Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects me to other sites


  • This topic is locked This topic is locked
10 replies to this topic

#1 tutstuts

tutstuts

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 26 October 2010 - 03:46 PM

Hey guys, I cant use google search anymore. But I really need it for my university assignments.
Hope I can get your help, thanks!

PS: the GMER didn't let me check the boxes above 'services'. They were all dark grey.


DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Milly at 16:26:06.44 on 26-Oct-10
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2444 [GMT -4:00]

AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\locator.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Milly\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
uWindows: load=C:\Windows\svc.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [PlayNC Launcher]
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [NetLog3] C:\Windows\svc3.exe
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [uPc+kt0NdueJsiv] rundll32.exe C:\Windows\system32\v4qomivny.dll, SystemServer
mRun: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
mRun: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
mRun: [note]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [uPc+kt0NdueJsiv] rundll32.exe C:\Windows\system32\v4qomivny.dll, SystemServer
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
dRun: [uPc+kt0NdueJsiv] rundll32.exe C:\Windows\system32\v4qomivny.dll, SystemServer
StartupFolder: C:\Users\Milly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SecurityProviders: credssp.dll, mcinwrki.dll, mchoetcx.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
Hosts: 173.192.153.178 www.123.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Milly\AppData\Roaming\Mozilla\Firefox\Profiles\bvnwog8g.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ca
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: XULRunner: {1A1717BD-DB51-4E15-843A-C1A19C4A7263} - C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}
FF - HiddenExtension: XULRunner: {2144644C-E5F8-43E9-8AB3-B34D345B998D} - C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2010-6-9 15872]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-9-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [2010-6-9 40960]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-6-4 202776]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-6-4 94744]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2010-6-9 1061888]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2010-10-3 15360]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [2010-6-9 126976]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-5 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-6-4 202776]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-6-4 94744]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-9-9 153808]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-26 07:41:58 -------- d-sh--w- C:\PROGRA~3\DSS
2010-10-24 20:34:55 28160 --sha-w- C:\Users\Milly\AppData\Local\csncui.dll
2010-10-22 17:11:07 -------- d-----w- C:\Program Files (x86)\JoWooD Entertainment AG
2010-10-22 17:06:36 -------- d--h--w- C:\$AVG
2010-10-22 17:01:57 -------- d-----w- C:\Users\Milly\AppData\Roaming\AVG10
2010-10-22 16:43:14 -------- d--h--w- C:\PROGRA~3\Common Files
2010-10-22 16:42:31 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2010-10-22 16:41:06 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-10-22 16:41:06 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-22 16:40:51 -------- d-----w- C:\Program Files (x86)\AVG
2010-10-22 16:27:16 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-22 07:04:48 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2010-10-22 07:04:48 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2010-10-22 07:04:48 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2010-10-22 07:04:48 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2010-10-22 07:04:47 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2010-10-22 07:04:47 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2010-10-14 07:01:40 -------- d-----w- C:\P.H. GANSO
2010-10-14 07:01:40 -------- d-----w- C:\NEYMAR
2010-10-08 20:33:21 -------- d-----w- C:\Users\Milly\AppData\Local\Apple Computer
2010-10-08 20:33:06 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-10-08 20:33:05 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-08 20:33:05 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-10-08 20:32:45 -------- d-----w- C:\Program Files\iTunes
2010-10-08 20:32:45 -------- d-----w- C:\Program Files\iPod
2010-10-08 20:32:45 -------- d-----w- C:\Program Files (x86)\iTunes
2010-10-08 20:32:45 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-10-08 20:32:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-08 20:32:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-08 20:32:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-08 20:32:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-08 20:32:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-08 20:32:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-08 20:32:03 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-10-08 20:30:48 -------- d-----w- C:\Program Files\Bonjour
2010-10-08 20:30:48 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-10-04 02:03:19 15360 ----a-w- C:\Windows\System32\drivers\pneteth.sys
2010-10-04 02:03:18 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2010-09-30 20:00:47 -------- d-----w- C:\PROGRA~3\KONAMI
2010-09-30 02:24:33 -------- d-sh--w- C:\Users\Milly\.COMMgr

