Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email hacked, internet is very slow, possible keylogger


  • This topic is locked This topic is locked
14 replies to this topic

#1 sirrenz0

sirrenz0

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 13 July 2010 - 12:20 PM

Hi, I checked my email and saw that it was sending out spam mail and links to my contact list and that my internet speed has slowed down dramatically even though none of my applications were using the network.

My Java has since crashed and had to be reinstalled and I scanned my computer with antivirus software (SAS, Malaware Anti-bytes, ESET online scanner, and MS:SE)but found nothing.

The computer is up to date and so are most of my programs (Windows 7 x64).

Here is my DDS log:



DDS (Ver_10-03-17.01) - NTFSX64
Run by m0us3 at 9:52:29.03 on Tue 07/13/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.2121 [GMT -7:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\m0us3\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\m0us3\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Users\m0us3\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\m0us3\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browse r Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~3\office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\m0us3\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Everything] "c:\program files (x86)\everything\Everything.exe" -startup
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
StartupFolder: c:\users\m0us3\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\m0us3\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\m0us3\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~3\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~3\office12\GR469A~1.DLL
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\m0us3\appdata\roaming\mozilla\firefox\profiles\febeprof.gerard\
FF - prefs.js: browser.startup.homepage - hxxp://digg.com/all/popular/24hours
FF - component: c:\program files (x86)\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\users\m0us3\appdata\roaming\mozilla\firefox\profiles\febeprof.gerard\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\m0us3\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\m0us3\appdata\local\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\users\m0us3\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\m0us3\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\m0us3\appdata\roaming\mozilla\firefox\profiles\febeprof.gerard\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-26 55280]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 173984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 203264]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-8 72216]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-5-27 6856192]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-27 264192]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 12672]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-11-26 1038088]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-26 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-28 19544]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-07-08 23:30:07 0 d-----w- C:\_OTL
2010-07-08 21:46:11 0 d-----w- c:\program files (x86)\ESET
2010-07-08 19:54:06 0 d-----w- c:\users\m0us3\appdata\roaming\SUPERAntiSpyware.com
2010-07-08 19:54:06 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-08 19:53:59 0 d-----w- c:\programdata\!SASCORE
2010-07-08 19:53:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-07 22:49:45 0 d-----w- c:\users\m0us3\Adobe Flash Builder 4
2010-07-07 22:38:45 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-07-07 22:38:45 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-07-07 22:38:44 0 d-----w- c:\program files (x86)\My Company Name
2010-07-07 22:20:20 0 d-----w- C:\MasterCollection_CS5_LS1
2010-07-06 02:14:29 4781188084 ----a-w- C:\MasterCollection_CS5_LS1.7z
2010-07-06 02:14:29 1228416 ----a-w- C:\MasterCollection_CS5_LS1.exe
2010-07-04 18:00:50 0 d-----w- c:\program files (x86)\AVG
2010-06-30 14:01:38 749568 ----a-w- c:\windows\syswow64\spk.dll
2010-06-29 19:13:32 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-29 19:13:32 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-29 19:13:32 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-29 19:13:32 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-29 19:13:32 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-29 19:13:32 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-29 19:13:32 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-29 19:13:32 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-29 19:13:32 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-29 19:13:32 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-29 19:12:54 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-06-29 19:07:56 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-06-29 19:07:56 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-06-29 19:07:49 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-06-29 19:07:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-06-29 19:07:49 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-06-29 19:07:49 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-06-29 19:07:21 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-29 19:07:21 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-06-29 19:07:20 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 05:51:53 0 d-----w- c:\program files (x86)\Napoleon Total War
2010-06-16 16:08:54 0 d-----w- C:\gPotato
2010-06-16 00:14:34 0 d-----w- c:\program files (x86)\EGOSOFT
2010-06-15 23:58:43 828912 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-15 23:58:17 0 d-----w- c:\program files (x86)\DAEMON Tools Pro
2010-06-15 23:57:39 0 d-----w- c:\users\m0us3\appdata\roaming\DAEMON Tools Pro
2010-06-15 23:57:39 0 d-----w- c:\programdata\DAEMON Tools Pro
2010-06-15 23:44:45 311968 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-15 23:44:44 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-15 16:50:45 2419568 ----a-w- c:\windows\syswow64\pbsvc_apb.exe
2010-06-15 16:50:05 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-06-14 04:40:56 0 d-----w- c:\program files (x86)\Realtime Worlds

