Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ugh, first time ive posted a long


  • Please log in to reply
5 replies to this topic

#1 Sp1nn3y

Sp1nn3y

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 01 November 2010 - 02:28 AM

my net searches from google after i click a link post-searching.. brings me to some spam site.. not much but, yeah..

O13 - Gopher Prefix:
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
??????


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:04 PM, on 10/13/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Spinney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 5511 bytes

Edited by hamluis, 01 November 2010 - 07:16 AM.
Moved from Am I Infected to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 08 November 2010 - 07:45 AM

Hello Sp1nn3y

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Sp1nn3y

Sp1nn3y
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 08 November 2010 - 09:32 AM

Thanks for the reply, Dang google is jacked.. i have to click on a google search twice because the first time it'll redirect me to some other search engine.. I'm fairly computer literate.. guess this happens to the best of us.

I am having problems downloading rootkit unhooker, it says it's 0 bytes and is not a valid win32 application.





OTL logfile created on: 11/8/2010 9:23:14 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Spinney\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 6.68 Gb Free Space | 8.96% Space Free | Partition Type: NTFS

Computer Name: JUSTINS | User Name: Spinney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/08 09:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Spinney\Downloads\OTL.exe
PRC - [2010/11/06 10:43:18 | 000,111,616 | ---- | M] () -- C:\Users\Spinney\AppData\Roaming\Microsoft\Windows\shell.exe
PRC - [2010/11/06 10:43:04 | 000,117,248 | ---- | M] () -- C:\Users\Spinney\AppData\Local\Temp\dwm.exe
PRC - [2010/11/06 10:42:51 | 000,098,304 | ---- | M] () -- C:\Users\Spinney\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010/11/05 02:15:35 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2010/10/27 21:01:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 21:01:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/24 14:45:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/07/12 11:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2010/06/13 05:55:34 | 000,113,664 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2009/10/20 00:11:52 | 000,616,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/04/22 21:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (SafeList) ==========

MOD - [2010/11/08 09:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Spinney\Downloads\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/05 02:15:35 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/01/19 14:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Spinney\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010/07/09 12:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/03/20 20:40:04 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Spinney\AppData\Local\Temp\XJK4EBE.tmp -- (GarenaPEngine)
DRV - [2010/01/05 09:45:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/04/07 07:45:24 | 000,015,360 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ekaprot6.sys -- (EkaProt6)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 21:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/10 08:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/08/02 10:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
DRV - [2004/12/29 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/26 22:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2003/12/11 23:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcxsens.sys -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;*.lotro.com;*.turbine.com;12.130.63.*;206.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {1d7ecda9-3b7e-4934-a2a1-f65f372068c1}:2.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.2.2
FF - prefs.js..extensions.enabledItems: {b5dd1cb0-1888-11df-8a39-0800200c9a66}:1.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 21:01:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/04 09:36:33 | 000,000,000 | ---D | M]

