36.89 on Thu 02/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2469 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mumble\dbus-daemon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Users\Gary\Desktop\dds (1).scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [xpsysClient] rundll32.exe "c:\users\gary\appdata\local\xpsysclient\xpsysClient.dll", DllInit
uRun: [Google Update] "c:\users\gary\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files (x86)\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\gary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files (x86)\microsoft office\office14\officesas\officeSASscheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-3 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-18 54480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-2-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclk64.sys [2009-9-15 42088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-11-6 1038088]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7DD1.tmp [2010-2-4 6144]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-1-25 55808]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2009-11-26 32896]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2009-11-26 32896]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4924336]
S3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]

=============== Created Last 30 ================

2010-02-11 11:09:36 0 d-----w- c:\temp\4204.tmp
2010-02-11 11:08:46 0 d-----w- c:\temp\7F23.tmp
2010-02-11 06:22:47 0 d-----w- c:\temp\WPDNSE
2010-02-10 11:07:23 0 d-----w- c:\temp\7zO26B6.tmp
2010-02-10 08:08:58 0 d-----w- c:\temp\{a35d3925-c2c1-47ff-944b-365d20629843}
2010-02-10 08:07:10 0 d-----w- c:\temp\{36eefdc1-fd57-4a28-9b08-4b501af8c175}
2010-02-10 08:06:44 0 d-----w- c:\temp\{7c471ee6-a6c7-47da-9318-535bf66ddfa1}
2010-02-10 08:06:17 0 d-----w- c:\temp\{c6237bd3-495a-497a-832b-770e8362acdb}
2010-02-10 08:05:56 0 d-----w- c:\temp\{d17304e6-b2a1-4c99-90e3-e92f26fda18a}
2010-02-10 08:04:37 0 d-----w- c:\temp\{45f7b273-a10b-44bc-aeb2-f84adab443d4}
2010-02-10 07:58:21 2829 ----a-w- c:\windows\DiabUnin.pif
2010-02-10 07:58:21 118784 ----a-w- c:\windows\DiabUnin.exe
2010-02-10 07:58:15 6425 ----a-w- c:\windows\DiabUnin.dat
2010-02-09 00:23:15 0 d-----w- c:\temp\Sony Media Go Version 1.3
2010-02-09 00:23:02 0 d-----w- c:\temp\Media Go
2010-02-08 23:56:39 0 d--h--w- c:\temp\UMDGen
2010-02-08 23:56:26 0 d-----w- C:\umdgen
2010-02-08 19:40:07 0 d-----w- c:\temp\7zODA7C.tmp
2010-02-07 13:19:46 0 d-----w- c:\temp\MPInstrumentation
2010-02-07 12:10:18 0 d-----w- c:\temp\javaps3media
2010-02-07 12:10:13 0 d-----w- c:\temp\hsperfdata_Gary
2010-02-07 09:16:09 0 d-----w- c:\temp\{d58669eb-fd3d-4638-ab07-d49a1f570712}
2010-02-06 10:30:33 0 d-----w- c:\temp\Curse
2010-02-05 20:04:16 0 d-----w- c:\temp\{54fc01bb-9340-45f6-abed-ac10176cd013}
2010-02-05 11:42:40 0 d-----w- c:\temp\HouseCall
2010-02-05 11:42:31 0 d-----w- c:\temp\HCBackup
2010-02-05 11:21:45 0 d-----w- c:\temp\Deployment
2010-02-05 10:22:16 353485 ----a-w- c:\temp\HostsXpert.zip
2010-02-04 10:46:56 6144 ------w- c:\windows\system32\7DD1.tmp
2010-02-04 10:45:14 6144 ------w- c:\windows\system32\EEBB.tmp
2010-02-04 10:45:06 0 d-----w- c:\program files (x86)\Sophos
2010-02-03 12:42:58 0 d-----w- c:\temp\Low
2010-02-03 08:03:41 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 08:01:59 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-03 08:01:51 0 d-----w- c:\programdata\Lavasoft
2010-02-03 08:01:51 0 d-----w- c:\program files (x86)\Lavasoft
2010-02-03 07:47:22 0 d-----w- C:\!KillBox
2010-02-03 07:00:11 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-03 07:00:11 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-02-01 10:17:13 0 d-----w- c:\users\gary\appdata\roaming\runic games
2010-02-01 10:10:16 0 d-----w- c:\program files (x86)\Runic Games
2010-01-31 12:03:05 93 ----a-w- c:\windows\SMM_HCEditor.INI
2010-01-31 11:45:53 2 ----a-w- c:\users\gary\tenmy.ini
2010-01-31 11:45:52 71744 ----a-w- c:\users\gary\pod.exe
2010-01-31 07:16:15 777 ----a-w- C:\Receipt.asp.htm
2010-01-31 07:16:15 0 d-----w- C:\Receipt.asp_files
2010-01-30 11:39:21 0 d-----w- C:\mms
2010-01-26 21:39:29 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 21:39:29 2870272 ----a-w- c:\windows\explorer.exe
2010-01-26 21:39:29 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-26 21:39:26 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-26 21:39:26 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-25 22:46:17 82 ----a-w- c:\windows\mafosav.INI
2010-01-25 11:55:27 0 d-----w- c:\program files\HyCam2
2010-01-25 11:26:18 28 ----a-w- c:\windows\lagarith.ini
2010-01-25 10:38:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
2010-01-25 10:37:33 90112 ----a-w- c:\windows\syswow64\MijFrc.dll
2010-01-25 10:37:33 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-01-25 10:37:33 55808 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2010-01-25 10:37:33 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-01-25 10:37:33 0 d-----w- c:\users\gary\appdata\roaming\MotioninJoy
2010-01-25 10:37:33 0 d-----w- c:\programdata\MotioninJoy
2010-01-25 10:37:33 0 d-----w- c:\program files\MotioninJoy
2010-01-25 10:34:54 0 d-----w- C:\ds3drv_dx
2010-01-21 22:00:13 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-21 22:00:12 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-21 22:00:12 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 22:00:12 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-21 22:00:11 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-21 22:00:11 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-21 22:00:11 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-21 19:15:45 7442329 ----a-w- c:\users\gary\SolveigMM HyperCam 3.0.912.18.exe
2010-01-19 11:22:55 140582 ----a-w- C:\Q1ifC.jpg
2010-01-19 11:22:04 774660 ----a-w- C:\Pd81R.jpg
2010-01-19 11:20:46 84295 ----a-w- C:\sBV9G.jpg
2010-01-18 07:53:42 355 ----a-w- c:\users\gary\iDPS.xml
2010-01-18 07:31:56 3337216 ----a-r- C:\Combat_1.4.3.xls
2010-01-15 10:30:20 212931 ----a-w- C:\WoWScrnShot_051609_193815.jpg
2010-01-15 06:25:25 0 d-----w- C:\stobinst
2010-01-13 04:18:09 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 04:18:09 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 04:18:09 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 04:18:09 100864 ----a-w- c:\windows\system32\fontsub.dll

