Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet redirecting


  • This topic is locked This topic is locked
19 replies to this topic

#1 hammerdown

hammerdown

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 17 June 2010 - 09:18 PM

please help.
with some websites my browser is redirecting me to a random site. i have ran numerous malware/spyware/adware/viris scans and with no prevail. i have run a hijack this and here it is.


C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Prabang\Applets\NGists\NGists.exe
C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MSTBCoreContainer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Update Service (gupdate1c9ed4e8b0062d6) (gupdate1c9ed4e8b0062d6) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

thank you for the help in advance.

Edited by Orange Blossom, 17 June 2010 - 11:23 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:07 AM

Posted 23 June 2010 - 04:44 PM

Hi hammerdown, and welcome to Bleeping Computer.

Firstly,
I suggest you uninstall IObit's Advanced SystemCare 3 - that company stole Malwarebytes’ Intellectual Property

If you decide, use: Start -> Control Panel -> Programs and Features

Secondly,
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Thirdly,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 25 June 2010 - 06:41 AM

OTL logfile created on: 6/25/2010 7:33:43 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Jake\Documents\Downloads
64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.54 Gb Total Space | 53.16 Gb Free Space | 37.82% Space Free | Partition Type: NTFS
Drive D: | 7.74 Mb Total Space | 7.74 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive E: | 465.75 Gb Total Space | 278.44 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 8.51 Gb Total Space | 2.47 Gb Free Space | 29.07% Space Free | Partition Type: NTFS

Computer Name: JAKE-PC
Current User Name: Jake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/25 07:33:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Documents\Downloads\OTL.exe
PRC - [2010/06/24 06:52:01 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/15 16:40:56 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/21 07:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/05/17 13:14:12 | 002,345,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/02 21:00:49 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/01 21:03:18 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/07/08 21:58:05 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2009/06/17 07:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/25 12:31:48 | 000,434,176 | ---- | M] (Prabang) -- C:\Program Files (x86)\Prabang\Applets\NGists\NGists.exe
PRC - [2009/05/06 05:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/06/24 21:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 20:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 20:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/06/06 11:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/03/25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe


========== Modules (SafeList) ==========

MOD - [2010/06/25 07:33:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Documents\Downloads\OTL.exe
MOD - [2008/01/20 22:48:52 | 002,154,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2008/01/20 22:48:35 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2008/01/20 22:48:34 | 000,540,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2008/01/20 22:47:51 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:47:06 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2008/01/20 22:45:55 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/04/24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2006/11/02 05:46:13 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shimeng.dll
MOD - [2006/11/02 05:46:13 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shunimpl.dll
MOD - [2006/11/02 05:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/03/03 00:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2008/01/20 22:45:23 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/15 11:17:04 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/21 07:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/02 21:00:49 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/01 21:03:18 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/06 05:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 20:57:28 | 000,605,464 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/06/06 11:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/09 06:12:58 | 000,051,280 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/03/09 06:12:39 | 000,121,936 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/03/09 06:09:12 | 000,028,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/03/09 06:08:56 | 000,063,568 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/03/09 06:08:33 | 000,022,096 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/03/03 00:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 23:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 10:33:34 | 000,114,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/12/03 20:08:35 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/26 01:05:28 | 000,038,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/16 17:58:25 | 000,711,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/11/16 17:58:25 | 000,081,952 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/11/16 17:58:22 | 000,235,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2009/11/16 17:58:19 | 000,593,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2009/10/25 20:04:22 | 000,068,640 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 16:36:28 | 000,022,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/03 06:21:50 | 000,210,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/06/04 17:59:44 | 000,020,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2008/01/20 22:45:19 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/09/21 04:13:22 | 000,040,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2007/09/21 04:13:08 | 000,056,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/09/21 04:13:02 | 000,054,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/09/21 04:12:42 | 000,035,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/06/25 06:48:12 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/06/25 06:47:59 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/05/02 14:26:04 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/09/28 14:20:43 | 000,089,256 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2009/02/23 01:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2008/03/10 12:40:10 | 000,007,424 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\SED133x.sys -- (SED133x)
DRV - [2008/03/10 12:40:10 | 000,006,400 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\T6963c.sys -- (T6963C)
DRV - [2008/03/10 12:40:10 | 000,005,120 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\LC7981.sys -- (LC7981)
DRV - [2008/03/10 12:40:10 | 000,003,968 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\n3900.sys -- (n3900)
DRV - [2008/03/10 12:40:08 | 000,003,712 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\KS0108.sys -- (KS0108)
DRV - [2007/12/14 02:09:24 | 000,020,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/07/19 13:25:10 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | Disabled | Running] -- C:\Program Files (x86)\GIGABYTE\ET6\atillk64.sys -- (atillk64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: {4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: {12bc3590-67a6-11de-8a39-0800200c9a66}:3.6
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.8
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\ [2010/06/20 09:36:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/24 06:52:02 | 000,000,000 | ---D | M]