==================== Find3M ====================

2010-06-15 16:50:55 189248 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-06-10 23:07:24 48152 ----a-w- c:\windows\fonts\My Mom s Font.ttf
2010-06-10 02:42:59 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 02:42:59 80768 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-10 02:42:59 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\syswow64\GPhotos.scr
2010-06-01 17:37:48 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 17:39:12 6856192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-05-27 17:25:54 19901952 ----a-w- c:\windows\system32\atio6axx.dll
2010-05-27 17:05:28 15180800 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-05-27 17:02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-27 17:02:46 511488 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-05-27 17:02:04 592384 ----a-w- c:\windows\system32\aticfx64.dll
2010-05-27 17:00:20 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-27 17:00:10 458752 ----a-w- c:\windows\system32\atieclxx.exe
2010-05-27 16:59:40 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-05-27 16:58:42 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-05-27 16:58:24 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-05-27 16:58:18 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-05-27 16:58:10 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-05-27 16:58:06 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-05-27 16:58:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-05-27 16:57:58 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-05-27 16:54:56 3668480 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-05-27 16:46:52 4294656 ----a-w- c:\windows\system32\atidxx64.dll
2010-05-27 16:41:12 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2010-05-27 16:41:10 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-05-27 16:41:06 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2010-05-27 16:41:04 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-05-27 16:40:58 5264896 ----a-w- c:\windows\system32\aticaldd64.dll
2010-05-27 16:39:54 4096000 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-05-27 16:37:44 3798528 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-05-27 16:37:08 2752512 ----a-w- c:\windows\system32\atiumd6a.dll
2010-05-27 16:35:18 55296 ----a-w- c:\windows\system32\coinst.dll
2010-05-27 16:32:06 4917248 ----a-w- c:\windows\system32\atiumd64.dll
2010-05-27 16:31:38 3025408 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-05-27 16:26:00 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2010-05-27 16:25:54 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-05-27 16:25:46 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-05-27 16:25:44 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-05-27 16:25:44 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-05-27 16:25:40 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-05-27 16:25:38 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-05-27 16:25:36 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-05-27 16:25:00 38912 ----a-w- c:\windows\system32\atiuxp64.dll
2010-05-27 16:24:56 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-05-27 16:24:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll
2010-05-27 16:24:46 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-05-27 16:24:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-05-27 16:20:50 54272 ----a-w- c:\windows\system32\atimpc64.dll
2010-05-27 16:20:50 54272 ----a-w- c:\windows\system32\amdpcom64.dll
2010-05-27 16:20:46 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-05-27 16:20:46 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-16 00:43:28 318404 ----a-w- c:\windows\fonts\vtks desgaste.ttf
2010-05-12 11:13:46 10752 ----a-w- c:\windows\syswow64\BASSMOD.dll
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-05 00:35:55 1228400 ----a-w- C:\Photoshop_12_LS1.exe
2010-04-29 15:37:26 2137 ----a-w- c:\windows\syswow64\atipblag.dat
2010-04-29 15:37:26 2137 ----a-w- c:\windows\system32\atipblag.dat
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-16 09:24:52 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-28 04:50:41 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:52:42.14 ===============

GMER won't run saying it can't find \system

Edited by boopme, 13 July 2010 - 12:46 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 18 July 2010 - 04:32 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Gmer won't run on the 64 bit.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#3 sirrenz0

sirrenz0
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 19 July 2010 - 01:36 PM

OTL logfile created on: 7/19/2010 11:19:46 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\m0us3\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 430.02 Gb Free Space | 61.56% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 32.62 Gb Free Space | 14.01% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 7.25 Gb Free Space | 1.04% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUSE
Current User Name: m0us3
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\m0us3\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\m0us3\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\m0us3\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\m0us3\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\m0us3\Desktop\OTL (1).exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3725.dll ()
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys File not found
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\Windows\SysNative\drivers\s616bus.sys (MCCI Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 38 33 97 1A 1F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5


FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/07/07 15:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/16 15:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/16 15:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/11/26 01:48:31 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Extensions
[2009/11/26 01:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/26 02:12:01 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\dyobr30k.default\extensions
[2009/11/26 02:17:48 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\dyobr30k.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/07/19 00:24:26 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions
[2010/06/29 16:24:05 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/11/26 14:57:18 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/06/29 16:24:53 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/26 02:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/12/18 18:01:30 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/11/26 02:23:23 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/06/29 16:24:54 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/02/14 18:47:30 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/06/29 16:24:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/26 02:23:25 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/06/29 16:24:54 | 000,000,000 | ---D | M] (WOT) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/16 08:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/04/16 08:41:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/26 02:23:22 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/05/01 14:06:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/16 08:41:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/26 02:23:22 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/06/29 16:23:30 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010/01/27 10:48:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/05/12 06:02:50 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2009/11/26 02:23:20 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\askopensearch-VTS@ask.com
[2010/06/29 16:24:54 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\autopager@mozilla.org
[2010/07/16 16:01:54 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\chromifox@altmusictv.com
[2010/03/21 23:49:14 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\ctrl-tab@design-noir.de
[2009/11/26 02:23:25 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\en-US@dictionaries.addons.mozilla.org
[2010/06/29 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\firefox@ghostery.com
[2010/07/03 16:24:51 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\foxmarks@kei.com
[2010/06/29 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\foxyproxy@eric.h.jung
[2009/11/26 02:23:24 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\LogMeInClient@logmein.com
[2010/06/29 16:23:40 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\nasanightlaunch@example.com
[2010/06/29 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\Office2007Black@JBBS
[2010/06/09 02:55:33 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\SkipScreen@SkipScreen
[2009/11/26 02:23:23 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\TFToolbarX@torrent-finder
[2010/06/29 16:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/02/14 18:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010/02/14 18:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/02/14 18:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010/02/14 18:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/06/29 16:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0us3\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Gerard\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010/07/18 14:28:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/16 15:54:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/26 00:24:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/07/18 14:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/16 15:54:23 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/16 15:54:23 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2010/07/18 14:25:17 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/07 14:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 14:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
[2010/07/16 15:54:27 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/06/11 23:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/01 16:26:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/01 16:26:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/01 16:26:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/01 16:26:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/01 16:26:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/01 16:26:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/01 16:26:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/16 15:54:28 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/16 15:54:28 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/07/16 15:54:28 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/16 15:54:28 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/16 15:54:28 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/07/16 15:54:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/16 15:54:28 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/08 16:30:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Oracle)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Google Update] C:\Users\m0us3\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\m0us3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\m0us3\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\m0us3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (krbros) - File not found
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (krbros) - File not found
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0062c145-dd66-11de-83c1-002354452f2d}\Shell - "" = AutoRun
O33 - MountPoints2\{0062c145-dd66-11de-83c1-002354452f2d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2a5de9c3-7cad-11df-b4f9-002354452f2d}\Shell - "" = AutoRun
O33 - MountPoints2\{2a5de9c3-7cad-11df-b4f9-002354452f2d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Installer.EXE -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/19 11:18:17 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\m0us3\Desktop\OTL (1).exe
[2010/07/18 14:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/18 14:25:24 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/18 14:25:24 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/18 14:25:24 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/18 13:59:57 | 000,000,000 | ---D | C] -- C:\Users\m0us3\AppData\Roaming\vlc
[2010/07/17 13:00:14 | 000,000,000 | ---D | C] -- C:\Windows\scoped_dir18925
[2010/07/17 13:00:14 | 000,000,000 | ---D | C] -- C:\Windows\scoped_dir15885
[2010/07/17 12:58:31 | 000,000,000 | ---D | C] -- C:\Windows\scoped_dir22911
[2010/07/17 12:58:31 | 000,000,000 | ---D | C] -- C:\Windows\scoped_dir18588
[2010/07/17 12:58:18 | 000,000,000 | ---D | C] -- C:\Windows\scoped_dir18546
[2010/07/17 12:58:18 | 000,000,000 | ---D | C] -- C:\Windows\scoped_dir14254
[2010/07/14 20:18:59 | 000,000,000 | ---D | C] -- C:\Users\m0us3\AppData\Roaming\UDP Software
[2010/07/13 10:06:12 | 000,000,000 | ---D | C] -- C:\Users\m0us3\Desktop\gmer
[2010/07/12 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\m0us3\Desktop\DF Tuts
[2010/07/08 16:30:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/08 14:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/07/08 13:11:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\m0us3\Desktop\OTL.exe
[2010/07/08 12:54:06 | 000,000,000 | ---D | C] -- C:\Users\m0us3\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/08 12:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/08 12:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/08 12:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/08 12:48:27 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\m0us3\Desktop\SUPERAntiSpyware.exe
[2010/07/07 15:49:45 | 000,000,000 | ---D | C] -- C:\Users\m0us3\Adobe Flash Builder 4
[2010/07/07 15:45:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010/07/07 15:38:45 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/07/07 15:38:45 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/07/07 15:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010/07/07 15:20:20 | 000,000,000 | ---D | C] -- C:\MasterCollection_CS5_LS1
[2010/07/06 12:43:05 | 000,000,000 | ---D | C] -- C:\Users\m0us3\Desktop\Adobe CS5 Master Collection
[2010/07/05 19:14:29 | 001,228,416 | ---- | C] (Adobe Systems Incorporated) -- C:\MasterCollection_CS5_LS1.exe
[2010/07/04 14:01:52 | 000,000,000 | ---D | C] -- C:\Users\m0us3\AppData\Local\ESET
[2010/07/04 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/07/03 17:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2010/07/03 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/06/29 12:13:32 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/29 12:13:32 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/29 12:13:32 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/29 12:13:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/29 12:13:32 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/29 12:13:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/29 12:13:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/29 12:13:32 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/29 12:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/06/29 12:08:07 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/29 12:08:06 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/29 12:08:06 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/29 12:08:05 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/29 12:08:05 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/29 12:08:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/29 12:08:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/29 12:07:56 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/29 12:07:49 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/29 12:07:49 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/29 12:07:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/29 12:07:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/20 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Napoleon Total War

