Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OTL Logs


  • This topic is locked This topic is locked
104 replies to this topic

#1 Artanderxia

Artanderxia

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 18 January 2012 - 08:30 PM

OTL Extras logfile created on: 1/18/2012 5:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Justin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.44% Memory free
4.23 Gb Paging File | 3.32 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.67 Gb Total Space | 121.09 Gb Free Space | 37.07% Space Free | Partition Type: NTFS
Drive D: | 8.68 Gb Total Space | 1.18 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-664170069-3270079747-3634051635-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00673642-2A16-40DB-B3EB-10EF295BBEB5}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{0738D9D3-CF01-4024-B43C-62CC52EBEB36}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{073AEB5E-FDE9-494C-AD0E-8CDF5BBC7BA1}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{0F1257AF-59F8-434E-8D36-525F64C9CA03}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{11F27D56-C66F-44FB-9C6D-4AD8EBE9BF9C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{12C4FFEF-2F09-4953-A728-1CA6339C4142}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{16AA4325-7D60-4C32-AD31-B99BD2E3E553}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{17785639-4D9F-4918-8FA8-E83E1EE5615A}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{1933FF9B-6564-4223-B556-B6FD8C316A1D}" = protocol=6 | dir=in | app=c:\program files\nsasoft\productkeyexplorer\productkeyexplorer.exe |
"{298FB3CA-BA35-4936-8519-CE7D37C46784}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2C3A5BD2-FA83-478F-91A3-5CE689A09F16}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3121697C-FF75-4E47-AB09-C3D4908836E2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{3539674B-0450-4BBB-B301-D8209ABE8C38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{36F374B2-F25E-43F7-B5F1-B4C630E7DC2E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{403B72CA-64CD-475F-99C0-5BDD504C82FF}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{4223DD21-922E-4871-BF90-DCBD1FD22DE1}" = protocol=17 | dir=in | app=c:\program files\nsasoft\productkeyexplorer\productkeyexplorer.exe |
"{4380062A-248B-452E-B411-C37EC9BD005D}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{56F7C812-52BB-496A-9614-F10C0E805C20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6D108F12-1A08-47BC-B05C-FDF8820246BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81CA7A37-0E56-4FFB-AD99-1A172C966B15}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{839FD125-4E04-48A8-8DEB-E5FC61B8FBFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D1BC4F2-B56C-4FBE-8B72-C78DF71D424E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{963CA97A-1E13-4709-89B3-0AF245FB1EBB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{96A028D2-24C7-44A6-919A-3D48C247AF9D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9B067BF1-15FA-4F6E-96ED-F1AA5644563A}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{9D9C7128-D375-452C-A9AF-B66836DADD17}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9FF7CBE8-BB6E-4217-A590-54061EE74599}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{A8C7A8D7-48B5-4CF1-9CB6-5F1588D37249}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{B0D58C30-62C0-4C86-B219-758F39F46527}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B649E92B-BF11-46EB-A756-11DD28CB87D1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B89BF1FB-BCCF-4447-8463-9B4DC55D7FB6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B98D4996-1306-4261-A77A-C0EB35F9F3CA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{C2CB0C83-8A07-4493-90CE-F1D90383C96D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{D0F27798-4856-44D5-93BE-639D8F7D238E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D7D87ED5-4138-4808-90FE-E02E1FB1D00B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{EF959011-0E61-4E70-A1F8-45459FBE52F2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F36AB308-5C62-4AD6-AD59-A8AAD9005EAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{F46DB868-5DE4-4515-AECC-4F9B3D00FE39}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"{F64EDA12-8DB7-4449-A456-45632273939B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{FC8EDF34-B753-47D4-AAA5-158A3E22476E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{FF6D67BA-0DE3-4186-A5F4-D0DEF1D00D09}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"TCP Query User{0A06BB34-B931-496C-8ABE-1BCCE3E83C4C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{207FF5BD-6618-4B0E-B275-C2DD14F75943}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"TCP Query User{289B9602-7511-4D63-86C3-18044071A5B8}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe |
"TCP Query User{43A95E35-B940-41A9-9918-C801A5D88174}C:\program files\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat |
"TCP Query User{66332A90-8C7A-48AB-8AA6-F51DEC232794}C:\users\justin\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{7EC502C5-0126-495C-A653-C3DFA6606287}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"TCP Query User{99AB5F18-1BA5-44F5-9244-953734D42E0C}C:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=6 | dir=in | app=c:\program files\the creative assembly\rome - total war\rometw.exe |
"TCP Query User{C08B1A70-6961-43CE-BE91-44414DDBE509}C:\program files\ea games\command & conquer generals zero hour\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\patchget.dat |
"TCP Query User{E017B43D-76B1-4F34-AAA0-196944B0B7D7}C:\users\justin\appdata\local\temp\rar$ex22.128\attacker.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\temp\rar$ex22.128\attacker.exe |
"UDP Query User{072A3AE4-8C36-4D86-B224-4361F6B2068D}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{1DC796A8-AA20-40A8-B84D-E79E8CFC9D46}C:\program files\ea games\command & conquer generals zero hour\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\patchget.dat |
"UDP Query User{2139CB04-D5DF-49D0-94B1-5B7BB5DF0776}C:\program files\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat |
"UDP Query User{397BD3C7-3E64-4062-9622-3620CD2F4351}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe |
"UDP Query User{4B07F044-F69A-4988-8D0F-3E6242928D33}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{6701962B-A0C2-4F13-AFED-19D97E643A08}C:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=17 | dir=in | app=c:\program files\the creative assembly\rome - total war\rometw.exe |
"UDP Query User{B75B2129-68CF-4BD1-B0D8-77C1CFF71634}C:\users\justin\appdata\local\temp\rar$ex22.128\attacker.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\temp\rar$ex22.128\attacker.exe |
"UDP Query User{D04464AC-EC32-4C35-AEAA-82CD8E6472DB}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"UDP Query User{F7677B7D-435E-4630-BF14-671E2204A351}C:\users\justin\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\gameranger\gameranger\gameranger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB}" = Rome - Total War™
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1" = Hijack Hunter 1.8.4.1
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{867D3E0B-B774-4BB6-B439-675E62C6386A}_is1" = WMV Converter 3.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F596C356-BF35-4ED7-981C-CC791461A8F0}" = Empire Earth II: The Art of Supremacy
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"7-Zip 9.20" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVIcodec" = AVIcodec (remove only)
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"conduitEngine" = Conduit Engine
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"Download Manager" = Download Manager 2.3.10
"FrostWire 5" = FrostWire 5.1.4
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Product Key Explorer_is1" = Product Key Explorer 2.7.8
"Red Light Center 3D Client" = Red Light Center 3D Client
"Rhapsody" = Rhapsody
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 10500" = Empire: Total War
"Steam App 107900" = War Inc. Battlezone
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 13520" = Far Cry
"Steam App 440" = Team Fortress 2
"Steam App 48700" = Mount & Blade: Warband
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-664170069-3270079747-3634051635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 8:50:38 PM | Computer Name = Justin-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 1/18/2012 5:30:04 PM | Computer Name = Justin-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.119.90.0, AS: 1.119.90.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.8001.0, NIS: 2.0.7707.0