==================== Find3M ====================

2010-02-11 06:28:05 394382 ----a-w- c:\windows\system32\perfh011.dat
2010-02-11 06:28:05 104340 ----a-w- c:\windows\system32\perfc011.dat
2010-01-14 17:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2009-12-17 12:32:57 67802 ----a-w- c:\windows\War3Unin.dat
2009-12-17 12:30:20 2829 ----a-w- c:\windows\War3Unin.pif
2009-12-17 12:30:20 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-14 05:15:57 202344 ----a-w- c:\windows\system32\nvcod178.dll
2009-11-14 00:15:00 645224 ----a-w- c:\windows\system32\nvuninst.exe
2009-10-29 11:57:07 31548 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2009-10-29 11:57:07 31548 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2009-10-29 11:57:07 141988 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2009-10-29 11:57:07 141988 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 5:09:57.52 ===============



GMER tossed an error both normally and in safe mode about how it could not access c:\windows\system32\config\system because it was in use by another program. It still scanned. When I saved the log, it was a blank file.


Attach.zip is uploaded.

Attached Files



#5 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 13 February 2010 - 05:36 AM

ADDM: I have confirmed that click hijacking happens in IE from google searches. Chrome has been unaffected. Not sure that information would be helpful.

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:46 PM

Posted 13 February 2010 - 02:46 PM

Hello, Garylisk
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 13 February 2010 - 03:11 PM