========== Files - Modified Within 30 Days ==========

[2010/07/19 11:22:32 | 004,194,304 | -HS- | M] () -- C:\Users\m0us3\NTUSER.DAT
[2010/07/19 11:18:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\m0us3\Desktop\OTL (1).exe
[2010/07/19 09:21:19 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 09:21:19 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 09:13:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/19 09:13:50 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 01:07:04 | 002,654,423 | -H-- | M] () -- C:\Users\m0us3\AppData\Local\IconCache.db
[2010/07/18 14:25:16 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/18 14:25:16 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/18 14:25:16 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/18 14:25:16 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/18 13:59:07 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/18 13:53:47 | 019,495,102 | ---- | M] () -- C:\Users\m0us3\Documents\vlc-1.1.0-win32.exe
[2010/07/13 10:05:58 | 000,284,915 | ---- | M] () -- C:\Users\m0us3\Desktop\gmer.zip
[2010/07/10 11:37:44 | 168,412,990 | ---- | M] () -- C:\Users\m0us3\Desktop\0009555496.flv
[2010/07/08 16:30:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/07/08 15:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-210139571-2492566090-16182093-1001UA.job
[2010/07/08 13:39:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/08 13:11:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\m0us3\Desktop\OTL.exe
[2010/07/08 12:53:58 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/08 12:48:58 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\m0us3\Desktop\SUPERAntiSpyware.exe
[2010/07/08 12:40:20 | 000,293,376 | ---- | M] () -- C:\Users\m0us3\Desktop\vfdqbyww.exe
[2010/07/08 12:38:05 | 000,525,824 | ---- | M] () -- C:\Users\m0us3\Desktop\dds.scr
[2010/07/08 00:50:06 | 005,453,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/07 17:19:26 | 000,173,848 | ---- | M] () -- C:\Users\m0us3\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/07 06:49:33 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-210139571-2492566090-16182093-1001Core.job
[2010/07/06 12:39:04 | 000,010,065 | ---- | M] () -- C:\Users\m0us3\Documents\Transcript Request.docx
[2010/07/06 05:50:18 | 001,228,416 | ---- | M] (Adobe Systems Incorporated) -- C:\MasterCollection_CS5_LS1.exe
[2010/07/06 05:50:08 | 486,220,787 | ---- | M] () -- C:\MasterCollection_CS5_LS1.7z
[2010/07/05 18:59:03 | 001,044,480 | ---- | M] () -- C:\Users\m0us3\Documents\2-255-phsDispatchers.doc
[2010/07/05 18:58:52 | 000,612,069 | ---- | M] () -- C:\Users\m0us3\Documents\DFD PIQ - Copy.docx
[2010/07/05 16:36:55 | 000,001,879 | ---- | M] () -- C:\Users\m0us3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2010/07/03 20:35:24 | 000,046,560 | ---- | M] () -- C:\Windows\SysWow64\folder.jpg
[2010/06/30 07:01:38 | 000,749,568 | ---- | M] () -- C:\Windows\SysWow64\spk.dll
[2010/06/27 22:21:07 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/27 22:21:07 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/27 22:21:07 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2010/07/18 13:59:07 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/18 13:52:43 | 019,495,102 | ---- | C] () -- C:\Users\m0us3\Documents\vlc-1.1.0-win32.exe
[2010/07/13 10:05:58 | 000,284,915 | ---- | C] () -- C:\Users\m0us3\Desktop\gmer.zip
[2010/07/12 12:34:42 | 028,583,340 | ---- | C] () -- C:\Users\m0us3\Desktop\dwarffortvidtut34_transcoded.avi
[2010/07/12 12:34:38 | 025,333,522 | ---- | C] () -- C:\Users\m0us3\Desktop\dwarffortvidtut33_transcoded.avi
