Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results redirected / exe downloads not allowed


  • This topic is locked This topic is locked
7 replies to this topic

#1 Semiclear

Semiclear

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 28 July 2010 - 02:20 AM

When I try to download an exe or scr file in Firefox, the download is immediately canceled.
The security settings in Internet Options has been set to medium-high, and access data sources across domains has been set to prompt, this did not solve the problem.

Approximately 10% of the time when clicking on a Google search result, it is redirected to a spam site of the pattern:

hxxp://66.230.188.67/click.php?c=eNoVkkmvqkAUhH-

I recently removed the 'Antivir Solution Pro' malware using Malwarebytes' Anti-Malware.

I have tried using Malwarebytes' Anti-Malware, Avira, and GooredFix and they have not cleared this infection, and I am not sure what infection it is.
I think it is the exact same infection as: http://www.bleepingcomputer.com/forums/t/333552/google-redirect-after-antivir-2010-infection/

Thanks for your help.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Craig at 1:55:52.91 on Wed 07/28/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5262 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Backblaze\bzbui.exe
C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files (x86)\Logitech\Vid\Vid.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\DynDNS Updater\DynTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\MediaTRACKER Professional\MediaTRACKER.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Backblaze\bzserv.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\PowerStrip\PStrip.exe
C:\Users\Craig\Desktop\RealTemp_3.00\RealTemp.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\UltraVNC\WinVNC.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\UltraVNC\WinVNC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Craig\AppData\Local\Temp\Rar$EX06.245\gmer.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\FREEDO~1\fdm.exe
C:\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\syswow64\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {2035df21-11cd-46c8-8930-e03e6e9559c6} - c:\windows\syswow64\zrump.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: FoxmarksDLLBHO Class: {a2a71aba-3939-43b2-bd8f-8c1767ef9020} - c:\program files (x86)\xmarks\ie extension\foxmarksdll.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files (x86)\megaupload\mega manager\MegaIEMn.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files (x86)\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Software Informer] "c:\program files (x86)\software informer\softinfo.exe" -autorun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Backblaze] "c:\program files (x86)\backblaze\bzbui.exe" -quiet
uRun: [Xmarks] c:\program files (x86)\xmarks\ie extension\xmarkssync.exe -q
uRun: [Handy Backup] c:\program files (x86)\novosoft\novosoft office backup\hbagent.exe -logon
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [DisplayFusion] "c:\program files (x86)\displayfusion\DisplayFusion.exe"
uRun: [OpenDNS Updater] "c:\program files (x86)\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [Logitech Vid] "c:\program files (x86)\logitech\vid\Vid.exe" -bootmode
uRun: [Logitech Vid HD] "c:\program files (x86)\logitech\vid\vid.exe" -bootmode
mRun: [Ai Nap] "c:\program files (x86)\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files (x86)\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] "c:\program files (x86)\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [vmware-tray] "c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe"
mRun: [ddoctorv2] "c:\program files (x86)\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: []
mRun: [SoundTray] "c:\program files (x86)\analog devices\soundmax\SoundTray.exe"
mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe
mRun: [MediaTRACKER] c:\program files (x86)\mediatracker professional\MediaTRACKER.exe /I
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [LWS] c:\program files (x86)\logitech\lws\webcam software\LWS.exe -hide
dRun: [Backblaze] "c:\program files (x86)\backblaze\bzbui.exe" -quiet
StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files (x86)\digsby\digsby.exe
StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\logitech\ereg\eReg.exe
StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\powers~1.lnk - c:\program files (x86)\powerstrip\PStrip.exe
StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\realte~1.lnk - c:\users\craig\desktop\realtemp_3.00\RealTemp.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dyndns~1.lnk - c:\program files (x86)\dyndns updater\DynTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files (x86)\free download manager\dlall.htm
IE: Download Link Using Mega Manager... - c:\program files (x86)\megaupload\mega manager\mm_file.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\free download manager\dllink.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
Trusted Zone: army.mil\www.lms
Trusted Zone: pandasecurity.com\www
Trusted Zone: testwebcam.com\www
Trusted Zone: ticketmaster.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {C42E621D-521D-4B79-857B-2F213E7439E7} = 208.67.222.222,208.67.220.220
BHO-X64: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - c:\program files\windows home server\WHSDeskBands.dll
TB-X64: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - c:\program files\windows home server\WHSDeskBands.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [Cmaudio8788] c:\windows\syswow64\rundll32.exe c:\windows\syswow64\cmicnfgp.dll,CMICtrlWnd
mRun-x64: [Cmaudio8788GX] c:\windows\syswow64\HsMgr.exe Envoke
mRun-x64: [Cmaudio8788GX64] c:\windows\system\HsMgr64.exe Envoke
IE-X64: {7ddd9b8a-3029-49da-95a4-3c59733ec94d} - c:\users\craig\appdata\roaming\microsoft\windows\start menu\programs\super book\Super Book.lnk

