Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please hep me remove Trojans!


  • This topic is locked This topic is locked
9 replies to this topic

#1 Shohane

Shohane

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 12 March 2010 - 06:52 PM

My Facebook account was hacked after I clicked on a bogus link, and my computer was infected with viruses, including Trojans... Could you please help me remove those malwares?

DDS log:

DDS (Ver_09-12-01.01) - NTFSX64
Run by GRYFFINDOR at 12:48:37.11 on Thu 03/11/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2028 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\CNYHKey.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\GRYFFINDOR\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ModLedKey.exe
C:\Windows\SysWOW64\conime.exe
C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\GRYFFINDOR\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uWindow Title = Internet Explorer
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0309&m=dx4200-09
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files (x86)\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files (x86)\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files (x86)\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\gryffindor\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [Smart Copy] "c:\program files (x86)\ioi\smart copy\ButtonMonitor.exe" -A
mRun: [eRecoveryService]
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\gryffi~1\appdata\roaming\mozilla\firefox\profiles\3nsqfl1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files (x86)\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\components\MozillaDownload.dll
FF - component: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\users\gryffindor\appdata\roaming\mozilla\firefox\profiles\3nsqfl1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\gryffindor\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\gryffindor\netscape6\nppl3260.dll
FF - plugin: c:\users\gryffindor\netscape6\nprjplug.dll
FF - plugin: c:\users\gryffindor\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvta;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSva.sys [2009-11-22 27144]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2009-11-22 201928]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-7 69152]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2009-11-22 29976]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-8-23 422920]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-8-23 34248]
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-8-23 470024]
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2009-11-22 906520]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2009-11-22 285392]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2009-11-22 2304192]
R2 ETService;Empowering Technology Service;c:\program files\gateway\gateway recovery management\service\ETService.exe [2009-3-23 24576]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 32888]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 800624]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-3-9 1153368]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 AVGIDSDrivervta;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_vista64\AVGIDSDriver.sys [2009-11-22 132616]
R3 AVGIDSFiltervta;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_vista64\AVGIDSFilter.sys [2009-11-22 35848]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-10-14 44664]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2008-8-5 392192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-22 5832712]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-3 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-5-27 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2005-4-13 30720]
S3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [2010-3-10 445640]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-03-10 20:46:10 0 d-----w- c:\programdata\Kaspersky SDK
2010-03-10 20:41:24 0 d-----w- c:\users\gryffi~1\appdata\roaming\CheckPoint
2010-03-10 20:41:23 0 d-----w- c:\users\gryffi~1\appdata\roaming\MailFrontier
2010-03-10 20:35:04 80 ----a-w- c:\windows\syswow64\ibfl.dat
2010-03-10 20:35:04 144 ----a-w- c:\windows\syswow64\pdfl.dat
2010-03-10 20:35:04 144 ----a-w- c:\windows\syswow64\lkfl.dat
2010-03-10 20:34:57 0 d-----w- c:\program files\CheckPoint
2010-03-10 20:34:27 72584 ----a-w- c:\windows\zllsputility.exe
2010-03-10 20:34:24 157712 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-03-10 20:31:38 440520 ------w- c:\windows\system32\drivers\vsdatant.sys
2010-03-10 20:31:37 0 d-----w- c:\program files (x86)\Zone Labs
2010-03-10 20:31:06 0 d-----w- c:\programdata\CheckPoint
2010-03-10 20:31:05 620936 ----a-w- c:\windows\syswow64\vsutil.dll
2010-03-10 20:31:05 227720 ----a-w- c:\windows\syswow64\vsinit.dll
2010-03-10 20:31:05 0 d-----w- c:\windows\Internet Logs
2010-03-10 19:26:26 31648712 ----a-w- c:\windows\syswow64\MRT.exe
2010-03-10 18:27:09 0 d-----w- c:\program files (x86)\ESET
2010-03-10 18:06:20 0 d-----w- C:\ie-spyad_zo
2010-03-10 17:19:17 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 17:19:17 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-03-10 17:19:15 620032 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 17:19:14 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 17:19:14 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-03-10 17:18:35 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-03-10 04:32:50 0 d-----w- c:\program files (x86)\SpywareBlaster
2010-03-10 04:19:18 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-10 04:19:18 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-03-08 04:02:53 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-08 04:00:41 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-08 04:00:27 0 d-----w- c:\program files (x86)\Lavasoft
2010-03-07 08:32:16 0 d-----w- c:\program files (x86)\Trend Micro
2010-03-07 05:20:40 0 d-----w- c:\users\gryffi~1\appdata\roaming\AVG8
2010-03-03 20:03:43 193 ----a-w- c:\windows\devqdat7417.dat
2010-03-03 20:02:32 0 d-----w- c:\program files (x86)\Genius 2000
2010-02-24 16:50:15 726528 ----a-w- c:\windows\syswow64\jscript.dll
2010-02-24 16:50:11 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-02-24 16:50:11 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 16:47:45 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 16:47:45 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-02-24 16:47:45 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 16:47:45 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-02-24 16:47:44 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-02-24 16:47:44 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-10 16:25:29 453632 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 16:25:29 142336 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 16:25:13 273408 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:25:13 135168 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 16:24:59 1425480 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 16:24:58 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 16:24:34 4698184 ----a-w- c:\windows\system32\ntoskrnl.exe