[2010/02/17 15:20:07 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Extensions
[2010/02/17 15:20:07 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/08 03:02:23 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions
[2009/12/25 16:50:12 | 000,000,000 | ---D | M] (Tip.It MicroHelper) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{1d7ecda9-3b7e-4934-a2a1-f65f372068c1}
[2010/10/12 16:32:27 | 000,000,000 | ---D | M] (4chan) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/06/08 08:07:36 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/03/24 00:49:38 | 000,000,000 | ---D | M] (NightShade) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{b5dd1cb0-1888-11df-8a39-0800200c9a66}
[2010/03/24 00:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{b5dd1cb0-1888-11df-8a39-0800200c9a66}-trash
[2010/11/04 09:17:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/20 02:10:11 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/05/03 10:50:49 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\DTToolbar@toolbarnet.com
[2010/01/05 09:54:27 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\DTToolbar@toolbarnet.com-trash
[2010/06/08 08:07:22 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\firebug@software.joehewitt.com
[2010/10/12 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\nasanightlaunch@example.com
[2010/10/21 10:07:13 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\zigboom@hotmail.com
[2010/03/24 00:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\extensions\{b5dd1cb0-1888-11df-8a39-0800200c9a66}\chrome\mozapps\extensions
[2010/01/05 09:46:27 | 000,002,055 | ---- | M] () -- C:\Users\Spinney\AppData\Roaming\Mozilla\Firefox\Profiles\bzsesviq.default\searchplugins\daemon-search.xml
[2010/06/09 11:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 19:24:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/16 19:24:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe File not found
O4 - HKCU..\Run: [svchost] C:\Users\Spinney\AppData\Roaming\Microsoft\svchost.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Spinney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Spinney\AppData\Local\Temp\dwm.exe) - C:\Users\Spinney\AppData\Local\Temp\dwm.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Spinney\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Spinney\AppData\Roaming\Microsoft\Windows\shell.exe ()
O24 - Desktop WallPaper: C:\Users\Spinney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Spinney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6bd78ceb-e001-11df-b215-00112f2b2abe}\Shell\AutoRun\command - "" = E:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ
O33 - MountPoints2\{6bd78ceb-e001-11df-b215-00112f2b2abe}\Shell\open\command - "" = E:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 09:45:54 | 000,000,000 | ---D | C] -- C:\Users\Spinney\Desktop\HP- truth rising 320
[2010/11/04 09:45:06 | 000,000,000 | ---D | C] -- C:\Users\Spinney\Desktop\(Hed) P.E. - Skull and Bonus (2010)
[2010/11/04 09:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/04 09:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/04 09:36:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/27 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Spinney\Documents\The Lord of the Rings Online
[2010/10/27 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Spinney\AppData\Local\The Lord of the Rings Online
[2010/10/27 09:31:00 | 000,000,000 | ---D | C] -- C:\Users\Spinney\AppData\Local\Turbine
[2010/10/27 08:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/10/26 19:23:15 | 000,000,000 | ---D | C] -- C:\Users\Spinney\AppData\Local\PMB Files
[2010/10/26 19:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/10/26 19:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/10/26 18:46:28 | 003,595,660 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2010/10/26 18:45:55 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2010/10/26 18:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/10/14 02:03:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 20:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/13 16:00:35 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 15:59:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 15:59:29 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 15:59:26 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 15:59:24 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 15:59:16 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 15:59:13 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/13 15:58:50 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 15:58:44 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/13 15:58:39 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 15:58:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/10/13 15:58:38 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 15:58:38 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 15:58:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 15:58:37 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 15:58:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/13 15:58:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/12 20:22:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/10/12 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Spinney\AppData\Roaming\TeamViewer
[2010/10/12 19:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/10/12 18:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2010/10/11 15:28:46 | 000,000,000 | ---D | C] -- C:\Users\Spinney\AppData\Local\Adobe
[2010/10/11 15:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Belkin
[2010/10/11 15:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/11 15:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/10/11 13:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2010/10/11 13:53:40 | 000,000,000 | ---D | C] -- C:\Users\Spinney\AppData\Local\SupportSoft
[2010/10/11 13:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/08 09:25:06 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BEA19177-41E2-41D2-98A4-AA787BB9FF1E}.job
[2010/11/08 09:25:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{41640741-2173-489E-BD30-F099C681F133}.job
[2010/11/08 08:58:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4085305398-2522954135-3735777129-1000UA.job
[2010/11/08 08:38:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 07:34:32 | 000,005,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 07:34:32 | 000,005,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 03:58:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4085305398-2522954135-3735777129-1000Core.job
[2010/11/07 23:38:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/06 10:54:28 | 000,002,325 | ---- | M] () -- C:\Users\Spinney\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2010/11/04 14:41:06 | 000,604,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/04 14:41:06 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/04 14:21:34 | 000,010,752 | ---- | M] () -- C:\Users\Spinney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 10:55:34 | 000,000,900 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/10/28 00:34:54 | 000,000,046 | ---- | M] () -- C:\Users\Spinney\jagex_runescape_preferences.dat
[2010/10/28 00:34:39 | 000,000,099 | ---- | M] () -- C:\Users\Spinney\jagex_runescape_preferences2.dat