==================== Find3M ====================

2010-10-22 05:09:14 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2010-10-22 05:09:14 14848 ----a-w- C:\Windows\System32\slwga.dll
2010-10-22 05:09:14 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-09-16 23:05:17 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2010-09-16 23:05:17 1008640 ----a-w- C:\Windows\System32\user32.dll
2010-09-15 00:46:42 312480 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-09-15 00:46:41 43168 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2010-09-13 20:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-07 07:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-07 07:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-09-07 07:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-07 07:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-08-30 22:57:31 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2010-08-20 01:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2010-08-20 01:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2010-08-09 23:45:39 659968 ----a-w- C:\a.msi
2010-08-09 22:20:31 363520 ----a-w- C:\rkill.com
2010-08-09 17:26:17 0 ----a-w- C:\Windows\SysWow64\~~.tmp
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 16:26:49.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:19 PM

Posted 03 November 2010 - 05:20 PM

Hi tutstuts, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 tutstuts

tutstuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 04 November 2010 - 10:36 AM

Hi, snemelk.
Thank you very much for your help.

As you asked:

otl.txt

OTL logfile created on: 04-Nov-10 11:31:43 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Milly\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 41.55 Gb Free Space | 17.85% Space Free | Partition Type: NTFS

Computer Name: MILLYBILLY | User Name: Milly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-04 11:30:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Milly\Desktop\OTL.exe
PRC - [2010-10-11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-10-11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010-09-15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010-09-10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010-09-10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
PRC - [2010-09-07 03:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010-09-01 00:11:58 | 000,473,616 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-07-09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-04-14 17:54:48 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-03-25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010-01-15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-10-19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009-10-19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009-07-13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009-07-07 19:49:20 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
PRC - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (SafeList) ==========

MOD - [2010-11-04 11:30:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Milly\Desktop\OTL.exe
MOD - [2009-07-13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010-10-11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-10-08 01:34:31 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-09-10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-09-10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-07-09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-06-08 10:46:26 | 000,153,808 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010-04-14 17:54:48 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-02-05 22:19:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-01-15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-08-21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009-07-07 19:49:20 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-09-14 20:46:42 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010-09-14 20:46:41 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010-09-13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010-09-07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010-09-07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010-09-07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010-09-07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010-09-02 17:49:44 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010-08-19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010-08-19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010-07-12 04:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010-04-19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009-09-15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009-09-11 15:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009-09-11 15:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009-09-11 15:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009-09-11 15:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009-07-13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 03:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009-06-04 03:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009-06-04 03:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009-06-04 03:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009-06-04 03:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009-06-04 03:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009-06-04 03:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009-06-04 03:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009-06-04 03:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009-06-04 03:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009-06-04 03:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009-06-04 03:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009-06-04 03:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2010-11-03 13:03:03 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2010-05-22 20:15:30 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\KbdCap.sys -- (kbdcap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E4 99 14 4B 48 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.ca"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}: C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263} [2010-08-11 08:10:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2144644C-E5F8-43E9-8AB3-B34D345B998D}: C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\ [2010-08-09 13:22:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010-10-25 13:02:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-28 02:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-28 02:25:10 | 000,000,000 | ---D | M]