==================== Find3M ====================

2010-03-10 20:35:50 423563 ----a-w- c:\windows\system32\drivers\vsconfig.xml
2010-03-10 20:32:35 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-03-10 20:32:35 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-10 20:32:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-07 00:08:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:10:22 538624 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:10:03 539136 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:08:59 460288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\syswow64\msdrm.dll
2010-01-25 08:29:35 413696 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:29:31 600576 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:29:31 409600 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:29:28 599552 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:20 526336 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-02 07:08:29 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 07:03:21 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 07:03:21 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-02 06:38:04 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-02 06:36:10 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-01-02 06:33:34 5942784 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-02 06:33:32 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-01-02 06:33:32 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-02 06:32:51 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-01-02 06:32:33 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-01-02 06:32:33 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-01-02 06:32:32 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-01-02 06:32:32 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-01-02 06:32:32 11070464 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-02 06:32:26 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-02 05:25:39 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-02 04:57:00 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-01-02 04:56:50 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-01-02 04:56:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-12-17 22:14:09 153376 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-17 22:14:08 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-17 22:14:06 145184 ----a-w- c:\windows\syswow64\java.exe
2009-12-17 22:14:00 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-10-28 14:29:57 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-11 18:04:42 716 ----a-w- c:\program files (x86)\CinemasterVideo.4.3.manifest
2009-10-11 18:04:42 572 ----a-w- c:\program files (x86)\CinemasterAudio.4.3.manifest
2009-10-11 18:04:42 23558 ----a-w- c:\program files (x86)\freeoffers.ico
2009-10-11 18:04:42 222728 ----a-w- c:\program files (x86)\realplay.exe
2009-10-11 18:04:42 207 ----a-w- c:\program files (x86)\subscription.rnx
2009-10-11 18:04:42 17846 ----a-w- c:\program files (x86)\videotest.rm
2009-10-11 18:04:42 1166 ----a-w- c:\program files (x86)\realplay.exe.manifest
2009-10-11 18:04:39 685 ----a-w- c:\program files (x86)\RecordingManager.exe.manifest
2009-10-11 18:04:39 198208 ----a-w- c:\program files (x86)\RecordingManager.exe
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-22 02:08:11 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 12:51:44.45 ===============



For the GMER, and after it finished, it showed the message: "No system modification was found." The log file is empty.


Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:57 AM

Posted 14 March 2010 - 01:05 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Shohane

Shohane
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 15 March 2010 - 01:57 PM

The problem I'm having: My Facebook account was hacked after I clicked on a bogus link, and my computer was infected with viruses, including Trojans. I scanned my computer with AVG, Housecall, Zone Alarm, Malwarebytes, Ad-aware, and removed everything they found. But some viruses in the REGISTRY can't be removed, so Malwarebytes quarantined them. I doubt my computer is free from virus yet.

Also, I noticed that there's a weird folder being created in "My Documents" which I didn't create by myself: The folder is named "ForceField Shared Files" but contains no files (created on 3/10/10).

And, yesterday, I noticed that my Facebook account has become a fan of an event on Facebook which I didn't join myself (normally, when someone on FB invited me to an event, I had to click "accept" or "decline". In this case, I didn't perform any action. I got an email notification saying I was invited on 3/13, and on 3/14 when I checked, my account was already a fan...). I just changed my FB password again.


OTL logfile created on: 3/15/2010 2:21:09 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\GRYFFINDOR\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 453.78 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRYFFINDOR-PC
Current User Name: GRYFFINDOR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/15 14:20:25 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\GRYFFINDOR\Desktop\OTL.exe
PRC - [2010/03/11 20:45:58 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/03/11 20:45:48 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/11 20:45:12 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2010/03/11 20:45:10 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/03/11 20:45:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/08 00:02:09 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/08 00:02:08 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/25 22:53:37 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Users\GRYFFINDOR\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2009/10/17 01:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/10/17 01:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/05/25 10:22:44 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/05/21 18:36:36 | 000,053,248 | ---- | M] (IOI) -- C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
PRC - [2008/04/23 20:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 17:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2010/03/15 14:20:25 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\GRYFFINDOR\Desktop\OTL.exe
MOD - [2009/11/22 22:27:33 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/11/22 22:27:33 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2009/10/14 09:30:06 | 000,546,160 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\AK\icsak.dll
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/14 09:30:58 | 000,800,624 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/07/22 10:12:08 | 000,902,656 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 23:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2006/11/02 07:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010/03/11 20:45:48 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/11 20:45:42 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/11 20:45:12 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/03/11 20:45:10 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/08 00:02:08 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/17 01:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/11 13:48:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/11 20:45:57 | 000,316,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/03/11 20:45:54 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/11 20:45:44 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\AVGIDSva.sys -- (AVGIDSErHrvta)
DRV:64bit: - [2010/03/11 20:45:10 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/03/11 20:45:06 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/02/04 11:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/11/22 22:28:19 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2009/10/17 01:41:16 | 000,445,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV:64bit: - [2009/10/17 01:41:14 | 000,440,520 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/14 09:30:04 | 000,044,664 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2009/10/14 09:30:04 | 000,032,888 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2009/10/12 19:15:26 | 000,351,248 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/12 19:15:26 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2008/08/12 20:13:23 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/08/05 04:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/07/22 10:58:24 | 004,647,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/06/05 22:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/04/27 21:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/05 02:22:34 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2005/04/13 16:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0801.sys -- (tap0801)
DRV - [2010/03/11 20:45:44 | 000,132,616 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys -- (AVGIDSDrivervta)
DRV - [2010/03/11 20:45:44 | 000,035,848 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys -- (AVGIDSFiltervta)
DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=dx4200-09
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=dx4200-09