[2010/10/27 09:31:07 | 000,000,095 | ---- | M] () -- C:\Users\Spinney\AppData\Local\fusioncache.dat
[2010/10/25 01:31:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/25 01:31:09 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/25 01:31:08 | 155,520,955 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/21 17:24:58 | 005,405,448 | ---- | M] () -- C:\Users\Spinney\Desktop\02-36_crazyfists-we_gave_it_hell.mp3
[2010/10/21 17:22:41 | 005,753,452 | ---- | M] () -- C:\Users\Spinney\Desktop\01-36_crazyfists-the_all_night_lights.mp3
[2010/10/21 09:47:43 | 004,118,221 | ---- | M] () -- C:\Users\Spinney\Desktop\Mumford and Sons - Little Lion Man.mp3
[2010/10/19 15:47:05 | 007,806,296 | ---- | M] () -- C:\Users\Spinney\Desktop\Spose - I'm Awesome (with lyrics).mp3
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/14 09:37:22 | 000,740,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/13 15:26:26 | 003,537,262 | ---- | M] () -- C:\Users\Spinney\Desktop\Steel Panther - Death To All But Metal.mp3
[2010/10/13 13:38:13 | 004,420,420 | ---- | M] () -- C:\Users\Spinney\Desktop\Official Kidz In The Hall _Driving Down The Block_ Video.mp3
[2010/10/12 20:20:43 | 003,014,656 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/10/12 20:20:43 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/10/12 20:20:43 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/10/12 18:10:55 | 000,000,051 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts
[2010/10/12 18:05:12 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/12 17:45:53 | 001,496,616 | ---- | M] () -- C:\Users\Spinney\Desktop\World of Frags.rar
[2010/10/12 13:58:42 | 000,136,706 | ---- | M] () -- C:\Users\Spinney\Documents\CHEA SON ITS URRTHANG.m3u
[2010/10/11 14:00:27 | 000,001,541 | ---- | M] () -- C:\Users\Spinney\Application Data\Microsoft\Internet Explorer\Quick Launch\trillian - Shortcut.lnk
[2010/10/09 17:33:03 | 000,000,766 | ---- | M] () -- C:\Users\Spinney\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 09:31:07 | 000,000,095 | ---- | C] () -- C:\Users\Spinney\AppData\Local\fusioncache.dat
[2010/10/26 18:45:54 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2010/10/21 17:24:48 | 005,405,448 | ---- | C] () -- C:\Users\Spinney\Desktop\02-36_crazyfists-we_gave_it_hell.mp3
[2010/10/21 17:22:28 | 005,753,452 | ---- | C] () -- C:\Users\Spinney\Desktop\01-36_crazyfists-the_all_night_lights.mp3
[2010/10/21 09:47:37 | 004,118,221 | ---- | C] () -- C:\Users\Spinney\Desktop\Mumford and Sons - Little Lion Man.mp3
[2010/10/19 15:46:55 | 007,806,296 | ---- | C] () -- C:\Users\Spinney\Desktop\Spose - I'm Awesome (with lyrics).mp3
[2010/10/13 15:25:11 | 003,537,262 | ---- | C] () -- C:\Users\Spinney\Desktop\Steel Panther - Death To All But Metal.mp3
[2010/10/13 13:37:12 | 004,420,420 | ---- | C] () -- C:\Users\Spinney\Desktop\Official Kidz In The Hall _Driving Down The Block_ Video.mp3
[2010/10/12 20:20:15 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/10/12 20:20:15 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/10/11 19:42:12 | 001,496,616 | ---- | C] () -- C:\Users\Spinney\Desktop\World of Frags.rar
[2010/10/11 14:00:26 | 000,001,541 | ---- | C] () -- C:\Users\Spinney\Application Data\Microsoft\Internet Explorer\Quick Launch\trillian - Shortcut.lnk
[2010/10/09 17:33:03 | 000,000,766 | ---- | C] () -- C:\Users\Spinney\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[2010/10/02 11:06:36 | 000,025,921 | ---- | C] () -- C:\Users\Spinney\AppData\Roaming\UserTile.png
[2010/09/18 09:14:21 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/08/12 14:43:32 | 000,002,293 | ---- | C] () -- C:\Users\Spinney\AppData\Roaming\PStrip.ini
[2010/08/10 09:07:47 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/06/08 08:30:28 | 000,139,152 | ---- | C] () -- C:\Users\Spinney\AppData\Roaming\PnkBstrK.sys
[2010/05/14 09:06:13 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/04/11 00:19:56 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/02/14 14:38:58 | 000,076,407 | ---- | C] () -- C:\Users\Spinney\AppData\Roaming\Smiley.ico
[2010/01/14 02:28:54 | 000,000,680 | ---- | C] () -- C:\Users\Spinney\AppData\Local\d3d9caps.dat
[2010/01/05 09:45:55 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/30 11:35:16 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/27 13:56:32 | 000,000,900 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/12/27 10:19:27 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/22 02:21:16 | 000,010,752 | ---- | C] () -- C:\Users\Spinney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 02:18:05 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/12/22 02:17:51 | 000,000,009 | ---- | C] () -- C:\Windows\sierra.ini
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2006/11/10 08:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/03/26 08:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2010/08/10 07:54:18 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\.purple
[2010/06/16 18:07:12 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Atari
[2010/03/17 19:10:40 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Blumentals
[2010/05/01 09:26:20 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/03/27 11:04:30 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\CopyTransDoctor
[2010/01/05 09:51:26 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\DAEMON Tools Lite
[2010/01/05 14:14:03 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\gtk-2.0
[2010/10/27 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\HLSW
[2010/08/10 15:08:51 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\ijjigame
[2010/09/23 16:37:47 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\LimeWire
[2010/02/14 14:42:25 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\MusicNet
[2010/03/13 12:40:51 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\NationRed
[2010/10/03 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Notepad++
[2010/09/17 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Orbit
[2010/09/17 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\ProgSense
[2010/10/03 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Rainmeter
[2010/01/11 23:05:31 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Subversion
[2010/08/23 00:04:53 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\SystemRequirementsLab
[2010/10/12 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\TeamViewer
[2010/08/10 09:09:10 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Thinstall
[2010/08/10 08:00:40 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\Trillian
[2010/11/06 10:42:54 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\uTorrent
[2010/03/27 11:04:52 | 000,000,000 | ---D | M] -- C:\Users\Spinney\AppData\Roaming\WindSolutions
[2010/10/25 01:41:54 | 000,031,928 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/08 09:25:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{41640741-2173-489E-BD30-F099C681F133}.job
[2010/11/08 09:25:06 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BEA19177-41E2-41D2-98A4-AA787BB9FF1E}.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 11/8/2010 9:23:14 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Spinney\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 6.68 Gb Free Space | 8.96% Space Free | Partition Type: NTFS