[2010-10-23 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Milly\AppData\Roaming\mozilla\Extensions
[2010-10-28 14:23:46 | 000,000,000 | ---D | M] -- C:\Users\Milly\AppData\Roaming\mozilla\Firefox\Profiles\bvnwog8g.default\extensions
[2010-10-23 14:21:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010-08-09 13:25:39 | 000,001,128 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O1 - Hosts: 173.192.153.178 www.123.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [note] File not found
O4 - HKLM..\Run: [uPc+kt0NdueJsiv] C:\Windows\SysWow64\v4qomivny.DLL File not found
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NetLog3] C:\Windows\svc3.exe File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uPc+kt0NdueJsiv] C:\Windows\SysWow64\v4qomivny.DLL File not found
O4 - Startup: C:\Users\Milly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Windows\svc.exe) - C:\Windows\svc.exe File not found
F3 - HKCU WinNT: Load - (C:\Windows\svc.exe) - C:\Windows\svc.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (mcinwrki.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (mchoetcx.dll) - File not found
O29 - HKLM SecurityProviders - (mcinwrki.dll) - File not found
O29 - HKLM SecurityProviders - (mchoetcx.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1833df04-3219-11df-8f06-001fbc0028d2}\Shell - "" = AutoRun
O33 - MountPoints2\{1833df04-3219-11df-8f06-001fbc0028d2}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010-11-04 11:30:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Milly\Desktop\OTL.exe
[2010-11-03 13:08:24 | 001,329,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Milly\Desktop\TDSSKiller.exe
[2010-11-03 13:05:59 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010-10-29 15:41:20 | 000,000,000 | ---D | C] -- C:\Users\Milly\AppData\Local\Microsoft Games
[2010-10-28 02:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010-10-28 02:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010-10-26 04:22:24 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010-10-26 04:22:24 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010-10-26 04:22:24 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010-10-26 04:22:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010-10-26 04:22:22 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010-10-26 04:22:22 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010-10-26 04:22:22 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010-10-26 04:22:22 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010-10-26 04:22:21 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010-10-26 04:22:21 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010-10-26 04:22:21 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010-10-26 04:22:21 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010-10-26 04:22:15 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010-10-26 04:22:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010-10-26 04:22:14 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010-10-26 04:22:14 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010-10-26 03:41:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2010-10-26 03:41:54 | 000,000,000 | ---D | C] -- C:\Users\Milly\Documents\EA Games
[2010-10-25 16:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010-10-23 14:21:20 | 000,000,000 | ---D | C] -- C:\Users\Milly\AppData\Roaming\Mozilla
[2010-10-23 14:21:20 | 000,000,000 | ---D | C] -- C:\Users\Milly\AppData\Local\Mozilla
[2010-10-23 14:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010-10-22 13:23:29 | 000,000,000 | ---D | C] -- C:\Users\Milly\Documents\ArcaniA - Gothic 4
[2010-10-22 13:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD Entertainment AG
[2010-10-22 13:06:36 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010-10-22 13:01:57 | 000,000,000 | ---D | C] -- C:\Users\Milly\AppData\Roaming\AVG10
[2010-10-22 12:43:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010-10-22 12:42:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2010-10-22 12:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010-10-22 12:41:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010-10-22 12:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010-10-22 12:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010-10-22 03:04:48 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010-10-22 03:04:48 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010-10-22 03:04:48 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010-10-22 03:04:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010-10-22 03:04:47 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010-10-22 03:04:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010-10-17 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Milly\Desktop\fusionnnn
[2010-10-15 19:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010-10-14 03:01:40 | 000,000,000 | ---D | C] -- C:\P.H. GANSO
[2010-10-14 03:01:40 | 000,000,000 | ---D | C] -- C:\NEYMAR
[2010-10-08 16:33:21 | 000,000,000 | ---D | C] -- C:\Users\Milly\AppData\Roaming\Apple Computer
[2010-10-08 16:33:21 | 000,000,000 | ---D | C] -- C:\Users\Milly\AppData\Local\Apple Computer