[2010/07/12 12:34:35 | 032,842,264 | ---- | C] () -- C:\Users\m0us3\Desktop\dwarffortvidtut32_transcoded.avi
[2010/07/12 12:34:31 | 037,892,894 | ---- | C] () -- C:\Users\m0us3\Desktop\dwarffortvidtut31_transcoded.avi
[2010/07/12 12:34:26 | 036,646,378 | ---- | C] () -- C:\Users\m0us3\Desktop\dwarffortvidtut30_transcoded.avi
[2010/07/12 12:34:21 | 031,517,920 | ---- | C] () -- C:\Users\m0us3\Desktop\dwarffortvidtut29_transcoded.avi
[2010/07/10 11:05:59 | 168,412,990 | ---- | C] () -- C:\Users\m0us3\Desktop\0009555496.flv
[2010/07/08 12:53:58 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/08 12:40:20 | 000,293,376 | ---- | C] () -- C:\Users\m0us3\Desktop\vfdqbyww.exe
[2010/07/08 12:38:04 | 000,525,824 | ---- | C] () -- C:\Users\m0us3\Desktop\dds.scr
[2010/07/06 12:39:02 | 000,010,065 | ---- | C] () -- C:\Users\m0us3\Documents\Transcript Request.docx
[2010/07/05 19:14:29 | 486,220,787 | ---- | C] () -- C:\MasterCollection_CS5_LS1.7z
[2010/07/05 18:58:56 | 001,044,480 | ---- | C] () -- C:\Users\m0us3\Documents\2-255-phsDispatchers.doc
[2010/07/05 18:58:52 | 000,612,069 | ---- | C] () -- C:\Users\m0us3\Documents\DFD PIQ - Copy.docx
[2010/06/30 07:01:38 | 000,749,568 | ---- | C] () -- C:\Windows\SysWow64\spk.dll
[2010/05/12 04:13:46 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/03/18 17:52:22 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/02/16 02:45:42 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/16 00:04:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/07/19 01:05:00 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\.purple
[2009/11/26 01:38:33 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\7stacks
[2010/04/26 15:13:37 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Ableton
[2009/11/28 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\acccore
[2009/11/26 01:40:52 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Bump Technologies, Inc
[2010/06/15 17:04:56 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\DAEMON Tools Pro
[2010/07/13 17:19:49 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\DC++
[2010/03/02 00:39:05 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\DiskSpaceFan
[2010/07/19 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Dropbox
[2010/02/27 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Facebook
[2009/12/01 18:57:53 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Foxit Software
[2009/11/26 00:52:40 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Gmail Notifier Plus
[2010/05/22 12:40:39 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\gtk-2.0
[2009/11/27 12:38:33 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\ImgBurn
[2010/03/11 20:55:02 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\KendallHunt
[2009/11/26 01:46:44 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Notepad++
[2009/12/19 12:27:11 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Rainmeter
[2009/11/26 00:16:11 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Razer
[2010/06/20 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\The Creative Assembly
[2009/12/22 16:23:32 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Tropico3
[2010/05/20 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\Ubisoft
[2010/07/14 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\UDP Software
[2010/07/15 02:18:38 | 000,000,000 | ---D | M] -- C:\Users\m0us3\AppData\Roaming\uTorrent
[2009/07/13 22:08:49 | 000,027,676 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