================= FIREFOX ===================

FF - ProfilePath - c:\users\craig\appdata\roaming\mozilla\firefox\profiles\amcp0fvb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\craig\appdata\roaming\mozilla\firefox\profiles\amcp0fvb.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-2-3 13936]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2010-2-10 33800]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2010-7-20 126792]
R1 PStrip64;PSTRIP64;c:\windows\system32\drivers\pstrip64.sys [2009-11-1 13008]
R2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\avira\antivir desktop\avfwsvc.exe [2010-7-20 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\avira\antivir desktop\avmailc.exe [2010-7-20 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-7-20 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-7-20 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\avira\antivir desktop\avwebgrd.exe [2010-7-20 405672]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 231272]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-20 81072]
R2 bzserv;Backblaze Service;c:\program files (x86)\backblaze\bzserv.exe [2009-7-19 257784]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2009-12-8 8551272]
R2 DynDNS Updater;DynDNS Updater;c:\program files (x86)\dyndns updater\DynUpSvc.exe [2010-4-16 103800]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2009-10-7 109928]
R2 Kiwi Syslog Server;Kiwi Syslog Server;c:\program files (x86)\syslogd\Syslogd_Service.exe [2009-2-8 1855488]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2010-5-7 197976]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\postgresql\8.3\bin\pg_ctl.exe [2009-2-3 65536]
R2 uvnc_service;uvnc_service;c:\program files (x86)\ultravnc\winvnc.exe [2009-7-17 2013624]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-2-4 64560]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 489832]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2010-7-20 98120]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-10-7 53096]
R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2009-5-7 1432576]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-2-3 185968]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\drivers\lvuvc64.sys [2010-7-7 6465632]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-17 18816]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2009-7-17 12096]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\craig\desktop\realtemp_3.00\WinRing0x64.sys [2009-3-15 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-6 135664]
S3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2008-7-10 40448]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_5.2.22617.0.sys [2009-12-8 17408]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-21 27648]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopf64.sys [2010-7-7 271712]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2010-7-7 339040]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28ux.sys [2007-11-21 707584]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-11-21 19968]
S3 qdat160;qdat160;c:\windows\system32\drivers\qdat160.sys [2007-11-29 9728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-23 202752]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-5 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-07-27 00:29:17 188 ----a-w- c:\users\craig\defogger_reenable
2010-07-26 06:00:45 0 d-----w- c:\program files (x86)\Diamond Cut Productions
2010-07-26 04:41:52 108032 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-07-26 04:41:51 0 d-----w- c:\program files (x86)\ffdshow
2010-07-24 08:49:38 174 ----a-w- c:\windows\wininit.ini
2010-07-24 08:11:31 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-24 08:11:31 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-07-24 06:32:18 0 d-----w- c:\program files (x86)\VirtualDubMod
2010-07-23 04:53:27 0 d-----w- c:\temp\Library
2010-07-23 04:53:27 0 d-----w- c:\temp\~Library
2010-07-23 03:23:45 0 d-----w- c:\users\craig\appdata\roaming\Digsby
2010-07-23 03:23:45 0 d-----w- c:\programdata\Digsby
2010-07-23 03:22:38 0 d-----w- c:\program files (x86)\Digsby
2010-07-22 08:50:38 0 d-sh--w- C:\found.000
2010-07-22 08:23:36 0 d-----w- c:\windows\syswow64\logishrd
2010-07-22 08:23:36 0 d-----w- c:\windows\system32\logishrd
2010-07-22 08:23:32 0 d-----w- c:\programdata\Logitech
2010-07-22 08:23:30 0 d-----w- c:\program files (x86)\common files\LWS
2010-07-22 08:22:30 738816 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-07-22 08:22:27 974848 ----a-w- c:\windows\system32\inetcomm.dll
2010-07-22 08:19:37 127 ----a-w- c:\windows\system32\MRT.INI
2010-07-21 23:39:04 0 d-----w- c:\program files (x86)\Merge
2010-07-21 05:19:04 0 d-----w- c:\program files (x86)\PokerStars
2010-07-20 19:26:52 0 d-----w- c:\users\craig\appdata\roaming\Avira
2010-07-20 18:40:21 98120 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-07-20 18:40:21 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-20 18:40:21 126792 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-07-20 18:40:06 0 d-----w- c:\programdata\Avira
2010-07-20 18:40:06 0 d-----w- c:\program files (x86)\Avira
2010-07-20 17:49:03 0 d-----w- c:\users\craig\appdata\roaming\Malwarebytes
2010-07-20 17:47:59 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 17:47:59 0 d-----w- c:\programdata\Malwarebytes
2010-07-20 17:47:59 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-20 17:36:35 150 ----a-w- C:\zrpt.xml
2010-07-20 17:36:27 0 d-----w- c:\users\craig\appdata\roaming\103FDD2AFBECBA1E6D6FD2EBAADDB5D6
2010-07-14 00:11:21 4141612364 ----a-w- C:\m-tbh-720p.mpg
2010-07-13 23:51:01 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-07-13 23:50:56 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-07-13 23:50:56 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-07-13 23:50:48 0 d-----w- c:\program files (x86)\common files\xing shared
2010-07-13 23:50:35 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2010-07-13 23:50:32 0 d-----w- c:\program files (x86)\common files\Real
2010-07-13 23:50:31 0 d-----w- c:\programdata\Real
2010-07-13 23:39:51 0 d-----w- c:\program files (x86)\mkv2vob
2010-07-13 23:39:00 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-07-07 19:55:08 6465632 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2010-07-07 19:54:56 539232 ----a-w- c:\windows\syswow64\LVUI2RC.dll
2010-07-07 19:54:32 543328 ----a-w- c:\windows\syswow64\LVUI2.dll
2010-07-07 19:54:22 559712 ----a-w- c:\windows\system32\LVUIRC64.dll
2010-07-07 19:54:00 771168 ----a-w- c:\windows\system32\LVUI64.dll
2010-07-07 19:53:14 339040 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2010-07-07 19:52:52 271712 ----a-w- c:\windows\system32\drivers\lvpopf64.sys
2010-07-07 19:50:40 269408 ----a-w- c:\windows\system32\lvco1301788.dll
2010-07-07 19:50:18 398432 ----a-w- c:\windows\system32\lvcod64.dll
2010-07-07 19:50:06 416352 ----a-w- c:\windows\syswow64\lvcodec2.dll
2010-07-07 19:44:56 102744 ----a-w- c:\windows\syswow64\LogiDPPApp.exe
2010-07-07 19:44:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-07 19:44:30 10829656 ----a-w- c:\windows\syswow64\LogiDPP.dll
2010-07-07 19:44:30 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-07 19:44:20 290648 ----a-w- c:\windows\syswow64\DevManagerCore.dll
2010-07-07 19:44:20 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-07 19:36:30 90071 ----a-w- c:\windows\system32\lvcoin64.ini
2010-07-07 19:36:18 37518 ----a-w- c:\windows\system32\Repository.reg