OTL logfile created on: 2/13/2010 2:02:34 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gary\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 25.53 Gb Free Space | 8.56% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.39 Gb Free Space | 8.90% Space Free | Partition Type: UDF
Drive E: | 114.50 Gb Total Space | 15.51 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 7.47 Gb Total Space | 1.63 Gb Free Space | 21.77% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHOUSHIN
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/13 14:01:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
PRC - [2010/02/13 04:37:35 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/02/12 03:47:45 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/02/05 12:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/02/04 14:03:06 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/03 02:02:59 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/03 03:20:56 | 001,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/10/28 19:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/10 08:50:22 | 000,142,008 | ---- | M] () -- C:\Program Files (x86)\Mumble\dbus-daemon.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2006/10/18 22:42:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\SysWOW64\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/02/13 14:01:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
MOD - [2010/01/26 23:10:26 | 000,069,632 | ---- | M] () -- C:\Users\Gary\AppData\Local\xpsysClient\xpsysClient.dll
MOD - [2009/07/13 19:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/06 13:45:21 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/28 19:21:28 | 000,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/09/26 04:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2009/07/13 19:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 19:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 19:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 19:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 19:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 19:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 19:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 19:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 19:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 19:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 19:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 19:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 19:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 19:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (getPlusHelper)
SRV:64bit: - [2009/07/13 19:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 19:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/02 17:42:36 | 000,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/06/10 14:47:57 | 000,002,873 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\wbem\nlsvc.mof -- (nlsvc)
SRV - [2010/02/13 04:37:35 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/02/04 14:03:06 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/06 13:45:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/03 03:22:01 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/13 21:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 21:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 14:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 15:29:35 | 000,002,873 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\wbem\nlsvc.mof -- (nlsvc)
SRV - [2009/06/10 14:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/17 02:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2006/10/18 22:42:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 61 B5 DC 97 AC CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/02/05 04:23:53 | 000,000,698 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [xpsysClient] C:\Users\Gary\AppData\Local\xpsysClient\xpsysClient.DLL ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45f02ad8-cf59-11de-a4d3-001fc63bdac6}\Shell - "" = AutoRun
O33 - MountPoints2\{45f02ad8-cf59-11de-a4d3-001fc63bdac6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 21:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/13 14:01:37 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2010/02/13 05:10:25 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\PunkBuster
[2010/02/13 04:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2010/02/13 02:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/02/13 02:29:27 | 000,000,000 | ---D | C] -- C:\O2Micro Flash Memory Card Driver 3.00
[2010/02/08 17:56:26 | 000,000,000 | ---D | C] -- C:\umdgen
[2010/02/05 04:24:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\GooredFix Backups
[2010/02/05 04:23:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\HostsXpert
[2010/02/04 04:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/02/03 02:03:41 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/02/03 02:01:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/02/03 02:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/02/03 02:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/02/03 01:47:22 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/02/03 01:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/03 01:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/02/01 04:17:13 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\runic games
[2010/02/01 04:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/02/01 04:10:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/01/31 05:47:50 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\HyperCam3
[2010/01/31 05:45:54 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\xpsysClient
[2010/01/31 01:16:15 | 000,000,000 | ---D | C] -- C:\Receipt.asp_files
[2009/11/01 04:07:10 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/13 14:03:33 | 006,553,600 | -HS- | M] () -- C:\Users\Gary\NTUSER.DAT
[2010/02/13 14:01:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2010/02/13 13:44:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001UA.job
[2010/02/13 08:33:32 | 000,070,233 | ---- | M] () -- C:\Users\Gary\Desktop\0213100233a.jpg
[2010/02/13 08:12:30 | 000,135,924 | ---- | M] () -- C:\Users\Gary\Desktop\0213100212a.jpg
[2010/02/13 05:49:13 | 001,208,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/13 05:49:13 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/13 05:49:13 | 000,394,382 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2010/02/13 05:49:13 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2010/02/13 05:49:13 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/13 05:28:13 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/02/13 05:28:13 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/02/13 04:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001Core.job
[2010/02/13 04:37:35 | 002,373,712 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/02/13 04:37:35 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/13 02:44:38 | 000,000,727 | ---- | M] () -- C:\Users\Gary\Desktop\World of Warcraft.lnk
[2010/02/13 02:25:31 | 000,099,106 | ---- | M] () -- C:\Users\Gary\Desktop\0213100211a.jpg
[2010/02/13 02:22:16 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/13 02:22:16 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/12 03:46:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/12 03:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/12 03:45:06 | 000,782,496 | -H-- | M] () -- C:\Users\Gary\AppData\Local\IconCache.db
[2010/02/11 20:44:22 | 000,002,254 | ---- | M] () -- C:\Users\Gary\Desktop\Google Chrome.lnk
[2010/02/11 05:19:31 | 000,293,376 | ---- | M] () -- C:\Users\Gary\Desktop\d6wje22x.exe
[2010/02/11 05:10:37 | 000,003,030 | ---- | M] () -- C:\Users\Gary\Desktop\Attach.zip
[2010/02/11 05:09:28 | 000,524,288 | ---- | M] () -- C:\Users\Gary\Desktop\dds (1).scr
[2010/02/11 04:02:30 | 035,476,862 | ---- | M] () -- C:\Users\Gary\Documents\enc.264
[2010/02/08 20:50:26 | 000,000,051 | ---- | M] () -- C:\Users\Gary\Documents\enc.avs
[2010/02/08 20:18:13 | 000,000,641 | ---- | M] () -- C:\Users\Gary\Desktop\ZSNES.lnk
[2010/02/07 03:12:49 | 000,000,919 | ---- | M] () -- C:\Users\Gary\Desktop\Play Cave Story.lnk
[2010/02/05 05:42:31 | 000,000,036 | ---- | M] () -- C:\Users\Gary\AppData\Local\housecall.guid.cache
[2010/02/05 05:08:16 | 000,061,304 | ---- | M] () -- C:\Users\Gary\Documents\cc_20100205_050730.reg
[2010/02/05 04:23:53 | 000,000,698 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/02/03 02:58:49 | 000,008,192 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 02:03:09 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/02/03 02:01:57 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/03 01:00:32 | 000,001,224 | ---- | M] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
[2010/02/01 03:13:02 | 000,001,358 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100203-010941.backup
[2010/02/01 02:38:15 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2010/01/31 06:03:05 | 000,000,093 | ---- | M] () -- C:\Windows\SMM_HCEditor.INI
[2010/01/31 05:45:53 | 000,071,744 | ---- | M] () -- C:\Users\Gary\pod.exe
[2010/01/31 05:45:53 | 000,000,002 | ---- | M] () -- C:\Users\Gary\tenmy.ini
[2010/01/31 01:16:16 | 000,000,777 | ---- | M] () -- C:\Receipt.asp.htm
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/13 05:28:10 | 000,214,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/02/13 04:37:42 | 000,214,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/02/13 04:37:35 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/02/13 04:37:35 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/13 02:34:20 | 000,070,233 | ---- | C] () -- C:\Users\Gary\Desktop\0213100233a.jpg
[2010/02/13 02:31:42 | 000,135,924 | ---- | C] () -- C:\Users\Gary\Desktop\0213100212a.jpg
[2010/02/13 02:25:31 | 000,099,106 | ---- | C] () -- C:\Users\Gary\Desktop\0213100211a.jpg
[2010/02/11 05:19:29 | 000,293,376 | ---- | C] () -- C:\Users\Gary\Desktop\d6wje22x.exe
[2010/02/11 05:10:37 | 000,003,030 | ---- | C] () -- C:\Users\Gary\Desktop\Attach.zip
[2010/02/11 05:09:28 | 000,524,288 | ---- | C] () -- C:\Users\Gary\Desktop\dds (1).scr
[2010/02/11 03:59:47 | 035,476,862 | ---- | C] () -- C:\Users\Gary\Documents\enc.264
[2010/02/08 19:21:52 | 000,000,641 | ---- | C] () -- C:\Users\Gary\Desktop\ZSNES.lnk
[2010/02/07 04:03:02 | 000,000,051 | ---- | C] () -- C:\Users\Gary\Documents\enc.avs
[2010/02/07 03:12:49 | 000,000,919 | ---- | C] () -- C:\Users\Gary\Desktop\Play Cave Story.lnk
[2010/02/05 05:42:31 | 000,000,036 | ---- | C] () -- C:\Users\Gary\AppData\Local\housecall.guid.cache
[2010/02/05 05:07:32 | 000,061,304 | ---- | C] () -- C:\Users\Gary\Documents\cc_20100205_050730.reg
[2010/02/05 04:41:01 | 000,002,254 | ---- | C] () -- C:\Users\Gary\Desktop\Google Chrome.lnk
[2010/02/05 04:39:50 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001UA.job
[2010/02/05 04:39:49 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001Core.job
[2010/02/03 02:01:57 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/03 01:00:32 | 000,001,224 | ---- | C] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
[2010/02/01 02:37:38 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2010/01/31 06:03:05 | 000,000,093 | ---- | C] () -- C:\Windows\SMM_HCEditor.INI
[2010/01/31 05:45:53 | 000,000,002 | ---- | C] () -- C:\Users\Gary\tenmy.ini
[2010/01/31 05:45:52 | 000,071,744 | ---- | C] () -- C:\Users\Gary\pod.exe
[2010/01/31 01:16:15 | 000,000,777 | ---- | C] () -- C:\Receipt.asp.htm
[2010/01/25 16:46:17 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/01/25 05:26:18 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini
[2009/12/01 03:32:13 | 001,232,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/08 01:14:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/11/08 01:14:37 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/11/08 01:14:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/11/08 01:14:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/11/02 12:18:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/01 04:11:01 | 000,008,192 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 04:06:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/01 04:06:53 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/01 04:05:31 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/01/20 20:02:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\RMDevice.dll