[2010-10-08 16:33:06 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010-10-08 16:33:05 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010-10-08 16:33:05 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010-10-08 16:33:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010-10-08 16:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-10-08 16:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010-10-08 16:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-10-08 16:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010-10-08 16:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010-10-08 16:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010-10-08 16:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010-10-08 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010-10-08 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010-10-08 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2009-06-04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-04 11:30:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Milly\Desktop\OTL.exe
[2010-11-04 11:02:07 | 098,389,932 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010-11-04 11:00:09 | 000,000,574 | -HS- | M] () -- C:\Users\Milly\AppData\Local\2515125132
[2010-11-04 10:59:43 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{DEFB4C13-ABD9-4802-87C1-165445388E35}
[2010-11-04 10:59:43 | 000,003,284 | ---- | M] () -- C:\Users\Milly\AppData\Roaming\ANIWZCS{DEFB4C13-ABD9-4802-87C1-165445388E35}
[2010-11-04 10:59:33 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2010-11-04 10:58:34 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{DEFB4C13-ABD9-4802-87C1-165445388E35}
[2010-11-04 10:58:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-11-04 10:58:26 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010-11-04 02:06:36 | 000,061,748 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-0000000A-00001102-00000005-00311102}.rfx
[2010-11-04 02:06:36 | 000,061,748 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-0000000A-00001102-00000005-00311102}.rfx
[2010-11-04 02:06:36 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-0000000A-00001102-00000005-00311102}.rfx
[2010-11-03 20:55:13 | 000,173,021 | ---- | M] () -- C:\Users\Milly\Desktop\tickets.png
[2010-11-03 19:37:05 | 000,106,719 | ---- | M] () -- C:\Users\Milly\Desktop\9.jpg
[2010-11-03 19:37:00 | 000,107,995 | ---- | M] () -- C:\Users\Milly\Desktop\8.jpg
[2010-11-03 19:27:10 | 000,008,124 | ---- | M] () -- C:\Users\Milly\Desktop\7.jpg
[2010-11-03 19:17:00 | 000,019,010 | ---- | M] () -- C:\Users\Milly\Desktop\6.jpg
[2010-11-03 19:14:10 | 000,037,783 | ---- | M] () -- C:\Users\Milly\Desktop\5.jpg
[2010-11-03 19:09:21 | 000,025,260 | ---- | M] () -- C:\Users\Milly\Desktop\4.jpg
[2010-11-03 18:35:56 | 000,011,395 | ---- | M] () -- C:\Users\Milly\Desktop\3.jpg
[2010-11-03 18:35:17 | 000,029,785 | ---- | M] () -- C:\Users\Milly\Desktop\2.jpg
[2010-11-03 18:35:04 | 000,019,607 | ---- | M] () -- C:\Users\Milly\Desktop\1.jpg
[2010-11-03 15:16:47 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Milly.job
[2010-11-03 13:03:03 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010-11-03 10:12:46 | 001,329,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Milly\Desktop\TDSSKiller.exe
[2010-11-01 23:09:56 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-11-01 23:09:56 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-11-01 23:09:56 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-10-31 15:53:06 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010-10-31 15:53:06 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010-10-31 15:47:32 | 000,029,184 | -HS- | M] () -- C:\Users\Milly\AppData\Local\csncui.dll
[2010-10-27 13:22:50 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010-10-26 03:49:05 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\Medal Of Honor 2010.Limited Edition.lnk
[2010-10-25 16:53:04 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-10-25 16:53:03 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-10-23 14:39:57 | 000,000,664 | ---- | M] () -- C:\Users\Milly\Desktop\Pro Evolution Soccer 2011.lnk
[2010-10-23 14:21:19 | 000,001,932 | ---- | M] () -- C:\Users\Milly\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-10-23 14:21:19 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-10-22 20:54:57 | 000,625,796 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2010-10-22 13:18:44 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\Start ArcaniA - Gothic 4.lnk
[2010-10-22 12:42:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010-10-22 12:42:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2010-10-22 12:42:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010-10-22 01:09:14 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010-10-22 01:09:14 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2010-10-22 01:09:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2010-10-21 23:41:52 | 000,001,406 | ---- | M] () -- C:\Users\Milly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-10-20 14:48:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-10-07 11:31:12 | 002,856,093 | ---- | M] () -- C:\Users\Milly\Documents\DSC_0011.jpg
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-04 11:02:07 | 098,389,932 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010-11-03 20:55:13 | 000,173,021 | ---- | C] () -- C:\Users\Milly\Desktop\tickets.png