Error - 1/18/2012 5:50:14 PM | Computer Name = Justin-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.119.90.0, AS: 1.119.90.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0,
NIS: 2.0.7707.0

Error - 1/18/2012 6:28:20 PM | Computer Name = Justin-PC | Source = HTTP | ID = 15016
Description =

Error - 1/18/2012 6:28:38 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/18/2012 6:28:38 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/18/2012 6:28:38 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/18/2012 6:28:38 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/18/2012 6:28:44 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/18/2012 6:28:45 PM | Computer Name = Justin-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/18/2012 6:38:47 PM | Computer Name = Justin-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.119.90.0, AS: 1.119.90.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.8001.0, NIS: 2.0.7707.0


< End of report >
OTL logfile created on: 1/18/2012 5:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Justin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.44% Memory free
4.23 Gb Paging File | 3.32 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.67 Gb Total Space | 121.09 Gb Free Space | 37.07% Space Free | Partition Type: NTFS
Drive D: | 8.68 Gb Total Space | 1.18 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-664170069-3270079747-3634051635-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-664170069-3270079747-3634051635-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-664170069-3270079747-3634051635-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 23:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 08:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 16:27:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/20 23:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/10 16:27:52 | 000,000,000 | -H-D | M]

[2011/11/06 08:02:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Extensions
[2012/01/09 17:09:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Firefox\Profiles\kusungrm.default\extensions
[2012/01/09 17:09:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Justin\AppData\Roaming\mozilla\Firefox\Profiles\kusungrm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/06 08:02:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/14 08:31:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 19:26:50 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 17:15:03 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012/01/18 17:04:14 | 000,439,490 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15137 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-664170069-3270079747-3634051635-1000..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-664170069-3270079747-3634051635-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-664170069-3270079747-3634051635-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-664170069-3270079747-3634051635-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-664170069-3270079747-3634051635-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-664170069-3270079747-3634051635-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CC549AF-519F-4637-8CDB-7CB83B4123F6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/03 00:50:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 17:44:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/01/11 16:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/11 16:00:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/10 16:27:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/09 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012/01/07 21:09:41 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/07 21:05:51 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Google
[2011/12/30 09:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/30 09:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/30 09:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/21 15:28:04 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/12/20 15:14:32 | 000,000,000 | ---D | C] -- C:\NT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/18 17:28:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 17:28:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 17:28:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/18 17:28:13 | 2145,886,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 17:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-664170069-3270079747-3634051635-1000UA.job
[2012/01/18 17:04:14 | 000,439,490 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/18 17:04:03 | 000,439,490 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120118-170414.backup
[2012/01/18 16:54:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7672DAC2-218C-411C-B7CC-667FC8B537EC}.job
[2012/01/18 16:52:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/01/16 12:52:28 | 000,439,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120118-170402.backup
[2012/01/15 14:47:40 | 000,439,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120116-125228.backup
[2012/01/15 13:39:17 | 000,000,000 | ---- | M] () -- C:\Users\Justin\defogger_reenable
[2012/01/14 21:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-664170069-3270079747-3634051635-1000Core.job
[2012/01/14 12:10:44 | 000,439,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120115-144740.backup
[2012/01/13 15:31:49 | 000,439,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120114-121044.backup
[2012/01/12 07:23:57 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/01/11 22:05:56 | 000,001,743 | ---- | M] () -- C:\Users\Justin\Desktop\Command and ConquerTM Generals Zero Hour.lnk
[2012/01/11 22:05:38 | 000,001,683 | ---- | M] () -- C:\Users\Justin\Desktop\Command & Conquer Generals.lnk
[2012/01/11 16:04:23 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 17:55:21 | 000,016,896 | ---- | M] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 20:15:35 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2012/01/07 21:09:43 | 000,002,049 | ---- | M] () -- C:\Users\Justin\Desktop\Google Chrome.lnk