========== LOP Check ==========

[2009/12/05 03:56:55 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Aegisub
[2009/11/13 14:07:17 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\CravingExplorer
[2010/01/12 01:35:18 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FileZilla
[2010/01/13 03:31:03 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Folding@home-gpu
[2009/11/23 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Folding@home-x86
[2009/11/03 03:18:06 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\GetRightToGo
[2009/11/16 19:51:52 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\LockHunter
[2010/01/25 04:37:33 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\MotioninJoy
[2009/12/27 04:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mumble
[2009/11/24 02:29:14 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\NJStar
[2009/11/14 04:56:10 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Oberon Media
[2009/11/20 06:13:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\OpenOffice.org
[2010/02/13 01:13:42 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\runic games
[2009/12/19 04:20:03 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Sony
[2009/12/19 04:13:14 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Sony Setup
[2009/11/12 02:42:29 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\SystemRequirementsLab
[2009/11/11 01:05:56 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Trillian
[2010/02/13 14:03:19 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\uTorrent
[2009/07/13 23:08:49 | 000,016,952 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:756C8543
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:390B30B4
< End of report >


OTL Extras logfile created on: 2/13/2010 2:02:34 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gary\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 25.53 Gb Free Space | 8.56% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.39 Gb Free Space | 8.90% Space Free | Partition Type: UDF
Drive E: | 114.50 Gb Total Space | 15.51 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 7.47 Gb Total Space | 1.63 Gb Free Space | 21.77% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHOUSHIN
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" /add "%1" (mpc-hc@Sourceforge)
Directory [mplayerc.play] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1" (mpc-hc@Sourceforge)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" /add "%1" (mpc-hc@Sourceforge)
Directory [mplayerc.play] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1" (mpc-hc@Sourceforge)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)
"{20140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 (Beta)
"{20140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Beta)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.4.0002
"{59B4B93D-FC47-4F16-AE8E-CD103F022654}" = Microsoft Security Essentials
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3562A082-CF01-419B-8A02-233E31B8A83C}" = O2Micro Flash Memory Card Windows Driver V3.00
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"Ad-Aware" = Ad-Aware
"AviSynth" = AviSynth 2.5
"Cave Story Deluxe" = Cave Story Deluxe
"Diablo II" = Diablo II
"InstallShield_{3562A082-CF01-419B-8A02-233E31B8A83C}" = O2Micro Flash Memory Card Windows Driver V3.00
"PunkBusterSvc" = PunkBuster Services

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/11/2010 8:07:52 AM | Computer Name = CHOUSHIN | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "c:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/11/2010 8:08:03 AM | Computer Name = CHOUSHIN | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/11/2010 2:12:26 PM | Computer Name = CHOUSHIN | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/12/2010 7:01:17 AM | Computer Name = CHOUSHIN | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/12/2010 7:02:47 AM | Computer Name = CHOUSHIN | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "c:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/12/2010 7:02:59 AM | Computer Name = CHOUSHIN | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/13/2010 3:13:21 AM | Computer Name = CHOUSHIN | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/13/2010 3:13:21 AM | Computer Name = CHOUSHIN | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/13/2010 4:29:33 AM | Computer Name = CHOUSHIN | Source = MsiInstaller | ID = 1013
Description =

Error - 2/13/2010 4:34:43 AM | Computer Name = CHOUSHIN | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Media Center Events ]
Error - 2/9/2010 10:13:02 AM | Computer Name = CHOUSHIN | Source = MCUpdate | ID = 0
Description = 8:13:02 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 2/11/2010 7:22:17 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/11/2010 7:22:17 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/11/2010 7:22:26 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/11/2010 7:29:16 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7000
Description = The NetLimiter 3 Service service failed to start due to the following
error: %%2

Error - 2/11/2010 7:29:23 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nltdi

Error - 2/12/2010 5:45:19 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 2/12/2010 5:46:25 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7000
Description = The NetLimiter 3 Service service failed to start due to the following
error: %%2

Error - 2/12/2010 5:46:31 AM | Computer Name = CHOUSHIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nltdi

Error - 2/12/2010 4:00:07 PM | Computer Name = CHOUSHIN | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 2/13/2010 7:46:46 AM | Computer Name = CHOUSHIN | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR8.


