Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Internet Defender 2011 infection - not sure


  • This topic is locked This topic is locked
8 replies to this topic

#1 GameMaker

GameMaker

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 February 2011 - 12:19 AM

Returned from business trip, and it looks like the home computer might be infected.

My wife was looking up child care information, and got a warning: "Chrome Security has found critical process activity on your system and will perform fast scan of system files."

It started to download an installer, which I told Chrome to Discard, natch.

I updated and ran Malware Bytes Anti-Malware, Spyware S&D, and Windows Defender Full Scan, as well as CCleaner for kicks.

Malware Bytes said it found and removed an Internet Defender in my wife's cache, so I thought we were good.

Today, I was browsing with my son (ah-ha! My 5-year old is the problem! ;) and got the error again. I actually narrowed it down to a site that I can go to and get the error to pop up - but it doesn't happen at any other sites, and ALWAYS at this one.

To cross-reference, I tried from my work laptop (running Win 7, 32-bit, vs. 64-bit for the home PC), went to the same site, and sure enough, got the same error. The work machine is running Kaspersky AV, corporate. So that made me start to wonder if it wasn't a false alarm - that the machines are NOT infected, but perhaps that web site IS?

I've been struggling with this all day, and haven't nailed down exactly what it might be. It looks like a variant of Malware Destroyer and others, but none of the files that are supposed to be there (if infected) are.

Anyway - following is my DDS.txt, and the Attach file is attached, as is a HiJack This log. I would really appreciate any help - I've put in a full day on this, and still don't even know if I'm infected. I don't feel secure using this machine to do our taxes, or even log in to the bank's website anymore, so would feel a lot more comfortable when this is all wrapped up. ;) (Note: the "G:" drive in the Attach is a sony digital camera I forgot I had installed when I ran DDS. Sorry!)

Thank you very much!
Aaron

--- DDS.txt ---


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Aaron at 21:01:00.00 on Sun 02/27/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3963.1946 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\mdm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Downloads\ChromeCache\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: DontDisplayLockedUserId = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: aaronandilona.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {A478E3C5-407E-49EC-B460-CABAB8126F02} = 172.25.4.9,172.25.4.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
BHO-X64: LastPass Browser Helper Object - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-9 22568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-6-18 188928]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2009-11-18 20992]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe [2010-2-13 68136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-11 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-13 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
S3 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S3 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
S3 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
S3 P0620VID;Creative WebCam Instant;C:\Windows\System32\drivers\P0620Vid.sys [2010-5-25 126848]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-5-28 17456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2009-11-18 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]

=============== Created Last 30 ================

2011-02-27 22:29:51 388096 ----a-r- C:\Users\Aaron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-27 22:29:49 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-27 06:45:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{4BFE9CC6-94D8-47B8-A30F-8C4FE410B96D}\mpengine.dll
2011-02-23 06:00:42 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-23 06:00:42 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 00:59:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 00:59:46 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 00:59:44 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 00:59:44 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-15 05:42:32 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2011-02-15 05:42:10 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-02-08 04:50:06 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2011-02-08 04:49:28 -------- d-----w- C:\Program Files (x86)\Audible
2011-02-08 04:02:35 -------- d-----w- C:\Users\Aaron\AppData\Roaming\JAM Software
2011-02-08 04:02:28 -------- d-----w- C:\Program Files (x86)\JAM Software
2011-02-03 03:41:49 -------- d-----w- C:\Program Files\iPod
2011-02-03 03:41:48 -------- d-----w- C:\Program Files\iTunes
2011-02-03 03:41:48 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-30 15:45:12 135568 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

==================== Find3M ====================

2011-02-28 00:45:07 25640 ----a-w- C:\Windows\gdrv.sys
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-21 02:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-02 03:35:18 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-08-03 04:51:56 10630856 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

============= FINISH: 21:02:19.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:10 PM

Posted 08 March 2011 - 08:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 GameMaker

GameMaker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 08 March 2011 - 12:08 PM

Hi Casey -

Thanks for the reply...I wouldn't say the issue is resolved, but I have decided that it was probably the web site that was infected and not my machine (since I didn't run anything it downloaded), and because all my A/V & A/M came up clean. I would still like one of the BC Gurus to glance over my logs and see if there is anything else awry, just so I can sleep better at night.