==================== Find3M ====================

2010-07-28 06:25:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-22 08:16:46 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-22 08:16:46 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-22 08:16:45 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-21 19:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 14:39:56 2752000 ----a-w- c:\windows\system32\win32k.sys
2009-11-01 22:51:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-02-04 10:40:27 174 --sha-w- c:\program files\desktop.ini
2009-02-04 10:40:27 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-19 22:28:35 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-04 04:48:03 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-02-04 04:48:03 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-12 18:01:11 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-02-04 04:48:03 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-02 01:29:29 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-11-21 18:59:34 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:06:56.00 ===============

Attached Files


Edited by Orange Blossom, 28 July 2010 - 09:49 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 07 August 2010 - 12:53 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Semiclear

Semiclear
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 09 August 2010 - 02:58 PM

OK, I am ready for the first instructions.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 09 August 2010 - 05:40 PM

There's evidence of malware changes throughout the log.

Please run OTL, so we can take a better look at the system
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Semiclear

Semiclear
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 10 August 2010 - 12:16 AM

OTL.txt

OTL logfile created on: 8/10/2010 12:07:10 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Craig\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 3.00% Memory free
16.00 Gb Paging File | 8.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): g:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.26 Gb Total Space | 111.08 Gb Free Space | 7.95% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 332.33 Gb Free Space | 23.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 279.46 Gb Total Space | 269.76 Gb Free Space | 96.53% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SERVER
Current User Name: Craig
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Craig\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Backblaze\bzbui.exe ()
PRC - C:\Program Files (x86)\Backblaze\bzserv.exe ()
PRC - C:\Program Files (x86)\Digsby\lib\digsby-app.exe (dotSyntax, LLC)
PRC - C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Logitech\Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
PRC - C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
PRC - C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Syslogd\Syslogd_Service.exe (Kiwi Enterprises)
PRC - C:\Users\Craig\Desktop\RealTemp_3.00\RealTemp.exe ()
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
PRC - C:\Program Files (x86)\MediaTRACKER Professional\MediaTRACKER.exe ()
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Craig\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\MMDevAPI.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\AudioEng.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\AudioSes.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\HsSrv.dll (C-Media Electronics Inc.)
MOD - C:\Windows\SysWOW64\msacm32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\avrt.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\PowerStrip\PShook.dll (EnTech Taiwan)
MOD - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprthook.dll (SupportSoft, Inc.)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ksuser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcp71.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV:64bit: - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV:64bit: - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (LPDSVC) -- C:\Windows\SysNative\lpdsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (bzserv) -- C:\Program Files (x86)\Backblaze\bzserv.exe ()
SRV - (DynDNS Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ADVService) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (uvnc_service) -- C:\Program Files (x86)\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Kiwi Syslog Server) -- C:\Program Files (x86)\Syslogd\Syslogd_Service.exe (Kiwi Enterprises)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\DRIVERS\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\DRIVERS\avfwim.sys (Avira GmbH)
DRV:64bit: - (LVUVC64) Logitech Webcam 300(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (BackupReader) -- C:\Windows\SysNative\DRIVERS\BackupReader.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (mv2) -- C:\Windows\SysNative\DRIVERS\mv2.sys (UVNC BVBA)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\Drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (bthav) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (qdat160) -- C:\Windows\SysNative\DRIVERS\qdat160.sys (Quantum)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (PStrip64) -- C:\Windows\SysNative\drivers\pstrip64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Users\Craig\Desktop\RealTemp_3.00\WinRing0x64.sys (OpenLibSys.org)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: texpertension@texperts.com:1.0.9
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/29 10:43:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 02:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/13 18:51:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 13:14:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/28 11:22:19 | 000,000,000 | ---D | M]