< End of report >


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:46 PM

Posted 13 February 2010 - 03:25 PM

Hi,


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 14 February 2010 - 01:38 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3737
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/14/2010 12:38:08 AM
mbam-log-2010-02-14 (00-38-08).txt

Scan type: Quick Scan
Objects scanned: 96558
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpsysclient (Adware.Agent.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Gary\pod.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Gary\AppData\Local\xpsysClient\xpsysClient.dll (Adware.Agent.N) -> Delete on reboot.


#10 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 14 February 2010 - 01:47 AM

ADDM

QUOTE
C:\Users\Gary\AppData\Local\xpsysClient\xpsysClient.dll (Adware.Agent.N) -> Delete on reboot.


This was successfully deleted upon rebooting.

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:46 PM

Posted 14 February 2010 - 06:57 AM

Hi,

Please post back with a fresh OTL logfile and tell me how your system is running.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 14 February 2010 - 06:30 PM

NEW OTL

OTL logfile created on: 2/14/2010 4:57:47 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gary\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 24.75 Gb Free Space | 8.30% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.39 Gb Free Space | 8.90% Space Free | Partition Type: UDF
Drive E: | 114.50 Gb Total Space | 15.51 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHOUSHIN
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/13 14:01:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
PRC - [2010/02/13 04:37:35 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/02/12 03:47:45 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/02/05 12:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/02/04 14:03:06 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/03 02:02:59 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/03 03:20:56 | 001,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/10/28 19:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2009/10/10 08:50:22 | 000,142,008 | ---- | M] () -- C:\Program Files (x86)\Mumble\dbus-daemon.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2006/10/18 22:42:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\SysWOW64\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/02/13 14:01:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
MOD - [2009/07/13 19:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/06 13:45:21 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/28 19:21:28 | 000,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/09/26 04:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2009/07/13 19:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 19:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 19:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 19:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 19:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 19:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 19:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 19:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 19:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 19:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 19:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 19:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 19:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 19:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (getPlusHelper)
SRV:64bit: - [2009/07/13 19:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 19:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/02 17:42:36 | 000,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/06/10 14:47:57 | 000,002,873 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\wbem\nlsvc.mof -- (nlsvc)
SRV - [2010/02/13 04:37:35 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/02/04 14:03:06 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/06 13:45:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/03 03:22:01 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/13 21:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 21:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 14:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 15:29:35 | 000,002,873 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\wbem\nlsvc.mof -- (nlsvc)
SRV - [2009/06/10 14:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/17 02:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2006/10/18 22:42:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.quakelive.com/#home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 61 B5 DC 97 AC CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/02/05 04:23:53 | 000,000,698 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45f02ad8-cf59-11de-a4d3-001fc63bdac6}\Shell - "" = AutoRun
O33 - MountPoints2\{45f02ad8-cf59-11de-a4d3-001fc63bdac6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 21:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/14 00:34:35 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
[2010/02/14 00:34:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/14 00:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/14 00:34:30 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/14 00:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/13 14:01:37 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2010/02/13 05:10:25 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\PunkBuster
[2010/02/13 04:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2010/02/13 02:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/02/13 02:29:27 | 000,000,000 | ---D | C] -- C:\O2Micro Flash Memory Card Driver 3.00
[2010/02/08 17:56:26 | 000,000,000 | ---D | C] -- C:\umdgen
[2010/02/05 04:24:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\GooredFix Backups
[2010/02/05 04:23:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\HostsXpert
[2010/02/04 04:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/02/03 02:03:41 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/02/03 02:01:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/02/03 02:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/02/03 02:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/02/03 01:47:22 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/02/03 01:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/03 01:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/02/01 04:17:13 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\runic games
[2010/02/01 04:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/02/01 04:10:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2009/11/01 04:07:10 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/14 16:57:49 | 006,553,600 | -HS- | M] () -- C:\Users\Gary\NTUSER.DAT
[2010/02/14 16:44:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001UA.job
[2010/02/14 04:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001Core.job
[2010/02/14 03:42:34 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/02/14 03:42:34 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/02/14 03:37:49 | 000,062,462 | ---- | M] () -- C:\Users\Gary\Desktop\0214100336a.jpg
[2010/02/14 02:14:17 | 000,000,727 | ---- | M] () -- C:\Users\Gary\Desktop\World of Warcraft.lnk