Computer Name: JUSTINS | User Name: Spinney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D764B49-46FA-40C6-93AD-13FA4AB1B7B2}" = lport=7130 | protocol=17 | dir=in | name=hlsw2 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46A0152F-8A0D-4FE0-A68E-36B289971A20}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5B525CB0-807C-4408-A31F-B07AF4B325EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h@iblamegod.com\half-life\hl.exe |
"{762E2F07-E029-4F68-A83D-191C04038B2C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83BBDCFC-5F1B-4DAE-BE79-19369405C4BA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A40CD774-52D9-4132-8896-595B3506D9AF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h@iblamegod.com\counter-strike\hl.exe |
"{BD5E8AD2-60DA-4B8A-B234-9DF24FABF0A1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C72729A2-23E3-408A-81AD-AD2C752C06D8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h@iblamegod.com\half-life\hl.exe |
"{CC972F10-22C8-4F37-89B2-EB66A64634DD}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DCB8B001-2FF8-4CAA-B4E5-D3626F2AAB6E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h@iblamegod.com\counter-strike\hl.exe |
"TCP Query User{4DF8667D-46FF-4C6F-A6B9-CCA921E706CF}C:\program files\steam\steamapps\wa5t3dy0u7h\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h\team fortress 2\hl2.exe |
"TCP Query User{743B8287-B7D1-4085-B29E-26C1D3959983}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"TCP Query User{83C550EC-50FE-40E9-970D-350C9F2BC220}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{9736014C-7C57-4E9C-B578-CED5307DC2BC}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{ABC8EEEF-4B18-4510-A4DD-8463DD269AE9}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{CEDEA3BF-B68B-485B-B038-3F2D73046C45}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E4346F27-8D2F-4281-8C72-DED8A90A376D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E4DD31DF-A958-46E1-89F2-4B3F9D6D21A1}C:\program files\steam\steamapps\wa5t3dy0u7h\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h\source sdk base 2007\hl2.exe |
"TCP Query User{E645B1F9-2424-41EA-822B-3A4ABEE95633}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"TCP Query User{EE2B176E-8B4F-4879-B62D-1F7C68964195}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{FC3A9175-5327-4155-AA44-E1E02B870E46}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{12D657B2-E702-4086-910B-935FBC07A754}C:\program files\steam\steamapps\wa5t3dy0u7h\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h\source sdk base 2007\hl2.exe |
"UDP Query User{1D2173E6-32AE-486D-A823-0BB7D59B66DA}C:\program files\steam\steamapps\wa5t3dy0u7h\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wa5t3dy0u7h\team fortress 2\hl2.exe |
"UDP Query User{2F3F6319-FEAC-450F-BC42-BAF6F96C09C9}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"UDP Query User{356264E5-E62E-418E-9BAE-2101F3D44982}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{37FD2B99-63DD-43DD-9393-47A60ACA5EB2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{401D5418-F743-4BD4-A596-A062B99EC3B6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{680E224D-60D0-4C20-86F3-E5A6EB042EAB}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{7D2791CB-AA8C-4E29-9626-8B771629EA30}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"UDP Query User{981C6FCA-A9A3-49F4-BB63-B1F119CC5CF5}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{B546E5D1-F83C-4DF7-B8D8-E04E972686E5}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames™
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"Half-Life Model Viewer 1.25" = Half-Life Model Viewer 1.25
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.3.7b
"Hostile Intent" = Hostile Intent 1.6
"IconPackager" = IconPackager
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"LimeWire" = LimeWire PRO 5.4.6
"LogonStudio" = LogonStudio
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Rainmeter" = Rainmeter (remove only)
"Steam App 10" = Counter-Strike
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 440" = Team Fortress 2
"Trillian" = Trillian
"uTorrent" = ΅Torrent
"VistaGlazz_is1" = VistaGlazz 2.0
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2010 5:26:42 PM | Computer Name = JustinS | Source = Perflib | ID = 1008
Description =