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/03/12 12:37:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\browserrecord\firefox\ext [2009/10/11 14:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/24 19:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/03/10 16:35:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/12 14:17:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/12 14:17:22 | 000,000,000 | ---D | M]

[2009/05/29 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\GRYFFINDOR\AppData\Roaming\Mozilla\Extensions
[2010/03/12 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\GRYFFINDOR\AppData\Roaming\Mozilla\Firefox\Profiles\3nsqfl1s.default\extensions
[2009/07/02 14:41:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\GRYFFINDOR\AppData\Roaming\Mozilla\Firefox\Profiles\3nsqfl1s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/22 23:07:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\GRYFFINDOR\AppData\Roaming\Mozilla\Firefox\Profiles\3nsqfl1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/19 17:05:14 | 000,000,000 | ---D | M] (Leet Key) -- C:\Users\GRYFFINDOR\AppData\Roaming\Mozilla\Firefox\Profiles\3nsqfl1s.default\extensions\{3335F91D-2AEF-4097-B831-C96C60349822}
[2009/10/01 14:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GRYFFINDOR\AppData\Roaming\Mozilla\Firefox\Profiles\3nsqfl1s.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/03/10 23:01:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\GRYFFINDOR\AppData\Roaming\Mozilla\Firefox\Profiles\3nsqfl1s.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/28 00:45:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/09/20 17:47:32 | 000,000,000 | ---D | M] (SeekService) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{86009AEF-9162-4EBC-B698-FF71D7B6B049}
[2009/10/03 18:08:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\staff@hide-my-ip.com