[2010/02/14 00:47:37 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/14 00:47:37 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/14 00:46:06 | 001,208,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/14 00:46:06 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/14 00:46:06 | 000,394,382 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2010/02/14 00:46:06 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2010/02/14 00:46:06 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/14 00:40:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/14 00:40:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/14 00:39:13 | 001,333,076 | -H-- | M] () -- C:\Users\Gary\AppData\Local\IconCache.db
[2010/02/14 00:34:34 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 14:01:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2010/02/13 08:33:32 | 000,070,233 | ---- | M] () -- C:\Users\Gary\Desktop\0213100233a.jpg
[2010/02/13 08:12:30 | 000,135,924 | ---- | M] () -- C:\Users\Gary\Desktop\0213100212a.jpg
[2010/02/13 04:37:35 | 002,373,712 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/02/13 04:37:35 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/13 02:25:31 | 000,099,106 | ---- | M] () -- C:\Users\Gary\Desktop\0213100211a.jpg
[2010/02/11 20:44:22 | 000,002,254 | ---- | M] () -- C:\Users\Gary\Desktop\Google Chrome.lnk
[2010/02/11 05:19:31 | 000,293,376 | ---- | M] () -- C:\Users\Gary\Desktop\d6wje22x.exe
[2010/02/11 05:10:37 | 000,003,030 | ---- | M] () -- C:\Users\Gary\Desktop\Attach.zip
[2010/02/11 05:09:28 | 000,524,288 | ---- | M] () -- C:\Users\Gary\Desktop\dds (1).scr
[2010/02/11 04:02:30 | 035,476,862 | ---- | M] () -- C:\Users\Gary\Documents\enc.264
[2010/02/08 20:50:26 | 000,000,051 | ---- | M] () -- C:\Users\Gary\Documents\enc.avs
[2010/02/08 20:18:13 | 000,000,641 | ---- | M] () -- C:\Users\Gary\Desktop\ZSNES.lnk
[2010/02/07 03:12:49 | 000,000,919 | ---- | M] () -- C:\Users\Gary\Desktop\Play Cave Story.lnk
[2010/02/05 05:42:31 | 000,000,036 | ---- | M] () -- C:\Users\Gary\AppData\Local\housecall.guid.cache
[2010/02/05 05:08:16 | 000,061,304 | ---- | M] () -- C:\Users\Gary\Documents\cc_20100205_050730.reg
[2010/02/05 04:23:53 | 000,000,698 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/02/03 02:58:49 | 000,008,192 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 02:03:09 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/02/03 02:01:57 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/03 01:00:32 | 000,001,224 | ---- | M] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
[2010/02/01 03:13:02 | 000,001,358 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100203-010941.backup
[2010/02/01 02:38:15 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/14 03:37:49 | 000,062,462 | ---- | C] () -- C:\Users\Gary\Desktop\0214100336a.jpg
[2010/02/14 00:34:34 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 05:28:10 | 000,214,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/02/13 04:37:42 | 000,214,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/02/13 04:37:35 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/02/13 04:37:35 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/13 02:34:20 | 000,070,233 | ---- | C] () -- C:\Users\Gary\Desktop\0213100233a.jpg
[2010/02/13 02:31:42 | 000,135,924 | ---- | C] () -- C:\Users\Gary\Desktop\0213100212a.jpg
[2010/02/13 02:25:31 | 000,099,106 | ---- | C] () -- C:\Users\Gary\Desktop\0213100211a.jpg
[2010/02/11 05:19:29 | 000,293,376 | ---- | C] () -- C:\Users\Gary\Desktop\d6wje22x.exe
[2010/02/11 05:10:37 | 000,003,030 | ---- | C] () -- C:\Users\Gary\Desktop\Attach.zip
[2010/02/11 05:09:28 | 000,524,288 | ---- | C] () -- C:\Users\Gary\Desktop\dds (1).scr
[2010/02/11 03:59:47 | 035,476,862 | ---- | C] () -- C:\Users\Gary\Documents\enc.264
[2010/02/08 19:21:52 | 000,000,641 | ---- | C] () -- C:\Users\Gary\Desktop\ZSNES.lnk
[2010/02/07 04:03:02 | 000,000,051 | ---- | C] () -- C:\Users\Gary\Documents\enc.avs
[2010/02/07 03:12:49 | 000,000,919 | ---- | C] () -- C:\Users\Gary\Desktop\Play Cave Story.lnk
[2010/02/05 05:42:31 | 000,000,036 | ---- | C] () -- C:\Users\Gary\AppData\Local\housecall.guid.cache
[2010/02/05 05:07:32 | 000,061,304 | ---- | C] () -- C:\Users\Gary\Documents\cc_20100205_050730.reg
[2010/02/05 04:41:01 | 000,002,254 | ---- | C] () -- C:\Users\Gary\Desktop\Google Chrome.lnk
[2010/02/05 04:39:50 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001UA.job
[2010/02/05 04:39:49 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-997814333-3256039755-3395098855-1001Core.job
[2010/02/03 02:01:57 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/03 01:00:32 | 000,001,224 | ---- | C] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
[2010/02/01 02:37:38 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2010/01/31 06:03:05 | 000,000,093 | ---- | C] () -- C:\Windows\SMM_HCEditor.INI
[2010/01/25 16:46:17 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/01/25 05:26:18 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini
[2009/12/01 03:32:13 | 001,232,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/08 01:14:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/11/08 01:14:37 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/11/08 01:14:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/11/08 01:14:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/11/02 12:18:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/01 04:11:01 | 000,008,192 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 04:06:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/01 04:06:53 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/01 04:05:31 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/01/20 20:02:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\RMDevice.dll

========== LOP Check ==========

[2009/12/05 03:56:55 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Aegisub
[2009/11/13 14:07:17 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\CravingExplorer
[2010/01/12 01:35:18 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FileZilla
[2010/01/13 03:31:03 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Folding@home-gpu
[2009/11/23 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Folding@home-x86
[2009/11/03 03:18:06 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\GetRightToGo
[2009/11/16 19:51:52 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\LockHunter
[2010/01/25 04:37:33 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\MotioninJoy
[2009/12/27 04:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mumble
[2009/11/24 02:29:14 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\NJStar
[2009/11/14 04:56:10 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Oberon Media
[2009/11/20 06:13:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\OpenOffice.org
[2010/02/13 01:13:42 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\runic games
[2009/12/19 04:20:03 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Sony
[2009/12/19 04:13:14 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Sony Setup
[2009/11/12 02:42:29 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\SystemRequirementsLab
[2009/11/11 01:05:56 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Trillian
[2010/02/14 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\uTorrent
[2009/07/13 23:08:49 | 000,017,204 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:756C8543
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:390B30B4
< End of report >


#13 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 14 February 2010 - 06:43 PM

ESET Online Scan in IE keeps timing out. Downloading the actual client while in Chrome is super slow. it is downloading at less than 1k/sec. wacko.gif

Looks like it's not me... Wonder what's going on with that site.