[2009/02/03 21:48:31 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2009/02/03 21:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/06 12:18:06 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions
[2010/08/05 18:23:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/31 19:11:25 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
[2010/02/14 02:07:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 18:22:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/23 00:40:01 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\DeviceDetection@logitech.com
[2010/07/05 21:37:16 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\foxmarks@kei.com
[2010/04/03 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\texpertension@texperts.com
[2010/04/03 13:05:19 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\amcp0fvb.default\extensions\toolbar@ask.com
[2010/08/06 12:18:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/25 13:14:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 16:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/11/10 17:33:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/07/25 13:14:25 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/25 13:14:25 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/07/25 13:14:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 23:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/07/13 18:51:01 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/07/13 18:51:15 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
[2010/07/13 18:50:58 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2010/07/26 16:01:00 | 000,037,184 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2010/03/06 02:23:16 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/06 02:23:16 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/03/06 02:23:16 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/06 02:23:16 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/06 02:23:16 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/03/06 02:23:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/06 02:23:16 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/23 21:47:38 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (moigh Object) - {2035DF21-11CD-46C8-8930-E03E6E9559C6} - C:\Windows\SysWow64\zrump.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - No CLSID value found.
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.DLL (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MediaTRACKER] C:\Program Files (x86)\MediaTRACKER Professional\MediaTRACKER.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Backblaze] C:\Program Files (x86)\Backblaze\bzbui.exe ()
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Handy Backup] C:\Program Files (x86)\Novosoft\Novosoft Office Backup\hbagent.exe File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [Software Informer] C:\Program Files (x86)\Software Informer\softinfo.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp.exe - Shortcut.lnk = C:\Users\Craig\Desktop\RealTemp_3.00\RealTemp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([www.lms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pandasecurity.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: testwebcam.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ticketmaster.com ([www] http in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Craig\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Craig\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/05 18:18:05 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\Yahoo
[2010/08/05 18:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/08/05 18:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/08/05 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Yahoo!
[2010/08/05 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/03 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\Claudelle Inglish Project
[2010/07/30 01:05:41 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\pictures
[2010/07/29 03:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft
[2010/07/29 02:40:45 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\StarCraft 1.15.2 enUS Installer
[2010/07/29 02:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/07/28 11:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/07/28 11:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/07/28 02:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/07/28 02:24:28 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/26 23:58:37 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\GooredFix Backups
[2010/07/26 23:57:52 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Craig\Desktop\GooredFix.exe
[2010/07/26 06:18:39 | 005,689,344 | ---- | C] (Gabest) -- C:\Users\Craig\Desktop\mplayerc.exe
[2010/07/26 01:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diamond Cut Productions
[2010/07/26 01:00:44 | 000,000,000 | ---D | C] -- C:\Users\Craig\Documents\DC7
[2010/07/25 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/07/24 04:24:19 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/24 04:16:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Craig\Desktop\HijackThis.exe
[2010/07/24 04:12:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Craig\Desktop\bleepWithThis.exe
[2010/07/24 03:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/24 03:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/07/24 01:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDubMod
[2010/07/24 00:48:38 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\AUDIO_TS
[2010/07/24 00:44:55 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\VIDEO_TS
[2010/07/23 15:52:20 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\claudelle inglishhtm_files
[2010/07/22 22:28:31 | 000,000,000 | ---D | C] -- C:\Users\Craig\Documents\Digsby Logs
[2010/07/22 22:23:45 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Digsby