Thanks to you and all the others who give so generously here at BC!!!

Aaron

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:10 AM

Posted 09 March 2011 - 06:20 AM

Hello GameMaker and welcome to Bleeping Computer. :)

*Please enable topic reply notification, follow step # 4 -> Here.

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please do not attach logs unless instructed.

*You must reply within 5 days otherwise this topic will be closed.


================================


Malware Bytes said it found and removed an Internet Defender in my wife's cache, so I thought we were good.

Can you please post the resulting log of MBAM if you still have it.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 GameMaker

GameMaker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 09 March 2011 - 11:23 PM

Thanks so much Semp -

I've attached the MBAM log as you requested, and here are the OTL logs:

=-=-=- OTL =-=-=-

OTL logfile created on: 3/9/2011 7:59:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\Downloads\ChromeCache
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 81.77 Gb Free Space | 54.90% Space Free | Partition Type: NTFS
Drive E: | 698.64 Gb Total Space | 534.24 Gb Free Space | 76.47% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 125.84 Gb Free Space | 18.01% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/09 19:55:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Downloads\ChromeCache\OTL.exe
PRC - [2010/02/25 21:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 16:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/11/20 03:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [1999/02/28 01:32:52 | 000,124,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mdm.exe


========== Modules (SafeList) ==========

MOD - [2011/03/09 19:55:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Downloads\ChromeCache\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/15 10:31:04 | 000,050,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/11/15 10:28:44 | 000,948,224 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/11/15 10:26:26 | 000,690,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/11/09 17:54:24 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/05/28 03:04:52 | 000,017,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/11/20 03:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 03:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/18 16:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009/11/18 16:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009/10/09 14:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/08/20 08:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/08/15 09:02:18 | 000,126,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P0620Vid.sys -- (P0620VID)
DRV - [2011/03/09 19:45:40 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 6C 9D 05 0A 7B CB 01 [binary data]
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



[2010/02/15 07:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2010/02/15 07:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2011/02/27 20:46:13 | 000,430,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14806 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PD0620 STISvc] C:\Windows\SysNative\P0620Pin.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLockedUserId = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2430830292-3646363997-2340757573-1001\..Trusted Domains: aaronandilona.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 11:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/03/06 11:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/03/06 11:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/03/06 11:02:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/03/06 11:02:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/28 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/02/28 19:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/27 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/27 14:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/02/22 16:59:46 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/22 16:59:46 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/22 16:59:44 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 16:59:44 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/02/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/02/14 21:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/02/14 21:42:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/02/14 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/02/14 21:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/02/14 21:42:05 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Winamp
[2011/02/14 21:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/02/09 20:05:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/09 20:05:30 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/09 20:05:29 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/09 20:05:29 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/09 20:05:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/09 20:05:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/09 20:05:28 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/09 20:05:28 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/09 20:05:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/09 20:05:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/09 20:05:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/09 20:05:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/09 20:05:20 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/09 20:05:20 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/09 20:05:18 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/09 20:05:17 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/09 20:05:16 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/09 20:05:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/09 20:05:16 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/09 20:05:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/09 20:05:14 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/09 20:05:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/09 20:05:13 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/09 20:05:11 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/09 20:05:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/09 20:05:11 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/09 20:05:09 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 20:05:09 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 20:05:08 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/09 20:05:08 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/09 20:05:07 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/09 20:05:07 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 20:05:06 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 20:05:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/07 20:50:06 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax
[2011/02/07 20:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011/02/07 20:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
[2011/02/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\JAM Software
[2011/02/07 20:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2011/02/07 20:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2010/05/26 18:48:37 | 010,630,856 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2011/03/09 19:53:16 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 19:53:16 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 19:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2430830292-3646363997-2340757573-1001UA.job
[2011/03/09 19:45:40 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011/03/09 19:45:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/09 19:45:36 | 489,824,250 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/09 19:45:32 | 3117,015,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/09 19:44:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2430830292-3646363997-2340757573-1003UA.job
[2011/03/09 19:44:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2430830292-3646363997-2340757573-1003Core.job
[2011/03/09 19:44:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2430830292-3646363997-2340757573-1001Core.job
[2011/03/06 11:08:55 | 000,425,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/28 19:30:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/28 19:19:39 | 000,795,216 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/28 19:19:39 | 000,661,862 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/28 19:19:39 | 000,121,690 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/27 20:48:14 | 000,781,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/27 20:46:13 | 000,430,182 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/02/20 21:06:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/02/16 20:57:56 | 000,000,261 | ---- | M] () -- C:\Users\Aaron\SyncDocs.conf
[2011/02/14 21:42:33 | 000,001,007 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/02/07 20:50:06 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax

========== Files Created - No Company Name ==========

[2011/02/28 19:19:35 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/28 19:01:34 | 489,824,250 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/17 20:30:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/16 20:55:33 | 000,000,261 | ---- | C] () -- C:\Users\Aaron\SyncDocs.conf
[2011/02/14 21:42:33 | 000,001,007 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/01/05 20:07:51 | 000,000,017 | ---- | C] () -- C:\Users\Aaron\AppData\Local\resmon.resmoncfg
[2010/10/28 20:20:28 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/08/19 20:02:55 | 000,795,216 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/07 18:36:08 | 000,011,776 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 19:01:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/24 19:10:53 | 000,038,438 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/04/04 20:32:14 | 000,000,022 | ---- | C] () -- C:\Users\Aaron\AppData\Local\kodakpcd.ini
[2010/03/16 20:18:01 | 000,000,016 | ---- | C] () -- C:\Windows\RealityFusion.ini
[2010/03/01 21:08:20 | 000,009,374 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Comma Separated Values (Windows).EML
[2010/02/27 21:35:07 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2010/02/27 21:35:07 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/02/18 19:58:55 | 000,038,430 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/02/15 20:55:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/13 16:08:23 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/13 16:08:23 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/09/29 13:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Aaron\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty

< End of report >
=-=-= END OF OTL =-=-=

=-=-= EXTRAS =-=-=

OTL Extras logfile created on: 3/9/2011 7:59:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\Downloads\ChromeCache
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 81.77 Gb Free Space | 54.90% Space Free | Partition Type: NTFS
Drive E: | 698.64 Gb Total Space | 534.24 Gb Free Space | 76.47% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 125.84 Gb Free Space | 18.01% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{45212F71-750F-4B98-8931-2F35DBE6B662}" = Paint.NET v3.5.7
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Creative PD0620" = Creative WebCam Instant Driver (2.00.04.0825)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shrew Soft VPN Client" = Shrew Soft VPN Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 23
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8472F667-1A8A-4F3A-895E-FE82F26E2900}" = Evolution
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3B0207E-02A7-4AA1-8680-F3F0DA532DC0}" = Game Star Eye Games Bundle
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89AF1D9-A501-4AA5-9E44-9753D0F92345}" = Kidizoom Plus™
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4898C08-90A2-431C-BCE5-87866531D05B}" = H&R Block California 2009
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Can You See What I See" = Can You See What I See
"Carbonite Backup" = Carbonite
"Core FTP LE 2.1" = Core FTP LE 2.1
"IE4Dev" = Microsoft Script Debugger
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"mIRC" = mIRC
"Notepad++" = Notepad++
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Picasa 3" = Picasa 3
"Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011
"Scratch" = Scratch
"Secunia PSI" = Secunia PSI
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"SpamBayes_is1" = SpamBayes 1.0.4
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Steam App 17390" = Spore
"Steam App 18000" = Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 24980" = Mass Effect 2
"Steam App 27800" = Space Giraffe
"Steam App 27810" = GridRunner Revolution
"Steam App 35700" = Trine
"Steam App 37400" = Time Gentlemen, Please!
"Steam App 37420" = Ben There, Dan That!
"Steam App 40930" = The Misadventures of P.B. Winterbottom
"Steam App 41300" = Altitude
"Steam App 44100" = Super Laser Racer
"Steam App 44200" = Galcon Fusion
"Steam App 46000" = Bob Came In Pieces
"Steam App 6600" = Bullet Candy
"Steam App 7620" = Railroad Tycoon 2: Platinum
"The Journal 5_is1" = The Journal 5
"TreeSize Free_is1" = TreeSize Free V2.5
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2430830292-3646363997-2340757573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2011 1:56:44 AM | Computer Name = Aaron-PC | Source = VSS | ID = 22
Description =