[2009/05/03 19:17:21 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions
[2010/06/24 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions
[2010/06/16 06:59:38 | 000,000,000 | ---D | M] (Eclipse) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
[2010/06/16 07:44:57 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/06/16 07:46:28 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/06/16 07:46:08 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2009/11/07 10:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/05/04 10:10:58 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2010/05/10 22:01:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/16 07:45:25 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/06/16 07:02:59 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/16 06:57:12 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/06/22 17:47:12 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/06/11 21:14:14 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\smarterwiki@wikiatic.com
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2009/11/07 10:45:44 | 000,004,554 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\searchplugins\aim-search.xml
[2009/09/28 21:46:40 | 000,002,160 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\searchplugins\MySpace.xml
[2010/06/24 18:48:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/23 08:04:40 | 000,000,000 | ---D | M] (Seekapp) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}
[2010/04/13 21:41:20 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.116.42 85.255.112.169
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3c3e3328-c0a9-11de-b155-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3e3328-c0a9-11de-b155-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{3c3e3328-c0a9-11de-b155-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{be63c05b-45b7-11df-98c5-001fd0813e82}\Shell - "" = AutoRun
O33 - MountPoints2\{be63c05b-45b7-11df-98c5-001fd0813e82}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 23:05:31 | 000,000,000 | ---D | M]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Screaming Bee
[2010/06/22 19:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010/06/20 23:07:38 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\Medal of Honor MP Beta
[2010/06/20 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\LCDSirReal
[2010/06/20 06:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 06:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 06:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/20 06:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/17 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/06/13 19:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2010/06/06 15:41:22 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\borderland extraction
[2010/06/03 22:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010/06/03 22:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Xfire
[2010/06/02 12:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2010/06/01 07:42:53 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Unity
[2010/06/01 07:37:21 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Unity
[2010/05/30 09:27:09 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\SoundSpectrum
[2010/05/30 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundSpectrum
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/25 07:33:54 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/25 07:33:16 | 004,980,736 | -HS- | M] () -- C:\Users\Jake\ntuser.dat
[2010/06/25 06:48:12 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010/06/25 06:48:12 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/06/25 06:48:07 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/06/25 06:47:59 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/06/25 06:47:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/25 06:46:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/25 06:42:49 | 000,524,288 | -HS- | M] () -- C:\Users\Jake\ntuser.dat{d0cf6c81-fdf9-11de-a2d9-001fd0813e82}.TMContainer00000000000000000001.regtrans-ms
[2010/06/25 06:42:49 | 000,065,536 | -HS- | M] () -- C:\Users\Jake\ntuser.dat{d0cf6c81-fdf9-11de-a2d9-001fd0813e82}.TM.blf
[2010/06/25 06:42:30 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/06/25 06:40:20 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/06/25 06:40:05 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/25 06:40:05 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/25 06:40:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/25 06:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/24 23:04:30 | 002,227,796 | -H-- | M] () -- C:\Users\Jake\AppData\Local\IconCache.db
[2010/06/24 21:32:08 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/06/24 21:32:08 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/24 18:42:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EF86144C-9AAF-4390-AC03-F89E27449F5F}.job
[2010/06/24 18:38:04 | 000,115,712 | ---- | M] () -- C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 07:10:51 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/23 22:35:41 | 000,466,348 | ---- | M] () -- C:\Users\Jake\Desktop\theme.png
[2010/06/23 11:41:39 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2010/06/23 08:08:30 | 001,078,913 | ---- | M] () -- C:\Users\Jake\Desktop\chrome.pdn
[2010/06/22 19:37:05 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2010/06/21 20:09:19 | 000,000,670 | ---- | M] () -- C:\Users\Jake\Desktop\SpeedFan.lnk
[2010/06/21 20:09:19 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/06/21 20:03:02 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/20 23:07:29 | 000,000,919 | ---- | M] () -- C:\Users\Jake\Desktop\MoHMPGame - Shortcut.lnk
[2010/06/20 22:02:09 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/06/20 09:38:21 | 000,002,003 | ---- | M] () -- C:\Users\Jake\Desktop\Google Chrome.lnk