[2010/07/22 22:23:45 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\Digsby
[2010/07/22 22:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby
[2010/07/22 22:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digsby
[2010/07/22 03:50:38 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/22 03:24:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\Documents\SightSpeed Recordings
[2010/07/22 03:24:41 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\LogiShrd
[2010/07/22 03:23:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logishrd
[2010/07/22 03:23:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\logishrd
[2010/07/22 03:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/07/22 03:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2010/07/22 03:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/22 03:02:12 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\viewcart.asp_files
[2010/07/22 01:47:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\stripper chat
[2010/07/22 01:31:25 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\ub chat
[2010/07/21 23:33:25 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\vids
[2010/07/21 18:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Merge
[2010/07/21 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\PokerStars
[2010/07/21 00:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2010/07/20 14:26:52 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Avira
[2010/07/20 13:40:21 | 000,126,792 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2010/07/20 13:40:21 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/07/20 13:40:21 | 000,098,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2010/07/20 13:40:21 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/07/20 13:40:21 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/07/20 13:40:21 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/07/20 13:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/20 13:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/07/20 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Malwarebytes
[2010/07/20 12:48:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/20 12:47:59 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/20 12:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/20 12:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/20 12:47:15 | 006,153,368 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup.exe
[2010/07/20 12:37:13 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/07/20 12:36:43 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\gkqvymrbn
[2010/07/20 12:36:27 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\103FDD2AFBECBA1E6D6FD2EBAADDB5D6
[2010/07/15 17:30:48 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\VMWare Workstation 7 and Serial
[2010/07/13 18:51:01 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/07/13 18:50:56 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/07/13 18:50:56 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/07/13 18:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/07/13 18:50:35 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/07/13 18:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/07/13 18:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/07/13 18:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/07/13 18:50:30 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Real
[2010/07/13 18:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mkv2vob
[2010/07/13 18:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/10 00:09:07 | 004,980,736 | -HS- | M] () -- C:\Users\Craig\NTUSER.DAT
[2010/08/09 23:32:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/09 23:30:27 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 23:30:27 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 19:32:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 20:32:52 | 000,167,936 | ---- | M] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 01:48:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/08/05 15:20:36 | 000,000,906 | ---- | M] () -- C:\Users\Craig\Desktop\VirtualDubMod.lnk
[2010/07/29 03:22:36 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/07/29 01:29:21 | 000,012,639 | ---- | M] () -- C:\Users\Craig\Desktop\pops0.1.zip
[2010/07/28 01:34:31 | 000,707,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/28 01:34:31 | 000,606,948 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/28 01:34:31 | 000,105,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/28 01:29:44 | 000,000,943 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/07/28 01:28:20 | 000,013,582 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\PStrip.ini
[2010/07/28 01:28:17 | 000,013,673 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\PStrip.bak
[2010/07/28 01:27:06 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
[2010/07/28 01:26:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/28 01:26:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/28 01:25:56 | 4294,041,599 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 01:14:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/28 01:13:54 | 000,524,288 | -HS- | M] () -- C:\Users\Craig\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/07/28 01:13:54 | 000,065,536 | -HS- | M] () -- C:\Users\Craig\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/07/28 01:13:49 | 002,271,512 | -H-- | M] () -- C:\Users\Craig\AppData\Local\IconCache.db
[2010/07/28 01:13:32 | 000,013,673 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\PStrip.bk!
[2010/07/27 23:18:52 | 000,002,571 | ---- | M] () -- C:\Users\Public\Desktop\DC Live Forensics 7.5.lnk
[2010/07/27 23:14:38 | 002,255,392 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio.pkf
[2010/07/27 23:10:59 | 454,791,540 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio.wav
[2010/07/26 23:57:52 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Craig\Desktop\GooredFix.exe