[2012/01/07 21:09:43 | 000,002,011 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/07 20:37:25 | 000,439,213 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120113-153149.backup
[2012/01/07 15:44:00 | 000,008,522 | -HS- | M] () -- C:\Users\Justin\AppData\Local\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64
[2012/01/07 15:44:00 | 000,008,522 | -HS- | M] () -- C:\ProgramData\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64
[2012/01/02 14:30:42 | 000,000,239 | ---- | M] () -- C:\Users\Justin\Morrowind.ini
[2011/12/30 11:19:13 | 000,439,213 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120107-203725.backup
[2011/12/30 09:54:08 | 000,439,213 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111230-111912.backup
[2011/12/30 09:49:28 | 000,000,272 | ---- | M] () -- C:\Windows\WinInit.ini
[2011/12/30 09:09:29 | 000,001,081 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/30 09:09:29 | 000,001,057 | ---- | M] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
[2011/12/20 19:57:48 | 000,000,208 | ---- | M] () -- C:\ProgramData\~XSzL9FBcBYkRkgr
[2011/12/20 19:43:51 | 000,000,528 | ---- | M] () -- C:\ProgramData\XSzL9FBcBYkRkg
[2011/12/20 19:40:36 | 000,000,312 | ---- | M] () -- C:\ProgramData\~XSzL9FBcBYkRkg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 13:39:17 | 000,000,000 | ---- | C] () -- C:\Users\Justin\defogger_reenable
[2012/01/12 07:23:57 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/01/11 22:05:56 | 000,001,743 | ---- | C] () -- C:\Users\Justin\Desktop\Command and ConquerTM Generals Zero Hour.lnk
[2012/01/11 22:05:38 | 000,001,683 | ---- | C] () -- C:\Users\Justin\Desktop\Command & Conquer Generals.lnk
[2012/01/11 16:04:23 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 20:15:34 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012/01/07 21:09:43 | 000,002,049 | ---- | C] () -- C:\Users\Justin\Desktop\Google Chrome.lnk
[2012/01/07 21:09:43 | 000,002,011 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/07 21:05:54 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-664170069-3270079747-3634051635-1000UA.job
[2012/01/07 21:05:53 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-664170069-3270079747-3634051635-1000Core.job
[2012/01/07 15:42:18 | 000,008,522 | -HS- | C] () -- C:\Users\Justin\AppData\Local\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64
[2012/01/07 15:42:18 | 000,008,522 | -HS- | C] () -- C:\ProgramData\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64
[2012/01/02 14:30:42 | 000,000,239 | ---- | C] () -- C:\Users\Justin\Morrowind.ini
[2011/12/30 09:09:29 | 000,001,081 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/30 09:09:29 | 000,001,057 | ---- | C] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
[2011/12/20 19:26:57 | 000,000,312 | ---- | C] () -- C:\ProgramData\~XSzL9FBcBYkRkg
[2011/12/20 19:26:57 | 000,000,208 | ---- | C] () -- C:\ProgramData\~XSzL9FBcBYkRkgr
[2011/12/20 19:26:52 | 000,000,528 | ---- | C] () -- C:\ProgramData\XSzL9FBcBYkRkg
[2011/12/11 16:38:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/11 16:38:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/11 16:38:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/11 16:38:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/11 16:38:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/30 15:31:52 | 000,000,312 | ---- | C] () -- C:\ProgramData\~pAHIyegCV8JONs
[2011/11/30 15:31:52 | 000,000,216 | ---- | C] () -- C:\ProgramData\~pAHIyegCV8JONsr
[2011/11/30 15:31:44 | 000,000,440 | ---- | C] () -- C:\ProgramData\pAHIyegCV8JONs
[2011/11/02 15:21:05 | 000,274,231 | ---- | C] () -- C:\Users\Justin\AppData\Local\census.cache
[2011/11/02 15:20:47 | 000,222,706 | ---- | C] () -- C:\Users\Justin\AppData\Local\ars.cache
[2011/11/02 15:05:19 | 000,000,036 | ---- | C] () -- C:\Users\Justin\AppData\Local\housecall.guid.cache
[2011/09/04 12:40:46 | 000,023,494 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/07/05 09:01:46 | 000,008,744 | -HS- | C] () -- C:\Users\Justin\AppData\Local\mfy4m15f74d0oy5
[2011/07/05 09:01:46 | 000,008,744 | -HS- | C] () -- C:\ProgramData\mfy4m15f74d0oy5
[2011/05/09 17:43:48 | 000,008,715 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/01 19:06:25 | 000,016,896 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 12:58:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/24 12:58:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/13 21:27:20 | 000,136,532 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/03/13 21:27:20 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2011/03/03 20:18:17 | 000,000,979 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/03 19:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/03 00:41:15 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2011/03/03 00:30:29 | 000,000,272 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/03/03 00:29:56 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2011/03/03 00:27:41 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2011/03/03 00:27:41 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2011/03/02 23:18:08 | 000,001,356 | ---- | C] () -- C:\Users\Justin\AppData\Local\d3d9caps.dat
[2010/04/06 17:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/10/25 22:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2007/05/14 07:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,359,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,615,576 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,109,176 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Files - Unicode (All) ==========
[2011/06/23 05:49:38 | 000,037,293 | -H-- | M] ()(C:\Users\Justin\Documents\????0001.jpg) -- C:\Users\Justin\Documents\スキャン0001.jpg
[2011/06/23 05:49:36 | 000,037,293 | -H-- | C] ()(C:\Users\Justin\Documents\????0001.jpg) -- C:\Users\Justin\Documents\スキャン0001.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C5760A8B