It didn't create the Extras.txt


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 19 July 2010 - 06:46 PM

This random-named file is on your desktop. Do you know what it is:

C:\Users\m0us3\Desktop\vfdqbyww.exe



Posted Image
m0le is a proud member of UNITE

#5 sirrenz0

sirrenz0
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 19 July 2010 - 09:51 PM

yes it is GMER.exe from this link http://gmer.net/download.php

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 20 July 2010 - 06:17 PM

This looks clean then. Nothing else shows on OTL either.

One more try, let's see if a rootkit is around by running TDSSKiller
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to leave the file alone
    .
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here (or attach it).

Posted Image
m0le is a proud member of UNITE

#7 sirrenz0

sirrenz0
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 20 July 2010 - 08:17 PM

it says it doesn't support x64 operating systems.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 21 July 2010 - 03:00 PM

That's the thing, you see. Not much is compatible on 64 bit because rootkits don't exist on these operating systems.

The logs are all clean so I think there's no keylogger and the internet needs a speed-up.

I recommend that you read this tutorial on the site which explains what you can do to speed up your PC.

Let me know how you get on with that.
Posted Image
m0le is a proud member of UNITE

#9 sirrenz0

sirrenz0
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 21 July 2010 - 08:11 PM

so if not keyloggers, how did my gmail start sending out spam to everyone in my contact list? the scans I did didn't really find anything thats why I was afraid my computer was still compromised.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 22 July 2010 - 06:21 PM

QUOTE
the scans I did didn't really find anything thats why I was afraid my computer was still compromised.


If the scans you did didn't really find anything then why should you then think the PC was compromised?

It may be that a security program has already removed the threat soon after it made it's presence felt.

You state that you have scanned your PC with antiviruses but none of the ones you list are actually antiviruses.

Please download Avast free version and run a scan.

Let me know what it finds.
Posted Image
m0le is a proud member of UNITE

#11 sirrenz0

sirrenz0
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 22 July 2010 - 10:25 PM

It found 12 files that were infected in

D:\System Volume Information\_restore{811A8F0b-A9CA-4787-ABE7-4540EB35A866}\RP31\A0012882.EXE

as Trojan,Spyware, Malware, Adware-gen

and deleted them.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 23 July 2010 - 01:16 PM

The System Restore folder does not contain active malware though. They are just copies and can be reactivated inadvertently by using system restore.

They get removed when we set the new system restore at the end of the fix.


Continue the clean up by running ATF

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.


Then clear the Java cache

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon. If you don't see it, go to Other options in the left panel or change to Classic View
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • Applications and applets
    • Trace and log files
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.
Any symptoms since I called it clean?
Posted Image
m0le is a proud member of UNITE

#13 sirrenz0

sirrenz0
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 23 July 2010 - 07:17 PM

so far none.

Thank you for your time and patience!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 23 July 2010 - 07:26 PM

Let's clear up then

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

OTL Clean-Up
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Set a system restore point

1. Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

2. In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the
password or provide confirmation.

3. Click the System Protection tab, and then click Create.

4. In the System Protection dialog box, type a description, and then click Create.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it sirrenz0, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:58 AM

Posted 28 July 2010 - 06:26 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users