O1 HOSTS File: ([2010/03/10 00:42:48 | 000,380,280 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13103 more lines...
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4221045842-1290476964-3013962497-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 14:20:22 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\GRYFFINDOR\Desktop\OTL.exe
[2010/03/14 01:30:36 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/12 21:10:14 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\AppData\Local\Adobe
[2010/03/12 15:16:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/11 20:45:55 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/10 16:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky SDK
[2010/03/10 16:41:31 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\Documents\ForceField Shared Files
[2010/03/10 16:41:24 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\AppData\Roaming\CheckPoint
[2010/03/10 16:41:23 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\AppData\Roaming\MailFrontier
[2010/03/10 16:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/03/10 16:34:27 | 000,072,584 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\zllsputility.exe
[2010/03/10 16:34:24 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kl1.sys
[2010/03/10 16:34:19 | 000,351,248 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/03/10 16:33:55 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010/03/10 16:33:45 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010/03/10 16:33:45 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010/03/10 16:33:39 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010/03/10 16:33:37 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010/03/10 16:33:36 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010/03/10 16:33:36 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/03/10 16:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/03/10 16:33:11 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010/03/10 16:33:09 | 000,445,640 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys
[2010/03/10 16:33:09 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010/03/10 16:31:38 | 000,440,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010/03/10 16:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/03/10 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/03/10 16:31:05 | 000,620,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010/03/10 16:31:05 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010/03/10 16:31:05 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/03/10 15:26:26 | 031,648,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2010/03/10 14:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/03/10 14:09:30 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\AppData\Roaming\Opera
[2010/03/10 14:09:30 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\AppData\Local\Opera
[2010/03/10 14:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/03/10 14:06:20 | 000,000,000 | ---D | C] -- C:\ie-spyad_zo
[2010/03/10 14:05:54 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\Desktop\hosts
[2010/03/10 13:19:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/10 13:19:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/10 13:19:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/10 13:19:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/10 13:18:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/03/10 00:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/03/10 00:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/10 00:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/03/08 00:02:53 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/03/08 00:00:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/08 00:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/03/07 23:11:26 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\AppData\Roaming\vlc
[2010/03/07 04:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/07 01:20:40 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\AppData\Roaming\AVG8
[2010/03/07 01:20:02 | 002,180,256 | ---- | C] (Trend Micro) -- C:\Users\GRYFFINDOR\Desktop\HousecallLauncher64.exe
[2010/03/03 16:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Genius 2000
[2010/03/02 20:11:36 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\GRYFFINDOR\Desktop\ATF-Cleaner.exe
[2010/02/28 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\GRYFFINDOR\Documents\avatars
[2010/02/24 12:50:15 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/24 12:50:15 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/24 12:49:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/24 12:49:50 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/24 12:49:48 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 12:49:46 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/24 12:49:45 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 12:49:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 12:49:45 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 12:49:44 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 12:49:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/24 12:49:42 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/24 12:49:42 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/24 12:49:42 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/24 12:49:42 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/24 12:49:42 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/24 12:49:42 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 12:49:42 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/24 12:49:42 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/24 12:49:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/24 12:47:45 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/24 12:47:45 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/24 12:47:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/24 12:47:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/24 12:47:44 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/24 12:47:44 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/19 19:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2009/10/11 14:05:25 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\wmdmhelper.dll
[2009/10/11 14:05:23 | 000,712,704 | ---- | C] ( ) -- C:\Program Files (x86)\dtdr3260.dll
[2009/10/11 14:05:22 | 000,352,256 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjdlg.dll
[2009/10/11 14:05:22 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files (x86)\DUNZIP32.dll
[2009/10/11 14:05:22 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjprog.dll
[2009/10/11 14:05:21 | 000,651,264 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjbres.dll
[2009/10/11 14:05:21 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\ierjplug.dll