Error - 10/27/2010 5:27:12 PM | Computer Name = JustinS | Source = System Restore | ID = 8193
Description =

Error - 10/30/2010 11:45:30 AM | Computer Name = JustinS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, time
stamp 0x4cc7add9, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x00047dd2, process id 0x2ae4,
application start time 0x01cb783f0d86ae2f.

Error - 10/30/2010 5:22:00 PM | Computer Name = JustinS | Source = EventSystem | ID = 4621
Description =

Error - 11/1/2010 9:18:03 PM | Computer Name = JustinS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, time
stamp 0x4cc7add9, faulting module xul.dll, version 1.9.2.3951, time stamp 0x4cc7ad7f,
exception code 0xc0000005, fault offset 0x0044651d, process id 0x3948, application
start time 0x01cb7a2b808f6ecd.

Error - 11/2/2010 1:19:31 AM | Computer Name = JustinS | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, time stamp 0x4bc398b3,
faulting module java.dll, version 6.0.200.2, time stamp 0x4bc3c8dc, exception code
0xc0000005, fault offset 0x00005875, process id 0x13a0, application start time 0x01cb7a4d80b32954.

Error - 11/3/2010 1:59:36 PM | Computer Name = JustinS | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 8d0 Start Time: 01cb7920937a729b Termination Time: 743

Error - 11/3/2010 2:50:57 PM | Computer Name = JustinS | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1015c Start Time: 01cb7b80df57eaf1 Termination Time: 53

Error - 11/5/2010 12:45:56 AM | Computer Name = JustinS | Source = Application Error | ID = 1000
Description = Faulting application lotroclient.exe, version 3.2.4.8005, time stamp
0x4c980a30, faulting module lotroclient.exe, version 3.2.4.8005, time stamp 0x4c980a30,
exception code 0xc0000005, fault offset 0x00517871, process id 0xdbf8, application
start time 0x01cb7c60454678f2.

Error - 11/6/2010 11:41:10 AM | Computer Name = JustinS | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 5/5/2010 10:46:07 AM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/5/2010 10:46:09 AM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/5/2010 10:48:08 AM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/5/2010 10:48:19 AM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/5/2010 11:13:02 AM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/5/2010 2:06:51 PM | Computer Name = Spinney-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173F71A311. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/6/2010 6:48:48 PM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/6/2010 7:32:57 PM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/8/2010 12:22:55 PM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 5/9/2010 10:33:34 PM | Computer Name = Spinney-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 08 November 2010 - 10:24 AM

Please run this one instead of rootkit unhooker
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Sp1nn3y

Sp1nn3y
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 11 November 2010 - 02:52 AM

Please run this one instead of rootkit unhooker
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.


Saved in C:/, Opened program, Blue screen.
is as far as i got before your program blue screened me and crashed my computer. I Don't and haven't blue screened ever before on this tower.. and don't plan on again.....? Have anything more reliable?

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 11 November 2010 - 07:23 AM

It's not my program and plus it is a rootkit scanner it has to load it's own driver to scan sometimes it causes a blue screen.
It is nothing to worry about.
I will assume you use a proxy for some of the games if not then we will remove it shortly?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKCU..\Run: [svchost] C:\Users\Spinney\AppData\Roaming\Microsoft\svchost.exe ()
    F3 - HKCU WinNT: Load - (C:\Users\Spinney\AppData\Local\Temp\dwm.exe) - C:\Users\Spinney\AppData\Local\Temp\dwm.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Users\Spinney\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Spinney\AppData\Roaming\Microsoft\Windows\shell.exe ()
    
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
=========
Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users