Error - 3/8/2011 1:56:44 AM | Computer Name = Aaron-PC | Source = VSS | ID = 8193
Description =

Error - 3/8/2011 12:22:12 PM | Computer Name = Aaron-PC | Source = VSS | ID = 22
Description =

Error - 3/8/2011 12:22:12 PM | Computer Name = Aaron-PC | Source = VSS | ID = 8193
Description =

Error - 3/8/2011 12:27:12 PM | Computer Name = Aaron-PC | Source = VSS | ID = 22
Description =

Error - 3/8/2011 12:27:12 PM | Computer Name = Aaron-PC | Source = VSS | ID = 8193
Description =

Error - 3/9/2011 11:46:04 PM | Computer Name = Aaron-PC | Source = VSS | ID = 22
Description =

Error - 3/9/2011 11:46:04 PM | Computer Name = Aaron-PC | Source = VSS | ID = 8193
Description =

Error - 3/9/2011 11:56:50 PM | Computer Name = Aaron-PC | Source = VSS | ID = 22
Description =

Error - 3/9/2011 11:56:50 PM | Computer Name = Aaron-PC | Source = VSS | ID = 8193
Description =

[ OSession Events ]
Error - 11/10/2010 1:22:15 AM | Computer Name = Aaron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/16/2010 8:54:12 PM | Computer Name = Aaron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 987
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/22/2011 8:40:16 PM | Computer Name = Aaron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/24/2011 7:12:15 PM | Computer Name = Aaron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/25/2011 1:21:01 PM | Computer Name = Aaron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/5/2011 5:39:24 PM | Computer Name = Aaron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/19/2011 5:14:07 PM | Computer Name = Aaron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/7/2011 4:14:12 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service,
but this action failed with the following error: %%1056

Error - 3/7/2011 6:40:07 PM | Computer Name = Aaron-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:38:26 PM on ?3/?7/?2011 was unexpected.

Error - 3/7/2011 6:40:18 PM | Computer Name = AARON-PC | Source = BugCheck | ID = 1001
Description =

Error - 3/7/2011 6:55:19 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 3/8/2011 12:48:20 AM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7031
Description = The CarboniteService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/8/2011 12:49:20 AM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service,
but this action failed with the following error: %%1056

Error - 3/8/2011 12:22:09 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7031
Description = The CarboniteService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/8/2011 12:23:09 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service,
but this action failed with the following error: %%1056

Error - 3/9/2011 11:45:39 PM | Computer Name = Aaron-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:44:03 PM on ?3/?9/?2011 was unexpected.

Error - 3/9/2011 11:45:52 PM | Computer Name = AARON-PC | Source = BugCheck | ID = 1001
Description =


< End of report >
=-=-= END OF EXTRAS =-=-=

Attached Files



#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:10 AM

Posted 10 March 2011 - 08:14 AM

Hi again GameMaker,

No sign of malware on your log, it's clean. :)


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 24 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment (JRE or J2SE) in the name).
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 GameMaker

GameMaker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 10 March 2011 - 11:42 AM

Right on, Semp! Thanks! (Off to Paypal to help out the BC Crew!!!)

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:10 AM

Posted 11 March 2011 - 04:17 AM

Hi GameMaker,

Thanks for the donation. Run OTL and click the "CleanUp" button, restart when ask. OTL will automatically delete itself after the reboot.


Take the time to read below to secure your machine and take the necessary steps to keep it Clean :)

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:10 AM

Posted 12 March 2011 - 04:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users