< End of report >
http://www.bleepingcomputer.com/forums/topic436938.html/page__pid__2560993__st__15#entry2560993

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 22 January 2012 - 11:52 AM

Hi

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2012/01/07 15:44:00 | 000,008,522 | -HS- | M] () -- C:\Users\Justin\AppData\Local\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64
    [2012/01/07 15:44:00 | 000,008,522 | -HS- | M] () -- C:\ProgramData\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64
    [2011/12/20 19:57:48 | 000,000,208 | ---- | M] () -- C:\ProgramData\~XSzL9FBcBYkRkgr
    [2011/12/20 19:43:51 | 000,000,528 | ---- | M] () -- C:\ProgramData\XSzL9FBcBYkRkg
    [2011/12/20 19:40:36 | 000,000,312 | ---- | M] () -- C:\ProgramData\~XSzL9FBcBYkRkg
    [2011/11/30 15:31:52 | 000,000,312 | ---- | C] () -- C:\ProgramData\~pAHIyegCV8JONs
    [2011/11/30 15:31:52 | 000,000,216 | ---- | C] () -- C:\ProgramData\~pAHIyegCV8JONsr
    [2011/11/30 15:31:44 | 000,000,440 | ---- | C] () -- C:\ProgramData\pAHIyegCV8JONs
    [2011/07/05 09:01:46 | 000,008,744 | -HS- | C] () -- C:\Users\Justin\AppData\Local\mfy4m15f74d0oy5
    [2011/07/05 09:01:46 | 000,008,744 | -HS- | C] () -- C:\ProgramData\mfy4m15f74d0oy5
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


I see you have run ComboFix previously - was this recent?