[2009/10/11 14:05:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\fixrjb.exe
[2009/10/11 14:05:20 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\tsasdk.dll
[2009/10/11 14:05:20 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\tpasdk.dll
[2009/10/11 14:05:20 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\mmcdda32.dll
[2009/10/11 14:05:20 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\tnetdtct.dll
[2009/10/11 14:05:16 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpwa3260.dll
[2009/10/11 14:05:15 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpshellsearch.dll
[2009/10/11 14:05:14 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dbghelp.dll
[2009/10/11 14:05:14 | 000,329,312 | ---- | C] (RealPlayer) -- C:\Program Files (x86)\rpbrowserrecordplugin.dll
[2009/10/11 14:05:14 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rjwmapln.dll
[2009/10/11 14:05:10 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpau3260.dll
[2009/10/11 14:05:04 | 000,112,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rdsf3260.dll
[2009/10/11 14:05:04 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpplugprot.dll
[2009/10/11 14:05:04 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rpshell.dll
[2009/10/11 14:05:02 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\rphelperapp.exe
[2009/10/11 14:05:02 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\realjbox.exe
[2009/10/11 14:04:42 | 000,222,728 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\realplay.exe
[2009/10/11 14:04:39 | 000,198,208 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RecordingManager.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/15 14:23:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/15 14:21:10 | 007,602,176 | -HS- | M] () -- C:\Users\GRYFFINDOR\NTUSER.DAT
[2010/03/15 14:20:25 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\GRYFFINDOR\Desktop\OTL.exe
[2010/03/15 13:58:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4221045842-1290476964-3013962497-1000UA.job
[2010/03/15 13:17:56 | 000,033,255 | ---- | M] () -- C:\Users\GRYFFINDOR\Documents\27202_622066468642_199102190_35525568_1254283_n.jpg
[2010/03/15 13:15:56 | 000,033,010 | ---- | M] () -- C:\Users\GRYFFINDOR\Documents\27202_622066563452_199102190_35525570_4540767_n.jpg
[2010/03/15 13:14:59 | 000,035,969 | ---- | M] () -- C:\Users\GRYFFINDOR\Documents\27202_622066488602_199102190_35525569_4367974_n.jpg
[2010/03/15 12:57:41 | 057,165,126 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/03/15 12:56:50 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/15 12:56:50 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/15 12:56:50 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/15 12:52:29 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2010/03/15 12:52:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/03/15 12:51:48 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/15 12:51:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/15 12:51:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/15 12:51:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/15 12:51:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/15 12:51:18 | 4025,671,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 01:57:50 | 000,524,288 | -HS- | M] () -- C:\Users\GRYFFINDOR\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 01:57:50 | 000,065,536 | -HS- | M] () -- C:\Users\GRYFFINDOR\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/15 01:57:39 | 003,016,409 | -H-- | M] () -- C:\Users\GRYFFINDOR\AppData\Local\IconCache.db
[2010/03/15 01:37:39 | 000,000,000 | ---- | M] () -- C:\Users\GRYFFINDOR\AppData\Local\prvlcl.dat
[2010/03/15 00:41:47 | 007,157,760 | ---- | M] () -- C:\Users\GRYFFINDOR\Documents\Never_Ending_Dream.mp3
[2010/03/14 21:58:03 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4221045842-1290476964-3013962497-1000Core.job
[2010/03/14 19:53:26 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/12 19:35:43 | 000,000,000 | ---- | M] () -- C:\Users\GRYFFINDOR\defogger_reenable
[2010/03/12 19:35:13 | 000,050,477 | ---- | M] () -- C:\Users\GRYFFINDOR\Desktop\Defogger.exe
[2010/03/12 18:44:45 | 000,571,446 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/03/11 20:45:57 | 000,316,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/03/11 20:45:55 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/11 20:45:54 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/03/11 20:45:44 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSva.sys
[2010/03/11 20:45:10 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/03/11 20:45:06 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/03/11 13:47:25 | 000,524,288 | ---- | M] () -- C:\Users\GRYFFINDOR\Desktop\dds.scr
[2010/03/10 16:35:50 | 000,423,563 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/03/10 16:35:04 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\lkfl.dat
[2010/03/10 16:35:04 | 000,000,080 | ---- | M] () -- C:\Windows\SysWow64\ibfl.dat
[2010/03/10 16:34:30 | 000,000,863 | ---- | M] () -- C:\Users\GRYFFINDOR\Desktop\ZoneAlarm Security.lnk
[2010/03/10 14:09:10 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/03/10 14:07:04 | 000,207,872 | ---- | M] (Funkytoad.com) -- C:\Users\GRYFFINDOR\Desktop\ZonedOut.exe
[2010/03/10 00:42:48 | 000,380,280 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/10 00:32:52 | 000,000,804 | ---- | M] () -- C:\Users\GRYFFINDOR\Desktop\SpywareBlaster.lnk
[2010/03/10 00:19:25 | 000,001,059 | ---- | M] () -- C:\Users\GRYFFINDOR\Desktop\Spybot.lnk
[2010/03/09 12:06:38 | 000,001,890 | ---- | M] () -- C:\Users\GRYFFINDOR\Desktop\HijackThis.lnk
[2010/03/09 11:35:05 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010/03/08 00:00:37 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/07 23:10:19 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC player.lnk
[2010/03/07 01:20:49 | 000,000,036 | ---- | M] () -- C:\Users\GRYFFINDOR\AppData\Local\housecall.guid.cache
[2010/03/07 01:20:14 | 002,180,256 | ---- | M] (Trend Micro) -- C:\Users\GRYFFINDOR\Desktop\HousecallLauncher64.exe
[2010/03/06 22:58:19 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/06 20:08:59 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/03/04 13:37:22 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/03/03 17:03:01 | 000,000,193 | ---- | M] () -- C:\Windows\devqdat7417.dat
[2010/03/02 20:11:37 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\GRYFFINDOR\Desktop\ATF-Cleaner.exe
[2010/03/01 22:30:14 | 031,648,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2010/02/27 20:01:42 | 000,053,235 | ---- | M] () -- C:\Users\GRYFFINDOR\Documents\wall.jpg