[2010/06/20 09:30:21 | 000,011,418 | ---- | M] () -- C:\Users\Jake\Documents\cc_20100620_093014.reg
[2010/06/20 09:20:17 | 004,319,308 | ---- | M] () -- C:\Users\Jake\Documents\cc_20100620_091820.reg
[2010/06/20 09:17:56 | 000,001,684 | ---- | M] () -- C:\Users\Jake\Desktop\CCleaner.lnk
[2010/06/20 06:44:07 | 000,709,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/20 06:44:07 | 000,606,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/20 06:44:07 | 000,107,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/19 22:11:09 | 000,000,791 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/06/18 07:34:07 | 000,000,280 | ---- | M] () -- C:\spare (J) - Shortcut.lnk
[2010/06/17 22:06:00 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2010/06/14 06:33:44 | 000,484,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/13 20:38:11 | 000,001,196 | ---- | M] () -- C:\Users\Jake\Desktop\vH - Shortcut.lnk
[2010/06/13 19:56:17 | 000,165,488 | ---- | M] () -- C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/13 17:04:33 | 000,001,489 | ---- | M] () -- C:\Users\Jake\Desktop\Counter-Strike Source.lnk
[2010/06/03 22:12:41 | 000,000,638 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010/05/27 20:04:46 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/27 20:04:46 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/23 22:35:37 | 000,466,348 | ---- | C] () -- C:\Users\Jake\Desktop\theme.png
[2010/06/23 08:08:29 | 001,078,913 | ---- | C] () -- C:\Users\Jake\Desktop\chrome.pdn
[2010/06/22 19:37:05 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2010/06/21 20:09:19 | 000,000,670 | ---- | C] () -- C:\Users\Jake\Desktop\SpeedFan.lnk
[2010/06/21 20:09:19 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/06/20 23:07:31 | 000,000,919 | ---- | C] () -- C:\Users\Jake\Desktop\MoHMPGame - Shortcut.lnk
[2010/06/20 09:38:21 | 000,002,003 | ---- | C] () -- C:\Users\Jake\Desktop\Google Chrome.lnk
[2010/06/20 09:30:16 | 000,011,418 | ---- | C] () -- C:\Users\Jake\Documents\cc_20100620_093014.reg
[2010/06/20 09:18:23 | 004,319,308 | ---- | C] () -- C:\Users\Jake\Documents\cc_20100620_091820.reg
[2010/06/20 09:17:56 | 000,001,684 | ---- | C] () -- C:\Users\Jake\Desktop\CCleaner.lnk
[2010/06/20 06:14:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/19 22:11:09 | 000,000,791 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/06/18 07:34:07 | 000,000,280 | ---- | C] () -- C:\spare (J) - Shortcut.lnk
[2010/06/13 20:38:13 | 000,001,196 | ---- | C] () -- C:\Users\Jake\Desktop\vH - Shortcut.lnk
[2010/06/13 17:04:33 | 000,001,489 | ---- | C] () -- C:\Users\Jake\Desktop\Counter-Strike Source.lnk
[2010/06/03 22:12:41 | 000,000,638 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010/05/30 09:48:18 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\AWC Update.job
[2010/05/30 09:48:18 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/05/27 20:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/27 20:04:46 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/05/09 12:40:08 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/03/01 08:19:16 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/02/25 00:04:10 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/02/21 20:15:20 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/02/21 20:15:20 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/02/21 20:15:20 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/02/21 20:15:20 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/02/21 20:15:20 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/02/21 20:15:20 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/01/04 11:08:55 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/08/05 08:10:36 | 000,726,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/15 07:19:16 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\swk.ini
[2009/05/17 20:34:43 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2009/05/17 20:34:43 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2009/05/17 20:34:43 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2009/05/17 20:34:42 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2009/05/05 08:48:04 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\qOBMKXX.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\NokenDu.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\NfKEpB.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\mkdKDmGu.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\jLpEUTRn.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\HqRrmL.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\GsprSr.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\drivers\DJAutHxR.dll
[2008/01/20 22:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:47:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:47:04 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\syscvchk.dll
[2005/02/05 15:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2009/05/03 10:51:19 | 000,002,908 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 22:48:04 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/05/03 15:20:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/12/10 20:31:23 | 000,005,345 | ---- | M] () -- C:\commandlist.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/11/07 10:42:29 | 000,001,508 | -H-- | M] () -- C:\IPH.PH
[2010/06/13 19:17:36 | 000,000,201 | ---- | M] () -- C:\log.txt
[2009/02/13 13:25:57 | 000,000,010 | ---- | M] () -- C:\MOVE_RECOVERY
[2010/06/25 06:39:47 | 311,832,575 | -HS- | M] () -- C:\pagefile.sys
[2008/06/04 17:59:40 | 000,007,163 | ---- | M] () -- C:\pdiports.cat
[2008/06/04 17:59:20 | 000,002,853 | ---- | M] () -- C:\pdiports64.inf
[2009/02/13 14:12:56 | 000,000,091 | ---- | M] () -- C:\power2go.log
[2009/02/12 23:06:16 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010/06/18 07:34:07 | 000,000,280 | ---- | M] () -- C:\spare (J) - Shortcut.lnk
[2009/02/13 14:04:28 | 000,000,002 | RHS- | M] () -- C:\USER