[2010-11-03 19:37:05 | 000,106,719 | ---- | C] () -- C:\Users\Milly\Desktop\9.jpg
[2010-11-03 19:37:00 | 000,107,995 | ---- | C] () -- C:\Users\Milly\Desktop\8.jpg
[2010-11-03 19:27:10 | 000,008,124 | ---- | C] () -- C:\Users\Milly\Desktop\7.jpg
[2010-11-03 19:16:59 | 000,019,010 | ---- | C] () -- C:\Users\Milly\Desktop\6.jpg
[2010-11-03 19:14:10 | 000,037,783 | ---- | C] () -- C:\Users\Milly\Desktop\5.jpg
[2010-11-03 19:09:21 | 000,025,260 | ---- | C] () -- C:\Users\Milly\Desktop\4.jpg
[2010-11-03 18:35:56 | 000,011,395 | ---- | C] () -- C:\Users\Milly\Desktop\3.jpg
[2010-11-03 18:35:17 | 000,029,785 | ---- | C] () -- C:\Users\Milly\Desktop\2.jpg
[2010-11-03 18:35:03 | 000,019,607 | ---- | C] () -- C:\Users\Milly\Desktop\1.jpg
[2010-11-03 13:02:17 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010-10-28 02:25:54 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010-10-28 02:25:54 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010-10-26 03:49:05 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\Medal Of Honor 2010.Limited Edition.lnk
[2010-10-24 16:34:55 | 000,029,184 | -HS- | C] () -- C:\Users\Milly\AppData\Local\csncui.dll
[2010-10-24 16:34:55 | 000,000,574 | -HS- | C] () -- C:\Users\Milly\AppData\Local\2515125132
[2010-10-23 14:39:57 | 000,000,664 | ---- | C] () -- C:\Users\Milly\Desktop\Pro Evolution Soccer 2011.lnk
[2010-10-23 14:21:19 | 000,001,932 | ---- | C] () -- C:\Users\Milly\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-10-23 14:21:19 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-10-22 20:54:57 | 000,625,796 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2010-10-22 13:18:44 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\Start ArcaniA - Gothic 4.lnk
[2010-10-22 12:42:31 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010-10-22 12:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010-10-22 12:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2010-10-22 12:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010-10-07 11:31:11 | 002,856,093 | ---- | C] () -- C:\Users\Milly\Documents\DSC_0011.jpg
[2010-07-31 19:27:31 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010-07-19 12:13:10 | 000,000,120 | ---- | C] () -- C:\Users\Milly\AppData\Local\Vtodadajakuc.dat
[2010-07-19 12:13:10 | 000,000,000 | ---- | C] () -- C:\Users\Milly\AppData\Local\Sxuqoquq.bin
[2010-06-28 01:00:29 | 000,000,089 | ---- | C] () -- C:\Windows\PT2Key-eng.ini
[2010-06-15 21:45:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-06-09 21:46:16 | 000,003,284 | ---- | C] () -- C:\Users\Milly\AppData\Roaming\ANIWZCS{DEFB4C13-ABD9-4802-87C1-165445388E35}
[2010-06-09 21:42:33 | 000,000,251 | ---- | C] () -- C:\Users\Milly\AppData\Roaming\ANICONFIG_{DEFB4C13-ABD9-4802-87C1-165445388E35}.ini
[2010-05-22 20:15:30 | 000,109,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\KbdCap.sys
[2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010-03-29 06:30:02 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-03-17 21:14:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010-03-17 21:14:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-03-17 21:14:02 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-03-17 21:14:02 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010-03-17 21:14:01 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010-02-24 14:27:20 | 000,014,848 | ---- | C] () -- C:\Windows\cmsetac.dll.Spoof.dll
[2010-02-23 16:25:29 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\NvApps.xml.Spoof.dll
[2010-02-21 19:25:57 | 000,000,205 | ---- | C] () -- C:\Users\Milly\AppData\Roaming\KB8888239.log
[2010-02-06 00:29:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-02-05 22:18:28 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010-02-05 22:18:28 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009-07-13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009-06-04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009-06-04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009-05-27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-08-09 19:45:39 | 000,659,968 | ---- | M] () -- C:\a.msi
[2010-08-09 13:31:37 | 000,001,915 | ---- | M] () -- C:\b.lnk
[2010-11-04 10:58:26 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2006-12-02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010-11-04 10:58:27 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys
[2010-08-09 18:20:31 | 000,363,520 | ---- | M] () -- C:\rkill.com
[2010-08-09 18:22:18 | 000,000,371 | ---- | M] () -- C:\rkill.log
[2010-02-26 12:43:03 | 000,000,058 | ---- | M] () -- C:\start
[2010-08-09 18:16:21 | 000,126,980 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_18.15.08_log.txt
[2010-08-09 18:17:07 | 000,064,286 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_18.16.41_log.txt
[2010-10-26 16:54:59 | 000,067,534 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_26.10.2010_16.54.05_log.txt
[2010-10-26 16:57:00 | 000,067,314 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_26.10.2010_16.56.07_log.txt
[2010-10-26 17:01:44 | 000,067,408 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_26.10.2010_17.01.16_log.txt
[2010-11-03 13:08:55 | 000,065,980 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_03.11.2010_13.08.33_log.txt
[2010-08-09 11:44:49 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