[2010/07/26 19:29:17 | 000,000,188 | ---- | M] () -- C:\Users\Craig\defogger_reenable
[2010/07/26 19:28:53 | 000,050,477 | ---- | M] () -- C:\Users\Craig\Desktop\Defogger.exe
[2010/07/26 12:25:15 | 3313,252,350 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 cleaned audio better.avi
[2010/07/26 12:12:06 | 002,255,392 | ---- | M] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned better.pkf
[2010/07/26 12:12:06 | 000,000,261 | ---- | M] () -- C:\Windows\win.ini
[2010/07/26 12:11:32 | 454,791,540 | ---- | M] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned better.wav
[2010/07/26 02:07:19 | 3313,252,350 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 cleaned audio.avi
[2010/07/26 01:57:00 | 002,255,392 | ---- | M] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned.pkf
[2010/07/26 01:56:34 | 454,791,540 | ---- | M] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned.wav
[2010/07/26 01:52:57 | 069,861,420 | ---- | M] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned1.wav
[2010/07/26 01:38:41 | 000,028,180 | ---- | M] () -- C:\Users\Craig\Desktop\noise.pkf
[2010/07/26 01:38:29 | 000,440,484 | ---- | M] () -- C:\Users\Craig\Desktop\noise.wav
[2010/07/26 01:38:08 | 007,905,280 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish noise.avi
[2010/07/26 01:02:51 | 002,255,392 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio1.pkf
[2010/07/26 00:58:56 | 454,791,540 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio1.wav_sesTmp
[2010/07/26 00:36:15 | 3313,252,350 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglish part 1.avi
[2010/07/25 23:38:56 | 000,000,000 | ---- | M] () -- C:\Users\Craig\Desktop\ffdshow_rev3476_20100615_clsid.exe
[2010/07/24 04:24:05 | 003,742,848 | ---- | M] () -- C:\Users\Craig\Desktop\ComboFix.exe
[2010/07/24 04:12:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Craig\Desktop\HijackThis.exe
[2010/07/24 04:12:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Craig\Desktop\bleepWithThis.exe
[2010/07/24 04:03:16 | 001,365,720 | ---- | M] () -- C:\Users\Craig\Desktop\8e41913a.200x.gif
[2010/07/24 03:49:38 | 000,000,174 | ---- | M] () -- C:\Windows\wininit.ini
[2010/07/24 03:11:34 | 000,001,121 | ---- | M] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/24 03:11:34 | 000,001,097 | ---- | M] () -- C:\Users\Craig\Desktop\Spybot - Search & Destroy.lnk
[2010/07/23 15:52:22 | 000,102,047 | ---- | M] () -- C:\Users\Craig\Desktop\claudelle inglishhtm.htm
[2010/07/23 03:37:33 | 000,021,295 | ---- | M] () -- C:\Users\Craig\Desktop\ace52e66.200x.jpg
[2010/07/23 03:36:17 | 000,009,822 | ---- | M] () -- C:\Users\Craig\Desktop\25943ec6.200x.jpg
[2010/07/22 22:23:40 | 000,000,942 | ---- | M] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2010/07/22 22:23:40 | 000,000,918 | ---- | M] () -- C:\Users\Craig\Desktop\Digsby.lnk
[2010/07/22 22:23:40 | 000,000,854 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
[2010/07/22 14:09:36 | 000,013,673 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\PStrip.bko
[2010/07/22 14:05:04 | 000,229,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/22 03:24:07 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid.lnk
[2010/07/22 03:23:16 | 000,001,515 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2010/07/22 03:19:37 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/07/22 03:08:42 | 000,000,120 | ---- | M] () -- C:\Users\Craig\AppData\Local\Uxosobuzog.dat
[2010/07/22 03:08:42 | 000,000,000 | ---- | M] () -- C:\Users\Craig\AppData\Local\Kbeqer.bin
[2010/07/22 03:02:12 | 000,078,183 | ---- | M] () -- C:\Users\Craig\Desktop\viewcart.asp.htm
[2010/07/21 18:39:07 | 000,001,837 | ---- | M] () -- C:\Users\Craig\Desktop\Super Book.lnk
[2010/07/21 00:19:11 | 000,000,900 | ---- | M] () -- C:\Users\Craig\Desktop\PokerStars.lnk
[2010/07/20 13:41:49 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/07/20 13:35:30 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/07/20 13:35:27 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/07/20 13:35:27 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/07/20 13:35:25 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/07/20 13:35:24 | 000,126,792 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2010/07/20 13:35:24 | 000,098,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2010/07/20 12:48:02 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 12:47:22 | 006,153,368 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup.exe
[2010/07/20 12:36:35 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/13 19:12:44 | 4141,612,364 | ---- | M] () -- C:\m-tbh-720p.mpg
[2010/07/13 18:51:01 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/07/13 18:50:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/07/13 18:50:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/07/13 18:50:35 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/07/13 18:39:52 | 000,001,829 | ---- | M] () -- C:\Users\Craig\Desktop\mkv2vob.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/05 15:20:36 | 000,000,906 | ---- | C] () -- C:\Users\Craig\Desktop\VirtualDubMod.lnk
[2010/07/29 03:21:05 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/07/29 02:10:21 | 000,005,972 | ---- | C] () -- C:\Users\Craig\Desktop\gradients.swf
[2010/07/29 02:10:21 | 000,000,714 | ---- | C] () -- C:\Users\Craig\Desktop\RampMaker.html
[2010/07/29 01:28:33 | 000,012,639 | ---- | C] () -- C:\Users\Craig\Desktop\pops0.1.zip
[2010/07/28 01:29:44 | 000,000,943 | ---- | C] () -- C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/07/26 19:29:17 | 000,000,188 | ---- | C] () -- C:\Users\Craig\defogger_reenable
[2010/07/26 19:28:52 | 000,050,477 | ---- | C] () -- C:\Users\Craig\Desktop\Defogger.exe
[2010/07/26 12:17:29 | 3313,252,350 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 cleaned audio better.avi
[2010/07/26 12:11:32 | 002,255,392 | ---- | C] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned better.pkf