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >


#4 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 25 June 2010 - 06:42 AM

and it didnt come up with an extras.txtjust the otl.txt.

#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:07 AM

Posted 25 June 2010 - 04:09 PM

Hi again hammerdown!!.. smile.gif

64bit Windows XP?!? That's a pretty rare system!..

QUOTE(hammerdown @ Jun 18 2010, 04:18 AM) View Post
with some websites my browser is redirecting me to a random site. i have ran numerous malware/spyware/adware/viris scans and with no prevail. i have run a hijack this and here it is.

Malware changed the DNS settings on your computer... We'll try to clean it up...

QUOTE(hammerdown @ Jun 25 2010, 01:42 PM) View Post
and it didnt come up with an extras.txtjust the otl.txt.

Yep, as it was the second run of OTL... Please do this instead:

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Then,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.116.42 85.255.112.169
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\qOBMKXX.dll
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\NokenDu.dll
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\NfKEpB.dll
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\mkdKDmGu.dll
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\jLpEUTRn.dll
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\HqRrmL.dll
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\GsprSr.dll
    [2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\Windows\SysWow64\drivers\DJAutHxR.dll
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Finally,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 26 June 2010 - 06:26 AM

Results of screen317's Security Check version 0.99.4
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Antivirus
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Companion 1.1.9
CCleaner
Java™ 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast5 AvastSvc.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


#7 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 26 June 2010 - 06:34 AM

All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\Windows\SysWOW64\qOBMKXX.dll moved successfully.
C:\Windows\NokenDu.dll moved successfully.
C:\Windows\SysWOW64\NfKEpB.dll moved successfully.
C:\Windows\SysWOW64\mkdKDmGu.dll moved successfully.
C:\Windows\jLpEUTRn.dll moved successfully.
C:\Windows\SysWOW64\HqRrmL.dll moved successfully.
C:\Windows\GsprSr.dll moved successfully.
C:\Windows\SysWOW64\drivers\DJAutHxR.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41085 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jake
->Temp folder emptied: 137354280 bytes
->Temporary Internet Files folder emptied: 1314434 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39975337 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 974 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3429619 bytes

Total Files Cleaned = 174.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jake
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 06262010_072751

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCQEEAEH\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFYW2XTJ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1SXUHOO\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FPI00FL\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


#8 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 26 June 2010 - 06:45 AM

the online scan doesnt work for me. never loaded.

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:07 AM

Posted 26 June 2010 - 08:28 AM

Hi again hammerdown!!.. smile.gif

Do you still experience redirects??..

Since an online scanner doesn't work for you, please perform a full system scan with your Avast! antivirus... If possible, save and post the logfile...

Then,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Java

Go to Start > Control Panel double-click on Add or Remove Programs and remove:
Java™ 6 Update 13

Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

- Internet Explorer: update it to the latest, secure version: 8.0 Internet Explorer


It looks like your Windows Firewall is disabled... For your computer security please either enable it or install a software firewall... Instructions for enabling/disabling Windows Firewall and recommended firewalls on my page: link
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 27 June 2010 - 04:20 PM

would not let me download microsoft 8. microsoft dosent work for me at all. i kinda chalked that up to the redirecting prob. i did a through scan with avast and came back clean. i updated flash and java tho, and firewall is back up.

and i still have redirects. sad.gif

#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:07 AM

Posted 28 June 2010 - 09:08 AM

Hi again hammerdown!!.. smile.gif

QUOTE(hammerdown @ Jun 27 2010, 11:20 PM) View Post
and i still have redirects. sad.gif

Ahh, so we need to dig deeper!!..