EDIT: Yes, at this rate, it will be done downloading in 2 days.

EDIT 2: Now 1B/sec. Won't be done for over a month.

Edited by Garylisk, 14 February 2010 - 10:05 PM.


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:46 PM

Posted 15 February 2010 - 10:55 AM

Please try this:


Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 Garylisk

Garylisk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 15 February 2010 - 01:51 PM

On the BitDefender page, I had to click Start Scanning, then the only option was Quick Scan. I hope this is what you wanted.

BitDefender QuickScan Beta 32-bit v0.9.9.0
------------------------------------------

Scan date: Mon Feb 15 12:19:16 2010
Machine ID: D8AF31D4

Warning: Only 32-bit processes scanned.


No infection found.
---------------------


Processes
---------
<unsigned> Last.fm 3708 C:\Program Files (x86)\Last.fm\LastFM.exe
<unsigned> O2 MS1/MP1 Service 2008 C:\Windows\SysWOW64\o2flash.exe

<verified> Ad-Aware Service Application 1416 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
<verified> Ad-Aware Tray Application 3356 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Apple Mobile Device Service 1752 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> Bonjour 1780 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
<verified> dbus-daemon.exe 1224 C:\Program Files (x86)\Mumble\dbus-daemon.exe
<verified> Google Chrome 2192 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2472 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2764 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2852 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 4356 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 4484 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 4660 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 4804 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 4944 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 4992 C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
<verified> iTunes 2928 C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U17 4388 C:\Program Files (x86)\Java\jre6\bin\javaw.exe
<verified> Java™ Platform SE 6 U17 3088 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
<verified> PnkBstrA.exe 1264 C:\Windows\SysWOW64\PnkBstrA.exe
<verified> Spybot - Search & Destroy 2088 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
<verified> Steam 1608 C:\Program Files (x86)\Steam\Steam.exe
<verified> Stereo Vision Control Panel API Server 1324 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
<verified> µTorrent 2960 C:\Program Files (x86)\uTorrent\uTorrent.exe


Network activity
----------------
Process uTorrent.exe (2960) connected on port 43535 - adsl-074-237-247-152.sip.jax.bellsouth.net
Process uTorrent.exe (2960) connected on port 64824 - pool-173-59-253-96.bltmmd.fios.verizon.net
Process uTorrent.exe (2960) connected on port 50028 - adsl-147-2-135.bgk.bellsouth.net
Process uTorrent.exe (2960) connected on port 1208 - 97-122-241-233.hlrn.qwest.net
Process uTorrent.exe (2960) connected on port 14719 - 113.53.39.4
Process uTorrent.exe (2960) connected on port 8171 - 198.189.57.4
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iy-in-f83.1e100.net
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iy-in-f83.1e100.net
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iy-in-f147.1e100.net
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iy-in-f83.1e100.net
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iy-in-f83.1e100.net
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iy-in-f165.1e100.net
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iw-in-f189.1e100.net
Process chrome.exe (4944) connected on port 443 (HTTP over SSL) - iy-in-f83.1e100.net
Process chrome.exe (4944) connected on port 80 (HTTP) - iw-in-f102.1e100.net
Process chrome.exe (4944) connected on port 80 (HTTP) - a69-192-140-20.deploy.akamaitechnologies.com
Process chrome.exe (4944) connected on port 80 (HTTP) - a69-192-133-115.deploy.akamaitechnologies.com
Process chrome.exe (4944) connected on port 80 (HTTP) - iy-in-f102.1e100.net
Process chrome.exe (4944) connected on port 80 (HTTP) - 74.125.8.221

Process uTorrent.exe (2960) listens on ports: 62000
Process javaw.exe (4388) listens on ports: 5001 (Slingbox)


Autoruns and critical files
---------------------------
<unsigned> QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

<verified> Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe CS4 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> Google Update C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
<verified> iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U17 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
<verified> Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Steam C:\Program Files (x86)\Steam\Steam.exe
<verified> µTorrent C:\Program Files (x86)\uTorrent\uTorrent.exe


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

<verified> AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
<verified> Java™ Platform SE 6 U17 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
<verified> Media Go Detector c:\Program Files (x86)\Sony\Media Go\npmediago.dll
<verified> Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
<verified> Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
<verified> Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Spybot - Search & Destroy c:\program files (x86)\spybot - search & destroy\sdhelper.dll
<verified> Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll


Scan
----
<unsigned> MD5: 1f5a570ad942dfcfe4500326abdd72b2 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 7088887bf0a526f863ea76cbec296c7d C:\Program Files (x86)\Java\jre6\bin\awt.dll
<unsigned> MD5: e25025379e52e322ec91edc7b673b552 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll
<unsigned> MD5: 13c8337e3b3a62964920b31a6d209595 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll
<unsigned> MD5: 4e144bc51b9bc8b64a404b6ed390af6e C:\Program Files (x86)\Java\jre6\bin\hpi.dll
<unsigned> MD5: 009dabe4e77155dbbefac339eccab741 C:\Program Files (x86)\Java\jre6\bin\java.dll
<unsigned> MD5: 9b5ceb2d6ff6bc326c7083bc99a8c7e2 C:\Program Files (x86)\Java\jre6\bin\jpeg.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: 9d9b7353c71e6d26408e4eaab8ca5129 C:\Program Files (x86)\Java\jre6\bin\net.dll
<unsigned> MD5: 12cdadb34150974a4e3470bfb0d2d594 C:\Program Files (x86)\Java\jre6\bin\nio.dll
<unsigned> MD5: e565723a3acd0cb77ccf620cd30170d4 C:\Program Files (x86)\Java\jre6\bin\verify.dll
<unsigned> MD5: 02b95b60003e6bf03a3046e1d503b9e5 C:\Program Files (x86)\Java\jre6\bin\zip.dll
<unsigned> MD5: 91b74b8174178d36e72602b1c61eb8e8 C:\Program Files (x86)\Last.fm\breakpad.dll
<unsigned> MD5: e9ebf34d2c77df6db0bdcd6c1cd3c054 C:\Program Files (x86)\Last.fm\ext_messengernotify.dll
<unsigned> MD5: b1ff0b10c53c244a6e02c4a5a1b09ea9 C:\Program Files (x86)\Last.fm\ext_skypenotify.dll
<unsigned> MD5: a4c3b8774098ce432eedd70d9b4a4c62 C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll
<unsigned> MD5: 304d8a289d246822dce4ce15da2f6f4c C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll
<unsigned> MD5: efce9d5f818531680289356155e97ab2 C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll
<unsigned> MD5: 353837c897350fb7ae3fbe18c9a5cad6 C:\Program Files (x86)\Last.fm\LastFM.exe
<unsigned> MD5: 885e73784fe7509f72d605b62a0d8394 C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
<unsigned> MD5: 4a5a49949b2a4b9154d9c31f5e1c1b9d C:\Program Files (x86)\Last.fm\LastFmTools1.dll
<unsigned> MD5: 9b24ef636d2dea8f55dbd443251bdecf C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
<unsigned> MD5: 4c8a880eabc0b4d462cc4b2472116ea1 C:\Program Files (x86)\Last.fm\Microsoft.VC80.CRT\msvcp80.dll
<unsigned> MD5: e4fece18310e23b1d8fee993e35e7a6f C:\Program Files (x86)\Last.fm\Microsoft.VC80.CRT\msvcr80.dll
<unsigned> MD5: 4a50310a052412c12fd1dd04f13ee493 C:\Program Files (x86)\Last.fm\Moose1.dll
<unsigned> MD5: bbd5f81c6bbc1fb47ec1be6cd03807d2 C:\Program Files (x86)\Last.fm\QtCore4.dll
<unsigned> MD5: 99474aee8ca74ef85ec77e446a5d4ab4 C:\Program Files (x86)\Last.fm\QtGui4.dll
<unsigned> MD5: f151e8e0c8371dd88c9bfc9f469470ed C:\Program Files (x86)\Last.fm\QtNetwork4.dll
<unsigned> MD5: 0dacd51c27d8ecc279479a3354eb7d42 C:\Program Files (x86)\Last.fm\QtSql4.dll
<unsigned> MD5: abf7ac83769d1396cacf2659f4fb0f85 C:\Program Files (x86)\Last.fm\QtXml4.dll
<unsigned> MD5: 4dc7f4acd7fe15df53a10041cbc2caca C:\Program Files (x86)\Last.fm\srv_httpinput.dll
<unsigned> MD5: 2234c0673c6c0211e4f5de15240803ff C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
<unsigned> MD5: f7f5f3948ec107e173567e97f9b30d61 C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
<unsigned> MD5: 4efaa53c545f4ffb1ee0ed1709c15ea7 C:\Program Files (x86)\Last.fm\zlibwapi.dll
<unsigned> MD5: 73af5773bf5627fe771bf6809ec839f9 C:\Program Files (x86)\Mumble\iconv.dll
<unsigned> MD5: 901cc55fea600a14e4ebf4205d5f5ace C:\Program Files (x86)\Mumble\libxml2.dll
<unsigned> MD5: c7d4d685a0af2a09cbc21cb474358595 C:\Program Files (x86)\Mumble\zlib1.dll
<unsigned> MD5: eb21a4f28e4135498b3ce981883a0a44 C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
<unsigned> MD5: 295f3f6856b4e75444039227d001b9cd C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: e2177dfefe6dba82e13a66f1bcbce56b C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 18bf2d5cb7e6a979b61a9ac0f05bff26 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 43cf388dab66e46f5f2231ae8bb7089a C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files (x86)\QuickTime\QTTask.exe
<unsigned> MD5: de9af41a7e0ad0dd7f83a5bc88d50d0f C:\Temp\jna1235153747772253949.tmp
<unsigned> MD5: d955d5de998db2476bf0892be3a96c26 C:\Windows\SysWOW64\o2flash.exe
<unsigned> MD5: 5a5cff37f1bd0f86b9bdaad7a9445882 C:\Windows\WindowsShell.Manifest


No file uploaded.

Scan finished - communication took 7 sec
Total traffic - 0.06 MB sent, 1.51 KB recvd
Scanned 603 files and modules - 30 seconds





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users