extras.txt

OTL Extras logfile created on: 04-Nov-10 11:31:43 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Milly\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 41.55 Gb Free Space | 17.85% Space Free | Partition Type: NTFS

Computer Name: MILLYBILLY | User Name: Milly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{319B58E8-4C80-4912-8EA7-24A9658120C6}" = AVG 2011
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5BF8A577-B334-49BE-A7B2-349C1F1B0C58}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"AVG" = AVG 2011
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0DFD3F5C-DE64-442B-B3B7-37745D92AD6A}" = CNC4 Offline Patch
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0820-3AA6-493A-80B9-301000028502}" = DiRT2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROPLUS_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0416-1000-0000000FF1CE}_PROPLUS_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_PROPLUS_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4 Hotfix
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.146
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArcaniA" = ArcaniA - Gothic 4
"AudioCS" = Creative Audio Control Panel
"BitTorrent" = BitTorrent
"Bus Driver" = Bus Driver 1.0
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CSI - Deadly Intent" = CSI - Deadly Intent
"Eurobattle.net1.24b" = Eurobattle.net
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Garena" = Garena 2010
"InstallShield_{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IsoBuster_is1" = IsoBuster 2.7
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Medal Of Honor 2010.Limited Edition_is1" = Medal Of Honor 2010.Limited Edition
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PdaNet_is1" = PdaNet for Android 2.45
"PowerISO" = PowerISO
"Precision" = EVGA Precision 2.0.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.2.9
"Steam App 12210" = Grand Theft Auto IV
"Steam App 630" = Alien Swarm
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Veetle TV" = Veetle TV 0.9.18
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02-Nov-10 1:54:08 PM | Computer Name = MillyBilly | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 02-Nov-10 3:04:59 PM | Computer Name = MillyBilly | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 03-Nov-10 1:30:56 AM | Computer Name = MillyBilly | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 03-Nov-10 12:03:13 PM | Computer Name = MillyBilly | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 03-Nov-10 1:38:16 PM | Computer Name = MillyBilly | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 03-Nov-10 3:35:59 PM | Computer Name = MillyBilly | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 03-Nov-10 3:50:21 PM | Computer Name = MillyBilly | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 03-Nov-10 4:24:38 PM | Computer Name = MillyBilly | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 03-Nov-10 7:50:56 PM | Computer Name = MillyBilly | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3951, time
stamp: 0x4cc7ae16 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00696e33 Faulting process id: 0x1754 Faulting application
start time: 0x01cb7b9e0080def0 Faulting application path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: 32e5b820-e7a5-11df-9cd4-001fbc0028d2

Error - 04-Nov-10 10:59:21 AM | Computer Name = MillyBilly | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ System Events ]
Error - 04-Jul-10 6:15:47 PM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 04-Jul-10 6:15:47 PM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 04-Jul-10 6:15:55 PM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 04-Jul-10 6:15:55 PM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 05-Jul-10 9:12:59 AM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 05-Jul-10 9:12:59 AM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 05-Jul-10 9:13:07 AM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 05-Jul-10 9:13:07 AM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 05-Jul-10 1:10:36 PM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 05-Jul-10 1:10:36 PM | Computer Name = MillyBilly | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\kbdcap.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


< End of report >

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:19 PM

Posted 04 November 2010 - 05:21 PM

Hi tutstuts!!.. :)

Before I proceed, I need a little more information:

Open Mozilla Firefox, go to Tools --> Add-ons - give me the names of all the Add-ons listed...

Then,
  • Run OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\* /s
    C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\* /s

  • Click None at the upper bar...
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open one Notepad window. OTL.Txt - post it in this thread.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 tutstuts

tutstuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 04 November 2010 - 05:35 PM

under extensions:

avg safe search
xul runner 1.91 (two times)

no themes

plugins:

adobe
itunes application detector
java deployment
java ™platform
media go detector
mozilla default plugin
nvidia 3d vision (two times)
quicktime
realplayer
realplayer g2 liveconnect
shockwave flash
shockwave for director
silverlight plug in
veetle broadcaster
veetle tv core
veetle player


ps: i've been using mozilla since i got infected. i was using google chrome but after i got infect it wasnt loading any websites at all, so i changed to mozilla.