[2010/07/26 12:10:06 | 454,791,540 | ---- | C] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned better.wav
[2010/07/26 01:52:35 | 069,861,420 | ---- | C] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned1.wav
[2010/07/26 01:52:20 | 002,255,392 | ---- | C] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned.pkf
[2010/07/26 01:51:47 | 454,791,540 | ---- | C] () -- C:\Users\Craig\Desktop\inglish part 1 audio cleaned.wav
[2010/07/26 01:38:41 | 000,028,180 | ---- | C] () -- C:\Users\Craig\Desktop\noise.pkf
[2010/07/26 01:38:29 | 000,440,484 | ---- | C] () -- C:\Users\Craig\Desktop\noise.wav
[2010/07/26 01:38:04 | 007,905,280 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish noise.avi
[2010/07/26 01:12:13 | 3313,252,350 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 cleaned audio.avi
[2010/07/26 01:02:40 | 002,255,392 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio1.pkf
[2010/07/26 01:02:40 | 002,255,392 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio.pkf
[2010/07/26 01:01:08 | 000,002,571 | ---- | C] () -- C:\Users\Public\Desktop\DC Live Forensics 7.5.lnk
[2010/07/26 00:59:23 | 033,236,480 | ---- | C] () -- C:\Users\Craig\Desktop\DC7LiveSetup75EA.msi
[2010/07/26 00:59:23 | 000,093,696 | ---- | C] () -- C:\Users\Craig\Desktop\DCLFAL75-Keygen.exe
[2010/07/26 00:52:44 | 454,791,540 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio1.wav_sesTmp
[2010/07/26 00:52:44 | 454,791,540 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish part 1 audio.wav
[2010/07/25 23:47:04 | 3313,252,350 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglish part 1.avi
[2010/07/25 23:41:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/07/25 23:38:56 | 000,000,000 | ---- | C] () -- C:\Users\Craig\Desktop\ffdshow_rev3476_20100615_clsid.exe
[2010/07/24 04:24:02 | 003,742,848 | ---- | C] () -- C:\Users\Craig\Desktop\ComboFix.exe
[2010/07/24 04:03:16 | 001,365,720 | ---- | C] () -- C:\Users\Craig\Desktop\8e41913a.200x.gif
[2010/07/24 03:49:38 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/24 03:11:34 | 000,001,121 | ---- | C] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/24 03:11:34 | 000,001,097 | ---- | C] () -- C:\Users\Craig\Desktop\Spybot - Search & Destroy.lnk
[2010/07/23 15:52:19 | 000,102,047 | ---- | C] () -- C:\Users\Craig\Desktop\claudelle inglishhtm.htm
[2010/07/23 03:37:33 | 000,021,295 | ---- | C] () -- C:\Users\Craig\Desktop\ace52e66.200x.jpg
[2010/07/23 03:36:16 | 000,009,822 | ---- | C] () -- C:\Users\Craig\Desktop\25943ec6.200x.jpg
[2010/07/22 22:23:40 | 000,000,942 | ---- | C] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2010/07/22 22:23:40 | 000,000,918 | ---- | C] () -- C:\Users\Craig\Desktop\Digsby.lnk
[2010/07/22 22:23:40 | 000,000,854 | ---- | C] () -- C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
[2010/07/22 03:24:07 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid.lnk
[2010/07/22 03:23:16 | 000,001,515 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2010/07/22 03:19:37 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010/07/22 03:02:11 | 000,078,183 | ---- | C] () -- C:\Users\Craig\Desktop\viewcart.asp.htm
[2010/07/21 18:39:07 | 000,001,837 | ---- | C] () -- C:\Users\Craig\Desktop\Super Book.lnk
[2010/07/21 00:19:11 | 000,000,900 | ---- | C] () -- C:\Users\Craig\Desktop\PokerStars.lnk
[2010/07/20 13:41:49 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/07/20 13:35:51 | 000,436,096 | ---- | C] () -- C:\Users\Craig\AppData\Local\dd_vcredistMSI7393.txt
[2010/07/20 13:35:38 | 000,237,496 | ---- | C] () -- C:\Users\Craig\AppData\Local\dd_vcredistUI7393.txt
[2010/07/20 12:48:02 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 12:38:15 | 000,000,120 | ---- | C] () -- C:\Users\Craig\AppData\Local\Uxosobuzog.dat
[2010/07/20 12:38:15 | 000,000,000 | ---- | C] () -- C:\Users\Craig\AppData\Local\Kbeqer.bin
[2010/07/20 12:36:35 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/15 17:30:32 | 171,096,064 | ---- | C] () -- C:\Users\Craig\Desktop\WinLite.iso
[2010/07/13 19:11:21 | 4141,612,364 | ---- | C] () -- C:\m-tbh-720p.mpg
[2010/07/13 18:39:52 | 000,001,829 | ---- | C] () -- C:\Users\Craig\Desktop\mkv2vob.lnk
[2010/07/07 14:44:30 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/07 14:44:20 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/04/15 23:12:23 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini
[2010/04/11 21:51:54 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2010/04/11 21:51:54 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2010/02/03 01:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2010/02/03 01:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2009/08/27 01:38:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/05 16:13:45 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/05 16:13:01 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/07 19:20:33 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2009/05/07 19:20:33 | 000,000,053 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2009/05/07 19:20:32 | 000,041,410 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2009/05/07 19:19:50 | 000,000,908 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2009/05/07 19:19:48 | 000,004,967 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2009/05/07 19:19:48 | 000,000,559 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2009/02/04 04:01:24 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/02/04 03:48:50 | 000,000,000 | ---- | C] () -- C:\Windows\bench32.INI
[2009/02/04 00:38:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/02/04 00:38:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/02/04 00:32:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/02/04 00:32:55 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/11/21 13:49:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 04:46:03 | 000,000,009 | ---- | C] () -- C:\Windows\SysWow64\comsats.sys