Question: do you use a router??.. If yes, are there any other computers connected to it??..

Please run a fresh scan with OTL.exe - post the logfile - only OTL.txt will be generated...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 28 June 2010 - 12:09 PM

no other computers on this network.and with the OTL any thing special i should put in?

#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:07 AM

Posted 28 June 2010 - 12:18 PM

Hi again!.. smile.gif

QUOTE(hammerdown @ Jun 28 2010, 07:09 PM) View Post
no other computers on this network.

Well, ok - but I'm still not sure if you use a router... If yes, please reset the router back to the factory settings - instructions on my page: Routers - security... Afterwards, configure it properly - and set non-default username and password...
This is important, since malware on your computer changed the DNS settings - it's possible these DNS settings are changed on the router as well, hence the redirects persist...

QUOTE
and with the OTL any thing special i should put in?

Run OTL.exe, hit Scan (no need for a custom scan), wait for the logfile to be produced, post the contents of OTL.txt - the whole logfile... smile.gif
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 hammerdown

hammerdown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 28 June 2010 - 01:29 PM

OTL logfile created on: 6/28/2010 1:14:07 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Jake\Documents\Downloads
64bit-Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.54 Gb Total Space | 37.92 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
Drive D: | 7.74 Mb Total Space | 7.74 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive E: | 465.75 Gb Total Space | 278.44 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 8.51 Gb Total Space | 2.47 Gb Free Space | 29.07% Space Free | Partition Type: NTFS

Computer Name: JAKE-PC
Current User Name: Jake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/25 07:33:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Documents\Downloads\OTL.exe
PRC - [2010/06/24 06:52:01 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/15 16:40:56 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/21 07:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/05/17 13:14:12 | 002,345,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/02 21:00:49 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/01 21:03:18 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 21:03:18 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/05 15:10:02 | 003,634,024 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2009/08/13 18:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/07/08 21:58:05 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2009/06/17 07:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/25 12:31:48 | 000,434,176 | ---- | M] (Prabang) -- C:\Program Files (x86)\Prabang\Applets\NGists\NGists.exe
PRC - [2009/05/06 05:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/06/24 21:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 20:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 20:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/06/06 11:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/03/25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe


========== Modules (SafeList) ==========

MOD - [2010/06/25 07:33:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Documents\Downloads\OTL.exe
MOD - [2008/01/20 22:47:51 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:45:55 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/04/24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/03/03 00:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2008/01/20 22:45:23 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/15 11:17:04 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/21 07:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/02 21:00:49 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/01 21:03:18 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/06 05:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 20:57:28 | 000,605,464 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/06/06 11:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/09 06:12:58 | 000,051,280 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/03/09 06:12:39 | 000,121,936 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/03/09 06:09:12 | 000,028,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/03/09 06:08:56 | 000,063,568 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/03/09 06:08:33 | 000,022,096 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/03/03 00:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 23:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 10:33:34 | 000,114,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/12/03 20:08:35 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/26 01:05:28 | 000,038,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/16 17:58:25 | 000,711,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/11/16 17:58:25 | 000,081,952 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/11/16 17:58:22 | 000,235,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2009/11/16 17:58:19 | 000,593,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2009/10/25 20:04:22 | 000,068,640 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 16:36:28 | 000,022,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/03 06:21:50 | 000,210,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/06/04 17:59:44 | 000,020,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2008/01/20 22:45:19 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/09/21 04:13:22 | 000,040,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2007/09/21 04:13:08 | 000,056,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/09/21 04:13:02 | 000,054,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/09/21 04:12:42 | 000,035,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/06/28 12:39:55 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/06/28 12:39:40 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/05/02 14:26:04 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/09/28 14:20:43 | 000,089,256 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2009/02/23 01:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2008/03/10 12:40:10 | 000,007,424 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\SED133x.sys -- (SED133x)
DRV - [2008/03/10 12:40:10 | 000,006,400 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\T6963c.sys -- (T6963C)
DRV - [2008/03/10 12:40:10 | 000,005,120 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\LC7981.sys -- (LC7981)
DRV - [2008/03/10 12:40:10 | 000,003,968 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\n3900.sys -- (n3900)
DRV - [2008/03/10 12:40:08 | 000,003,712 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\KS0108.sys -- (KS0108)
DRV - [2007/12/14 02:09:24 | 000,020,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/07/19 13:25:10 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | Disabled | Running] -- C:\Program Files (x86)\GIGABYTE\ET6\atillk64.sys -- (atillk64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: {4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: {12bc3590-67a6-11de-8a39-0800200c9a66}:3.6
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.8
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\ [2010/06/20 09:36:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/26 07:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/26 07:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/26 07:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/24 06:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/26 07:27:51 | 000,000,000 | ---D | M]