[2010/02/24 15:45:47 | 000,082,448 | ---- | M] () -- C:\Users\GRYFFINDOR\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 15:45:13 | 003,180,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/21 20:32:04 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/20 19:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 19:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 19:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 19:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/02/19 19:01:26 | 000,006,464 | -HS- | M] () -- C:\Users\GRYFFINDOR\Documents\Folder.jpg
[2010/02/19 19:01:26 | 000,006,464 | -HS- | M] () -- C:\Users\GRYFFINDOR\Documents\AlbumArt_{2293E84F-61E1-4686-9349-A2FA14D95F6B}_Large.jpg
[2010/02/19 19:01:26 | 000,002,002 | -HS- | M] () -- C:\Users\GRYFFINDOR\Documents\AlbumArtSmall.jpg
[2010/02/19 19:01:26 | 000,002,002 | -HS- | M] () -- C:\Users\GRYFFINDOR\Documents\AlbumArt_{2293E84F-61E1-4686-9349-A2FA14D95F6B}_Small.jpg
[2010/02/19 14:15:20 | 000,138,036 | ---- | M] () -- C:\Users\GRYFFINDOR\Documents\ACP Information.pdf
[2010/02/15 14:13:59 | 000,041,382 | ---- | M] () -- C:\Users\GRYFFINDOR\Documents\Credit Request.pdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/15 13:17:56 | 000,033,255 | ---- | C] () -- C:\Users\GRYFFINDOR\Documents\27202_622066468642_199102190_35525568_1254283_n.jpg
[2010/03/15 13:15:56 | 000,033,010 | ---- | C] () -- C:\Users\GRYFFINDOR\Documents\27202_622066563452_199102190_35525570_4540767_n.jpg
[2010/03/15 13:14:59 | 000,035,969 | ---- | C] () -- C:\Users\GRYFFINDOR\Documents\27202_622066488602_199102190_35525569_4367974_n.jpg
[2010/03/15 00:40:48 | 007,157,760 | ---- | C] () -- C:\Users\GRYFFINDOR\Documents\Never_Ending_Dream.mp3
[2010/03/12 19:35:43 | 000,000,000 | ---- | C] () -- C:\Users\GRYFFINDOR\defogger_reenable
[2010/03/12 19:35:12 | 000,050,477 | ---- | C] () -- C:\Users\GRYFFINDOR\Desktop\Defogger.exe
[2010/03/12 15:34:15 | 4025,671,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/11 13:47:24 | 000,524,288 | ---- | C] () -- C:\Users\GRYFFINDOR\Desktop\dds.scr
[2010/03/10 16:35:04 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2010/03/10 16:35:04 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2010/03/10 16:35:04 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2010/03/10 16:34:30 | 000,000,863 | ---- | C] () -- C:\Users\GRYFFINDOR\Desktop\ZoneAlarm Security.lnk
[2010/03/10 16:33:09 | 000,423,563 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/03/10 14:09:10 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/03/10 00:32:52 | 000,000,804 | ---- | C] () -- C:\Users\GRYFFINDOR\Desktop\SpywareBlaster.lnk
[2010/03/10 00:19:25 | 000,001,059 | ---- | C] () -- C:\Users\GRYFFINDOR\Desktop\Spybot.lnk
[2010/03/09 12:06:38 | 000,001,890 | ---- | C] () -- C:\Users\GRYFFINDOR\Desktop\HijackThis.lnk
[2010/03/08 18:33:50 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\Driver Fetch.job
[2010/03/08 00:00:37 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/07 23:10:19 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC player.lnk
[2010/03/07 01:20:49 | 000,000,036 | ---- | C] () -- C:\Users\GRYFFINDOR\AppData\Local\housecall.guid.cache
[2010/03/06 22:58:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/04 13:37:22 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/03/03 16:03:43 | 000,000,193 | ---- | C] () -- C:\Windows\devqdat7417.dat
[2010/02/27 20:01:41 | 000,053,235 | ---- | C] () -- C:\Users\GRYFFINDOR\Documents\wall.jpg
[2010/02/19 19:01:28 | 000,006,464 | -HS- | C] () -- C:\Users\GRYFFINDOR\Documents\Folder.jpg
[2010/02/19 19:01:28 | 000,006,464 | -HS- | C] () -- C:\Users\GRYFFINDOR\Documents\AlbumArt_{2293E84F-61E1-4686-9349-A2FA14D95F6B}_Large.jpg
[2010/02/19 19:01:28 | 000,002,002 | -HS- | C] () -- C:\Users\GRYFFINDOR\Documents\AlbumArtSmall.jpg
[2010/02/19 19:01:28 | 000,002,002 | -HS- | C] () -- C:\Users\GRYFFINDOR\Documents\AlbumArt_{2293E84F-61E1-4686-9349-A2FA14D95F6B}_Small.jpg
[2010/02/19 14:15:20 | 000,138,036 | ---- | C] () -- C:\Users\GRYFFINDOR\Documents\ACP Information.pdf
[2010/02/15 14:13:59 | 000,041,382 | ---- | C] () -- C:\Users\GRYFFINDOR\Documents\Credit Request.pdf
[2009/10/11 14:05:21 | 000,002,851 | ---- | C] () -- C:\Program Files (x86)\cdroms.cfg
[2009/10/11 14:05:16 | 000,119,808 | ---- | C] () -- C:\Program Files (x86)\waiting.avi
[2009/10/11 14:05:16 | 000,027,278 | ---- | C] () -- C:\Program Files (x86)\frw.bmp
[2009/10/11 14:05:16 | 000,016,296 | ---- | C] () -- C:\Program Files (x86)\realtfon.fon
[2009/10/11 14:05:15 | 000,057,762 | ---- | C] () -- C:\Program Files (x86)\howto.chm
[2009/10/11 14:05:15 | 000,040,154 | ---- | C] () -- C:\Program Files (x86)\realplay.chm
[2009/10/11 14:05:15 | 000,001,209 | ---- | C] () -- C:\Program Files (x86)\flvplay.swf
[2009/10/11 14:05:10 | 000,053,098 | ---- | C] () -- C:\Program Files (x86)\presets.rnx
[2009/10/11 14:05:10 | 000,046,250 | ---- | C] () -- C:\Program Files (x86)\RealNetworks License.html
[2009/10/11 14:05:10 | 000,046,250 | ---- | C] () -- C:\Program Files (x86)\playrlic.html
[2009/10/11 14:05:10 | 000,043,841 | ---- | C] () -- C:\Program Files (x86)\RealNetworks License.txt
[2009/10/11 14:05:10 | 000,043,841 | ---- | C] () -- C:\Program Files (x86)\playrlic.txt
[2009/10/11 14:05:09 | 000,000,480 | ---- | C] () -- C:\Program Files (x86)\keys.dat
[2009/10/11 14:05:07 | 000,803,361 | ---- | C] () -- C:\Program Files (x86)\normal.vs
[2009/10/11 14:05:07 | 000,061,495 | ---- | C] () -- C:\Program Files (x86)\ssimages.vs
[2009/10/11 14:05:05 | 000,102,400 | ---- | C] () -- C:\Program Files (x86)\HXAudioDeviceHook.dll
[2009/10/11 14:05:04 | 000,001,030 | ---- | C] () -- C:\Program Files (x86)\autoplaylist.dat
[2009/10/11 14:05:04 | 000,000,050 | ---- | C] () -- C:\Program Files (x86)\strs23.dat
[2009/10/11 14:05:04 | 000,000,013 | ---- | C] () -- C:\Program Files (x86)\strs26.dat
[2009/10/11 14:04:42 | 000,023,558 | ---- | C] () -- C:\Program Files (x86)\freeoffers.ico
[2009/10/11 14:04:42 | 000,017,846 | ---- | C] () -- C:\Program Files (x86)\videotest.rm
[2009/10/11 14:04:42 | 000,001,166 | ---- | C] () -- C:\Program Files (x86)\realplay.exe.manifest
[2009/10/11 14:04:42 | 000,000,716 | ---- | C] () -- C:\Program Files (x86)\CinemasterVideo.4.3.manifest
[2009/10/11 14:04:42 | 000,000,572 | ---- | C] () -- C:\Program Files (x86)\CinemasterAudio.4.3.manifest
[2009/10/11 14:04:42 | 000,000,207 | ---- | C] () -- C:\Program Files (x86)\subscription.rnx
[2009/10/11 14:04:39 | 000,000,685 | ---- | C] () -- C:\Program Files (x86)\RecordingManager.exe.manifest
[2009/09/03 01:04:51 | 000,000,000 | ---- | C] () -- C:\Users\GRYFFINDOR\AppData\Local\prvlcl.dat
[2009/05/28 16:11:22 | 000,035,328 | ---- | C] () -- C:\Users\GRYFFINDOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/27 18:05:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/27 18:05:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/23 04:32:46 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2009/03/23 04:32:45 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7AA25E8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >





OTL Extras logfile created on: 3/15/2010 2:21:09 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\GRYFFINDOR\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 453.78 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRYFFINDOR-PC
Current User Name: GRYFFINDOR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4221045842-1290476964-3013962497-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 0B EF 68 EC 19 DF C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EE59C7-E4A0-4547-89D4-43B0F96EFB15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2006288B-DA67-47B4-A7FE-4F9E8FEE7F75}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3405944B-F492-4ED2-A668-E922758EB095}" = lport=10243 | protocol=6 | dir=in | app=system |
"{413E5003-F394-4DA7-B042-4017F125F43F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{50AECF05-353D-44BD-B840-7C9E1EFD331F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91B4F085-980F-4F55-A9D3-012A3726742D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2FDDFFA-FE6F-4E9B-B410-96FD318AE650}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEFEDDDA-D1D5-4DC8-BB3C-3BB229A741AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F263383B-441E-499B-B8A3-D813CF313C0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A818995-FBBA-4B3C-BAC5-5A8863E1BFF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27273ABA-F7F1-486A-A10E-2C688F740839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{336E837D-56D9-4921-B5EF-67B9A1F3A5EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CB49050-8CA5-4B75-BFF0-12D6B3FA3B17}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5613157B-4334-42ED-8DAC-06AD5155E517}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{59A48C4A-701F-48C2-931F-36A689AE5804}" = protocol=6 | dir=out | app=system |
"{5DB07F0B-C85A-44E6-BB37-55948DFC3DE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6355A5BB-CB38-4FCB-85EE-D8FA753BA1C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{680EEA55-2870-4162-B6D9-216A7B3176C3}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6FA5038F-9D55-4EE0-A064-323A3E7611CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{700444E8-3E26-43DA-BDBF-B3C7568F0247}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7525E06C-A32F-4D32-9AA4-771E48463BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{854FD21F-048A-4686-8755-749A46DDBC88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99C41811-2030-4441-B8DF-7E7EEDF95AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{99C6913A-D38D-43F1-98B2-A735875E4188}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{9AD0E698-D05D-4C70-9AF2-B1619672278A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9CC82790-CB74-43AE-A49E-CAB72B1D1219}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A490E25E-C0D4-468C-B775-A4D63E10C249}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B12EC5D8-A38D-4BC9-B992-950E14E0543B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0C7FA28-2341-4A37-B300-9F83878D0714}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8B3AB9F-33E8-4AA2-B530-19A236F04C1F}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{CD370157-2C35-48C6-8747-AEDBA3D3B510}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2762AA5-CF50-4488-A8A1-2D09E5AC5693}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{D28CEA8A-4AA8-4DAD-854E-C4D5DB980477}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{D2924E90-7A3A-4784-A624-DF4556480B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DD7F6150-7FE4-479D-869F-BB634D8E7B41}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA351AA0-CD99-4C02-AA4D-EACA8A7FB197}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA713BD8-C565-4692-99A1-DCC9C362BE46}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{FBEB73E9-5879-4277-BE9E-72CFCB03C2AF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{035AE854-1752-4E78-9A18-AB68F554EADB}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{1EF6DA8E-5C2E-4F96-A495-01753F14B26F}C:\users\gryffindor\realplay.exe" = protocol=6 | dir=in | app=c:\users\gryffindor\realplay.exe |
"TCP Query User{55ECAFFD-2E04-4877-9A0F-731A6DD6A5D9}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{B4B66584-BDE4-4D2A-836D-757A8CEB814E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3E39D495-9B25-4FD7-AA87-5EE0A92B98F6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3F91A155-5468-4570-B7C2-FD1F3ED36ADB}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{995E37DC-20E4-48A4-9AED-193776D6686E}C:\users\gryffindor\realplay.exe" = protocol=17 | dir=in | app=c:\users\gryffindor\realplay.exe |
"UDP Query User{F48226B6-A1E1-4941-911B-B0D86E103F07}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6361EA0C-499F-40C0-6924-A8D974784908}" = ccc-utility64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{816EB8D3-C431-5997-8A7B-99EED8D88C99}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0204009C-53D7-67E6-6631-62A1DBD66BCA}" = Catalyst Control Center Localization German
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4
"{14911AD7-62FA-2DF7-961A-314786398DDD}" = Catalyst Control Center Localization Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18960408-D04F-61BB-802E-13851583716E}" = CCC Help French
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1FF2E7A9-824F-8B73-6332-C9DD19B08A67}" = CCC Help Finnish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23638DF5-41EF-7AEC-8AEB-2C7B4A298D05}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{26D08718-801F-2F78-B5DC-78D50714AA95}" = Catalyst Control Center Localization French
"{2B462A9D-286B-0A4F-6FB8-E71B39AB3978}" = Catalyst Control Center Localization Spanish
"{2D38E148-989C-9E77-E655-328FE0726761}" = Catalyst Control Center Localization Finnish
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}" = Opera 10.50
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{3770179C-38F3-A941-643C-5790E78D80C7}" = Skins
"{482020CC-FEF7-9392-69F0-6C6F26FD7BCD}" = Catalyst Control Center Localization Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D19B0D8-896C-96AE-27B2-98B8B3997EBD}" = Catalyst Control Center Graphics Light
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5ADE38D8-1B9C-6F79-C88F-A84B01E4175C}" = CCC Help Dutch
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{600494AA-0E7B-6F10-9426-AFF9914CA403}" = Catalyst Control Center Graphics Full New
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68C96BC9-EB2A-C0F1-0BAE-8E7FACD1CC52}" = Catalyst Control Center Core Implementation
"{69897DB3-8AA0-AB8B-C41F-5F18CE08DD10}" = CCC Help German
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BBEF4EB-4996-3B90-1F79-0CED09C781F5}" = Catalyst Control Center Localization Swedish
"{7C95F789-0941-CBF8-A906-507E1F938B23}" = Catalyst Control Center Localization Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9D05E935-B635-73BC-1320-80496C7EC481}" = CCC Help English
"{9DE36FF9-B4DC-76E5-DE1A-D940D5BB1E83}" = CCC Help Danish
"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B3920458-4EA6-A26B-7621-AB086AC4086D}" = CCC Help Spanish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7BC1735-B009-2946-AA94-2A60190616BE}" = Catalyst Control Center Localization Norwegian
"{B8CCF37C-4C5D-0B17-1472-FEDB3D88F9E8}" = CCC Help Japanese
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9D218EA-982B-53A2-BEEA-EF4C08DDD3DB}" = Catalyst Control Center Localization Italian
"{BB034FA9-BC86-7231-4618-B30918CD43F7}" = CCC Help Swedish
"{BE709AB0-E637-D304-F30C-B4B84F496DA7}" = ccc-core-static
"{C1E7BB59-E1BE-CC2F-32B8-F0EAB1322BC4}" = CCC Help Italian
"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw
"{C55C9458-6FAA-0DA2-3F35-CAD71AA13A89}" = Catalyst Control Center Graphics Full Existing
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB1F488E-AB5E-DB3A-A144-51802C2B0041}" = Catalyst Control Center Graphics Previews Vista
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Absolute MP3 Splitter_is1" = Absolute MP3 Splitter version 2.8.7
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4
"AVG9Uninstall" = AVG 9.0
"Chopper_is1" = Chopper XP 2.7
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ffdshow" = ffdshow (remove only)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"RealPlayer 12.0" = RealPlayer
"Smart Copy" = Smart Copy 3.1.1.1
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"Vpskeys_is1" = Vpskeys 4.3
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4221045842-1290476964-3013962497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2010 3:45:30 PM | Computer Name = GRYFFINDOR-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2010 12:36:26 PM | Computer Name = GRYFFINDOR-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2010 12:37:30 PM | Computer Name = GRYFFINDOR-PC | Source = swg | ID = 1
Description =