========== LOP Check ==========

[2009/05/25 04:57:02 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\.SwarmPlayer
[2009/05/25 04:56:44 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\.Tribler
[2010/07/20 12:36:27 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\103FDD2AFBECBA1E6D6FD2EBAADDB5D6
[2009/05/07 19:20:50 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\ASUS
[2010/04/16 01:31:32 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Broad Intelligence
[2010/01/19 09:14:13 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\corz
[2009/07/19 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\CrashPlan
[2010/04/27 12:40:06 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\DAEMON Tools Lite
[2010/07/11 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\DisplayFusion
[2010/01/03 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\DVDforger
[2010/08/10 00:11:59 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Free Download Manager
[2010/04/23 00:23:45 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Leadertech
[2009/03/27 21:58:17 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Megaupload
[2009/08/24 06:24:01 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Novosoft
[2010/07/23 15:26:26 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\OpenDNS Updater
[2009/03/31 01:28:39 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Opera
[2009/02/18 19:15:40 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\postgresql
[2010/08/10 00:04:08 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\uTorrent
[2010/02/02 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Windows Home Server
[2009/05/08 21:12:04 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\XBMC
[2010/07/28 01:14:12 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:5B4BB726
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B4F37E5
< End of report >

No Extras.txt was created






#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 10 August 2010 - 05:23 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O2 - BHO: (moigh Object) - {2035DF21-11CD-46C8-8930-E03E6E9559C6} - C:\Windows\SysWow64\zrump.dll File not found
O2 - BHO: (no name) - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2010/07/20 12:36:43 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\gkqvymrbn
[2010/07/22 03:08:42 | 000,000,120 | ---- | M] () -- C:\Users\Craig\AppData\Local\Uxosobuzog.dat
[2010/07/22 03:08:42 | 000,000,000 | ---- | M] () -- C:\Users\Craig\AppData\Local\Kbeqer.bin
[2010/07/20 12:36:35 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:5B4BB726
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B4F37E5
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 14 August 2010 - 08:01 AM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 15 August 2010 - 06:44 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users