[2009/05/03 19:17:21 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions
[2010/06/27 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions
[2010/06/16 06:59:38 | 000,000,000 | ---D | M] (Eclipse) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
[2010/06/16 07:44:57 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/06/16 07:46:28 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/06/16 07:46:08 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/06/27 19:32:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/07 10:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/05/04 10:10:58 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2010/05/10 22:01:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/16 07:45:25 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/06/16 07:02:59 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/16 06:57:12 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/06/22 17:47:12 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/06/11 21:14:14 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\smarterwiki@wikiatic.com
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/06/16 06:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2009/11/07 10:45:44 | 000,004,554 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\searchplugins\aim-search.xml
[2009/09/28 21:46:40 | 000,002,160 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\px7gxcho.default\searchplugins\MySpace.xml
[2010/06/27 20:01:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/23 08:04:40 | 000,000,000 | ---D | M] (Seekapp) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.116.42 85.255.112.169
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3c3e3328-c0a9-11de-b155-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3e3328-c0a9-11de-b155-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{3c3e3328-c0a9-11de-b155-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{be63c05b-45b7-11df-98c5-001fd0813e82}\Shell - "" = AutoRun
O33 - MountPoints2\{be63c05b-45b7-11df-98c5-001fd0813e82}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/27 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\AWC
[2010/06/27 22:08:14 | 002,420,736 | ---- | C] (FreeImage) -- C:\Windows\SysWow64\FreeImage.dll
[2010/06/27 22:08:14 | 000,671,744 | ---- | C] (Steve Murphy Software) -- C:\Windows\SysWow64\AWC_SS.scr
[2010/06/27 22:08:14 | 000,098,304 | ---- | C] (Jeremy Adams, CCRP) -- C:\Windows\SysWow64\ccrpUCW6.dll
[2010/06/27 22:08:14 | 000,098,304 | ---- | C] (CCRP) -- C:\Windows\SysWow64\ccrpDtp6.ocx
[2010/06/27 22:08:14 | 000,090,112 | ---- | C] (http://www.mvps.org/vb) -- C:\Windows\SysWow64\ccrpTmr6.dll
[2010/06/27 22:08:14 | 000,086,016 | ---- | C] (CCRP / ECX Programming) -- C:\Windows\SysWow64\ccrpudn6.ocx
[2010/06/27 22:08:14 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2010/06/27 22:08:14 | 000,040,960 | ---- | C] (The Lillypad) -- C:\Windows\SysWow64\DLLDesktop.dll
[2010/06/27 22:08:14 | 000,036,864 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\AlphaImageCreator.dll
[2010/06/27 22:08:13 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2010/06/27 22:08:13 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2010/06/27 22:08:13 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2010/06/27 22:08:13 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\Windows\SysWow64\ccrpftv6.ocx
[2010/06/27 22:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWC
[2010/06/27 22:04:42 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\danbo
[2010/06/27 18:03:48 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Promosoft Corporation
[2010/06/26 23:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/26 07:27:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Screaming Bee
[2010/06/22 19:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010/06/20 23:07:38 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\Medal of Honor MP Beta
[2010/06/20 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\LCDSirReal
[2010/06/20 06:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 06:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 06:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/20 06:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/17 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/06/13 19:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2010/06/06 15:41:22 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\borderland extraction
[2010/06/03 22:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010/06/03 22:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Xfire
[2010/06/02 12:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2010/06/01 07:42:53 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Unity
[2010/06/01 07:37:21 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Unity
[2010/05/30 09:27:09 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\SoundSpectrum
[2010/05/30 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundSpectrum

========== Files - Modified Within 30 Days ==========

[2010/06/28 13:15:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EF86144C-9AAF-4390-AC03-F89E27449F5F}.job
[2010/06/28 13:09:25 | 004,980,736 | -HS- | M] () -- C:\Users\Jake\ntuser.dat
[2010/06/28 13:05:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/06/28 12:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 12:39:55 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010/06/28 12:39:55 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/06/28 12:39:40 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/06/28 12:39:37 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/06/28 12:39:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 12:39:09 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/28 12:39:04 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/06/28 12:38:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/28 12:38:48 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 12:38:47 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 12:38:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 09:17:31 | 000,524,288 | -HS- | M] () -- C:\Users\Jake\ntuser.dat{d0cf6c81-fdf9-11de-a2d9-001fd0813e82}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 09:17:31 | 000,065,536 | -HS- | M] () -- C:\Users\Jake\ntuser.dat{d0cf6c81-fdf9-11de-a2d9-001fd0813e82}.TM.blf
[2010/06/28 09:17:25 | 004,710,142 | -H-- | M] () -- C:\Users\Jake\AppData\Local\IconCache.db
[2010/06/28 06:43:11 | 000,000,704 | ---- | M] () -- C:\Windows\tasks\Free Registry Fix.job
[2010/06/27 22:08:14 | 000,000,680 | ---- | M] () -- C:\Users\Jake\Desktop\AWC.lnk
[2010/06/27 20:03:03 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/27 18:17:46 | 000,000,676 | ---- | M] () -- C:\Windows\tasks\Free Registry Fix reminder.job
[2010/06/27 18:13:32 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010/06/27 18:13:32 | 000,000,768 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2010/06/27 11:56:29 | 000,365,699 | ---- | M] () -- C:\Users\Jake\Documents\list.xps
[2010/06/27 11:41:11 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2010/06/27 08:17:38 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/26 23:04:13 | 000,182,784 | ---- | M] () -- C:\Windows\SysNative\javaws.exe
[2010/06/26 23:04:13 | 000,165,888 | ---- | M] () -- C:\Windows\SysNative\javaw.exe
[2010/06/26 23:04:13 | 000,165,888 | ---- | M] () -- C:\Windows\SysNative\java.exe
[2010/06/26 23:04:12 | 000,455,680 | ---- | M] () -- C:\Windows\SysNative\deployJava1.dll
[2010/06/26 22:58:47 | 000,485,850 | ---- | M] () -- C:\Users\Jake\Desktop\roguearmy.zip
[2010/06/26 19:34:23 | 000,709,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/26 19:34:23 | 000,606,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/26 19:34:23 | 000,107,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/26 18:58:29 | 000,117,760 | ---- | M] () -- C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 21:32:08 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/06/24 21:32:08 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/21 20:09:19 | 000,000,670 | ---- | M] () -- C:\Users\Jake\Desktop\SpeedFan.lnk
[2010/06/21 20:09:19 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/06/20 23:07:29 | 000,000,919 | ---- | M] () -- C:\Users\Jake\Desktop\MoHMPGame - Shortcut.lnk
[2010/06/20 22:02:09 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/06/20 09:38:21 | 000,002,003 | ---- | M] () -- C:\Users\Jake\Desktop\Google Chrome.lnk
[2010/06/20 09:30:21 | 000,011,418 | ---- | M] () -- C:\Users\Jake\Documents\cc_20100620_093014.reg
[2010/06/20 09:20:17 | 004,319,308 | ---- | M] () -- C:\Users\Jake\Documents\cc_20100620_091820.reg
[2010/06/20 09:17:56 | 000,001,684 | ---- | M] () -- C:\Users\Jake\Desktop\CCleaner.lnk
[2010/06/19 22:11:09 | 000,000,791 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/06/18 07:34:07 | 000,000,280 | ---- | M] () -- C:\spare (J) - Shortcut.lnk
[2010/06/17 22:06:00 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2010/06/14 06:33:44 | 000,484,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/13 20:38:11 | 000,001,196 | ---- | M] () -- C:\Users\Jake\Desktop\vH - Shortcut.lnk
[2010/06/13 19:56:17 | 000,165,488 | ---- | M] () -- C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/13 17:04:33 | 000,001,489 | ---- | M] () -- C:\Users\Jake\Desktop\Counter-Strike Source.lnk
[2010/06/03 22:12:41 | 000,000,638 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk

========== Files Created - No Company Name ==========

[2010/06/28 06:45:25 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/06/27 22:08:14 | 000,000,680 | ---- | C] () -- C:\Users\Jake\Desktop\AWC.lnk
[2010/06/27 22:08:14 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\ndupoem.rst
[2010/06/27 18:13:32 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010/06/27 18:13:32 | 000,000,768 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2010/06/27 18:07:48 | 000,000,676 | ---- | C] () -- C:\Windows\tasks\Free Registry Fix reminder.job
[2010/06/27 18:03:47 | 000,000,704 | ---- | C] () -- C:\Windows\tasks\Free Registry Fix.job
[2010/06/27 11:56:21 | 000,365,699 | ---- | C] () -- C:\Users\Jake\Documents\list.xps
[2010/06/26 23:04:22 | 000,455,680 | ---- | C] () -- C:\Windows\SysNative\deployJava1.dll
[2010/06/26 23:04:22 | 000,182,784 | ---- | C] () -- C:\Windows\SysNative\javaws.exe
[2010/06/26 23:04:22 | 000,165,888 | ---- | C] () -- C:\Windows\SysNative\javaw.exe
[2010/06/26 23:04:22 | 000,165,888 | ---- | C] () -- C:\Windows\SysNative\java.exe
[2010/06/26 22:59:33 | 000,485,850 | ---- | C] () -- C:\Users\Jake\Desktop\roguearmy.zip
[2010/06/21 20:09:19 | 000,000,670 | ---- | C] () -- C:\Users\Jake\Desktop\SpeedFan.lnk
[2010/06/21 20:09:19 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/06/20 23:07:31 | 000,000,919 | ---- | C] () -- C:\Users\Jake\Desktop\MoHMPGame - Shortcut.lnk
[2010/06/20 09:38:21 | 000,002,003 | ---- | C] () -- C:\Users\Jake\Desktop\Google Chrome.lnk
[2010/06/20 09:30:16 | 000,011,418 | ---- | C] () -- C:\Users\Jake\Documents\cc_20100620_093014.reg
[2010/06/20 09:18:23 | 004,319,308 | ---- | C] () -- C:\Users\Jake\Documents\cc_20100620_091820.reg
[2010/06/20 09:17:56 | 000,001,684 | ---- | C] () -- C:\Users\Jake\Desktop\CCleaner.lnk
[2010/06/20 06:14:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/19 22:11:09 | 000,000,791 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/06/18 07:34:07 | 000,000,280 | ---- | C] () -- C:\spare (J) - Shortcut.lnk
[2010/06/13 20:38:13 | 000,001,196 | ---- | C] () -- C:\Users\Jake\Desktop\vH - Shortcut.lnk
[2010/06/13 17:04:33 | 000,001,489 | ---- | C] () -- C:\Users\Jake\Desktop\Counter-Strike Source.lnk
[2010/06/03 22:12:41 | 000,000,638 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010/05/30 09:48:18 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\AWC Update.job
[2010/05/30 09:48:18 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/05/27 20:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/09 12:40:08 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/03/01 08:19:16 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/02/25 00:04:10 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/02/21 20:15:20 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/02/21 20:15:20 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/02/21 20:15:20 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/02/21 20:15:20 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/02/21 20:15:20 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/02/21 20:15:20 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/01/04 11:08:55 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/08/05 08:10:36 | 000,726,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/15 07:19:16 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\swk.ini
[2009/05/17 20:34:43 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2009/05/17 20:34:43 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2009/05/17 20:34:43 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2009/05/17 20:34:42 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2009/05/05 08:48:04 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/01/20 22:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:47:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:47:04 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\syscvchk.dll
[2005/02/05 15:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
< End of report >


and i rebooted/re-password my router, still getting redirects.

Edited by hammerdown, 28 June 2010 - 02:18 PM.


#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:07 AM

Posted 28 June 2010 - 04:52 PM

Hi again hammerdown!!.. smile.gif

QUOTE(hammerdown @ Jun 28 2010, 08:29 PM) View Post
and i rebooted/re-password my router, still getting redirects.

Ok, the logfile indeed shows DNS settings as still modified:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.116.42 85.255.112.169

We'll try to fix it once again and see if it comes back...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.116.42 85.255.112.169
    O33 - MountPoints2\{be63c05b-45b7-11df-98c5-001fd0813e82}\Shell - "" = AutoRun
    O33 - MountPoints2\{be63c05b-45b7-11df-98c5-001fd0813e82}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]
    [ResetHosts]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Run a fresh scan with OTL.exe - hit Scan (no need for a custom scan), wait for the logfile to be produced, post the contents of OTL.txt - the whole logfile...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users