Error - 2/25/2010 1:42:13 PM | Computer Name = GRYFFINDOR-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/26/2010 12:03:45 PM | Computer Name = GRYFFINDOR-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/26/2010 12:04:49 PM | Computer Name = GRYFFINDOR-PC | Source = swg | ID = 1
Description =

Error - 2/27/2010 11:46:30 AM | Computer Name = GRYFFINDOR-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2010 7:12:10 PM | Computer Name = GRYFFINDOR-PC | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.1.3533.1731, time
stamp 0x4afc775d, faulting module libexpatw.dll, version 6.0.6002.18005, time stamp
0x49e03824, exception code 0xc0000135, fault offset 0x0006f04e, process id 0xd10,
application start time 0x01cab802469f9f80.

Error - 2/27/2010 7:14:34 PM | Computer Name = GRYFFINDOR-PC | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.1.3533.1731, time
stamp 0x4afc775d, faulting module googleearth.exe, version 5.1.3533.1731, time stamp
0x4afc775d, exception code 0xc0000005, fault offset 0x00004030, process id 0xfd8,
application start time 0x01cab8029dacc780.

Error - 2/27/2010 7:14:40 PM | Computer Name = GRYFFINDOR-PC | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.1.3533.1731, time
stamp 0x4afc775d, faulting module libexpatw.dll, version 6.0.6002.18005, time stamp
0x49e03824, exception code 0xc0000135, fault offset 0x0006f04e, process id 0x1534,
application start time 0x01cab802a2972bf0.

[ System Events ]
Error - 3/13/2010 4:22:19 PM | Computer Name = GRYFFINDOR-PC | Source = BROWSER | ID = 8032
Description =

Error - 3/14/2010 12:20:56 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2010 12:20:56 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2010 12:20:56 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2010 12:20:56 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2010 12:37:09 PM | Computer Name = GRYFFINDOR-PC | Source = BROWSER | ID = 8032
Description =

Error - 3/15/2010 12:52:08 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2010 12:52:08 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2010 12:52:08 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2010 12:52:08 PM | Computer Name = GRYFFINDOR-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >


For the GMER, and after it finished, it showed the message: "GMER found no system modification." The log file is empty.



Edited by Shohane, 15 March 2010 - 02:01 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:57 AM

Posted 15 March 2010 - 02:23 PM

Hello again,

At this point I see no signs of malware on your system. GMER is not running because its not 64 bit compatible.

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Shohane

Shohane
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 16 March 2010 - 03:55 PM

This is the new log:

Malwarebytes' Anti-Malware 1.44
Database version: 3873
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/16/2010 4:53:54 PM
mbam-log-2010-03-16 (16-53-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 286593
Time elapsed: 1 hour(s), 9 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:57 AM

Posted 16 March 2010 - 04:02 PM

QUOTE
But some viruses in the REGISTRY can't be removed, so Malwarebytes quarantined them.
MBAM usually deletes and quarantines. I never once saw MBAM not deleting but only quarantining.

Facebook accounts get hacked everyday. This is not due to malware on your computer in most cases, but rather to using weak passwords or leaving contact information on phishy sites.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Shohane

Shohane
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 17 March 2010 - 02:34 PM

I just ran the scan, and no infected file was found.

Edited by Shohane, 17 March 2010 - 02:35 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:57 AM

Posted 17 March 2010 - 02:44 PM

Hello shohane,
ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Start OTL and click cleanup, follow the prompts and allow a reboot. This will remove the used tools from your computer..
Hiding Hidden Files
Please set your system to hide all hidden files.
  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
  • Check: Hide file extensions for known file types
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Shohane

Shohane
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 19 March 2010 - 12:34 PM

Hi,
I did almost all the steps you showed. Now I'm gonna install more security softwares.
Thanks a lot for your help!

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:57 AM

Posted 19 March 2010 - 12:35 PM

You are welcome smile.gif

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users