--------------


OTL logfile created on: 04-Nov-10 6:35:06 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Milly\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 39.94 Gb Free Space | 17.16% Space Free | Partition Type: NTFS

Computer Name: MILLYBILLY | User Name: Milly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< >

< C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\* /s >
[2010-08-11 08:10:19 | 000,000,122 | ---- | M] () -- C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\chrome.manifest
[2010-08-11 08:10:20 | 000,000,764 | ---- | M] () -- C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\install.rdf
[2010-08-11 08:10:19 | 000,005,954 | ---- | M] () -- C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\chrome\content\overlay.xul
[2010-08-11 08:10:20 | 000,002,114 | ---- | M] () -- C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\chrome\content\_cfg.js

< C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\* /s >
[2010-08-09 13:22:11 | 000,000,122 | ---- | M] () -- C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\chrome.manifest
[2010-08-09 13:22:12 | 000,000,764 | ---- | M] () -- C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\install.rdf
[2010-08-09 13:22:12 | 000,006,778 | ---- | M] () -- C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\chrome\content\overlay.xul
[2010-08-09 13:22:12 | 000,002,050 | ---- | M] () -- C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\chrome\content\_cfg.js

< End of report >


thanks again!

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:19 PM

Posted 05 November 2010 - 09:28 AM

Hi again tutstuts!!.. :)

xul runner 1.91 (two times)

That's the Add-on which causes the redirects in Firefox... It should be removed with a fix below...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}: C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263} [2010-08-11 08:10:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2144644C-E5F8-43E9-8AB3-B34D345B998D}: C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\ [2010-08-09 13:22:12 | 000,000,000 | ---D | M]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [note] File not found
    O4 - HKLM..\Run: [uPc+kt0NdueJsiv] C:\Windows\SysWow64\v4qomivny.DLL File not found
    O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
    O4 - HKCU..\Run: [NetLog3] C:\Windows\svc3.exe File not found
    O4 - HKCU..\Run: [PlayNC Launcher] File not found
    O4 - HKCU..\Run: [uPc+kt0NdueJsiv] C:\Windows\SysWow64\v4qomivny.DLL File not found
    F3:64bit: - HKCU WinNT: Load - (C:\Windows\svc.exe) - C:\Windows\svc.exe File not found
    F3 - HKCU WinNT: Load - (C:\Windows\svc.exe) - C:\Windows\svc.exe File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O29:64bit: - HKLM SecurityProviders - (mcinwrki.dll) - File not found
    O29:64bit: - HKLM SecurityProviders - (mchoetcx.dll) - File not found
    O29 - HKLM SecurityProviders - (mcinwrki.dll) - File not found
    O29 - HKLM SecurityProviders - (mchoetcx.dll) - File not found
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Startme.exe -- File not found
    [2010-11-03 13:05:59 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010-07-19 12:13:10 | 000,000,120 | ---- | C] () -- C:\Users\Milly\AppData\Local\Vtodadajakuc.dat
    [2010-07-19 12:13:10 | 000,000,000 | ---- | C] () -- C:\Users\Milly\AppData\Local\Sxuqoquq.bin
    [2010-08-09 11:44:49 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please go to http://www.virustotal.com/ , click on Browse, and upload the following file for analysis:

C:\Users\Milly\AppData\Local\csncui.dll

Note: to find this file, you'll need to show hidden files first...

Then click Send File. Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.

Thirdly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Tell me what problem persists...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 tutstuts

tutstuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 05 November 2010 - 01:43 PM

step 1:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1A1717BD-DB51-4E15-843A-C1A19C4A7263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\ not found.
C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\chrome\content folder moved successfully.
C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263}\chrome folder moved successfully.
C:\Users\Milly\AppData\Local\{1A1717BD-DB51-4E15-843A-C1A19C4A7263} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2144644C-E5F8-43E9-8AB3-B34D345B998D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\ not found.
C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\chrome\content folder moved successfully.
C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D}\chrome folder moved successfully.
C:\Users\Administrator\AppData\Local\{2144644C-E5F8-43E9-8AB3-B34D345B998D} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\note deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+kt0NdueJsiv deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NetLog3 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+kt0NdueJsiv deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Windows\svc.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Windows\svc.exe deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mcinwrki.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mchoetcx.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mcinwrki.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mchoetcx.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File F:\Startme.exe not found.
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
C:\Users\Milly\AppData\Local\Vtodadajakuc.dat moved successfully.
C:\Users\Milly\AppData\Local\Sxuqoquq.bin moved successfully.
C:\zrpt.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1453540 bytes
->Temporary Internet Files folder emptied: 50515119 bytes
->Flash cache emptied: 43426 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MARICOS DE LA NOCHE
->Temp folder emptied: 9012552 bytes
->Temporary Internet Files folder emptied: 91115688 bytes
->FireFox cache emptied: 47938579 bytes
->Flash cache emptied: 62984 bytes

User: Milly
->Temp folder emptied: 11581658670 bytes
->Temporary Internet Files folder emptied: 523814132 bytes
->Java cache emptied: 6274792 bytes
->FireFox cache emptied: 44323059 bytes
->Google Chrome cache emptied: 231594649 bytes
->Flash cache emptied: 3050051 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 4857360 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139277273 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 73824344 bytes

Total Files Cleaned = 12,216.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: MARICOS DE LA NOCHE
->Flash cache emptied: 0 bytes

User: Milly
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.2 log created on 11052010_121959

Files\Folders moved on Reboot...
C:\Users\Milly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Milly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW55AH1C\default[1].aspx not found!
C:\Users\Milly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW55AH1C\Include[2].htm moved successfully.
File\Folder C:\Users\Milly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1WISOT2\01[1].htm not found!
File\Folder C:\Users\Milly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1WISOT2\3863328480[1].htm not found!
File\Folder C:\Users\Milly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1WISOT2\ADSAdClient31[6].txt not found!

Registry entries deleted on Reboot...


step 2:

http://www.virustotal.com/file-scan/report.html?id=23ad563ffd1be64e3a67c39b85a3ccea74bcaa81b40a40ec7bece586971f8e63-1288979643

step 3:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2f2830ac666a3e42912a0c116799b014
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-05 06:40:24
# local_time=2010-11-05 02:40:24 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 293045 293045 0 0
# compatibility_mode=5893 16776574 100 94 14432712 40523746 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=152172
# found=3
# cleaned=3
# scan_time=2128
C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Milly\AppData\Local\csncui.dll a variant of Win32/Kryptik.HWC trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\oovqlsahc[1].htm Win32/Agent.QNF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C





-------------------------------


google still redirecting me
but at least when i start up the computer it doesnt pop up anymore a screen saying that i have some dll not working.

thanks!

oh and now theres only one xul runner

Edited by tutstuts, 05 November 2010 - 01:45 PM.


#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:19 PM

Posted 05 November 2010 - 03:38 PM

Hi again tutstuts!!.. :)

google still redirecting me
(...)
oh and now theres only one xul runner

That's a precious information... Please run Firefox, go to Tools --> Add-ons, click Uninstall for that "XUL Runner" Add-on...
Restart Firefox... Do you still experience redirects??..

Also, please delete this file (make sure that hidden files are shown):

C:\Users\Milly\AppData\Local\2515125132
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 tutstuts

tutstuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 05 November 2010 - 05:26 PM

snemelk, you are amazing!

everything works perfectly now, and i'm back to my favorite browser (chrome) thanks to you!

if you ever need anything that i can do for you, ill be glad to do so! (im good with music and soccer!)

i'll even look up for a way to make donations to this website so you guys can keep helping people!

simply fantastic, thanks again!

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:19 PM

Posted 06 November 2010 - 11:08 AM

Hi again tutstuts!!.. :)

snemelk, you are amazing!

:dance: Thank you for your kind words!!!..

i'll even look up for a way to make donations to this website so you guys can keep helping people!

The site itself doen't accept donations - an income from advertisements and a percentage from the programs sold thanks to this site (for example MBAM) is probably enough to keep the site running... Some Helpers accept donations, but nobody really does it for money...

We need to update outdated programs (with security vulnerabilities) on your machine:

- Java

Close any open browsers/windows/programs...
Double-click on the file in bold: C:\Program files (x86)\Java\jre6\bin\javacpl.exe --> Open tab: Update --> click Update now

Let me know if it updates Java for you (to the latest version: u22)...

- Adobe Flash Player:

Note: if you do not intend to use other browsers than Google Chrome, you don't have to install FlashPlayer after uninstalling it... In such a case, just update Google Chrome to the latest version (after uninstalling Flash as instructed below): Google Chrome v7.0.517.44 released

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).


If no problem remains:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:19 PM

Posted 19 November 2010 - 12:07 PM

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users