If so please post the log (found at c:\combofix.txt)



NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 22 January 2012 - 01:15 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Users\Justin\AppData\Local\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64 moved successfully.
C:\ProgramData\80tdwg46c560sg1np5hyt18i7l0b42757fvb4425h1ug64 moved successfully.
C:\ProgramData\~XSzL9FBcBYkRkgr moved successfully.
C:\ProgramData\XSzL9FBcBYkRkg moved successfully.
C:\ProgramData\~XSzL9FBcBYkRkg moved successfully.
C:\ProgramData\~pAHIyegCV8JONs moved successfully.
C:\ProgramData\~pAHIyegCV8JONsr moved successfully.
C:\ProgramData\pAHIyegCV8JONs moved successfully.
C:\Users\Justin\AppData\Local\mfy4m15f74d0oy5 moved successfully.
C:\ProgramData\mfy4m15f74d0oy5 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Justin\Desktop\cmd.bat deleted successfully.
C:\Users\Justin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Justin
->Temp folder emptied: 1332229427 bytes
->Temporary Internet Files folder emptied: 70070198 bytes
->Java cache emptied: 6356470 bytes
->FireFox cache emptied: 49789705 bytes
->Google Chrome cache emptied: 313533677 bytes
->Flash cache emptied: 2741 bytes

User: Public
->Temp folder emptied: 0 bytes

User: R&E
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64181143 bytes
RecycleBin emptied: 919047 bytes

Total Files Cleaned = 1,752.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01222012_130143

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

The combofix was from a week or more ago I think

For the TDSS killer nothing was found

#4 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 22 January 2012 - 01:42 PM

You can see on the other topic he told me to do tdss fix tool and tell him the results but the topic is closed so I guess I'll just tell you the results was
it said

Backdoor.Tidserv has not been found on your computer

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 22 January 2012 - 07:39 PM

OK

Please re-run ComboFix, allow it to update if it asks to do so,

make sure your security programs are disabled

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 23 January 2012 - 09:30 AM

Okay and could you reply to me about my previous post please

#7 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 23 January 2012 - 01:21 PM

It seems like the combo fix isn't working or something. It takes a very long time. When you first start it there is a little line that comes on and off that is all I see.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 23 January 2012 - 05:58 PM

OK,

Please delete the copy of combofix that you have on your desktop and download a fresh copy but rename it to svchost.exe before saving it > please save it directly to your c:\ drive (you will need to have file extensions showing), then boot into safe mode and give it a try from there.

To Show File Extensions:
  • Close all programs so that you are at your desktop.
  • Open the Control Panel switch to classic view, then click Folder Options.
  • After the new window appears select the View tab.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Press the Apply button and then the OK button and exit My Computer.
  • Now your computer is configured to show all hidden files.


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 24 January 2012 - 05:19 PM

I don't even know if the stupid thing works. How long is it supposed to take?

#10 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 24 January 2012 - 05:52 PM

Nevermind I'll just let it run overnight

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 24 January 2012 - 07:35 PM

Hi,

Yes it does work, you should see a blue DOS type box that runs though stages....

it may take a long time if your machine is heavily infected,


if you don't see the DOS box after an hour let me know as that would indicate that the malware is preventing it from running

If that happens,let me know, then run the following:

Download FixTDSS and save it to your desktop.

  • Double click on the FixTDSS.exe icon to run it.
  • Click the "I Accept" button, then the "Proceed" button to begin
  • The tool will restart your computer automatically - click OK to allow it to do so
  • The tool will begin it's scan on reboot > click "run" to begin
  • It will report if an infected MBR is found > click the "repair" button
  • a log is created in the same location as the tool and is called FixTDSS.log, please post the content in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 30 January 2012 - 06:03 PM

I don't think the combofix is working and for the fixtdss I think my microsoft security essentials detects the virus and does something with it so should I disable it turn off computer turn on then run the FixTdss so microsoft doesn't do anything to it so it can be detected by FixTdss?

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 30 January 2012 - 06:42 PM

Hi

we need to see if we can get ComboFix to run successfully

please run it with the following command (make sure MSSE is disabled)

Press the WinKey + R to open a run box:

Copy/paste the following text into the open run box > Click OK

ComboFix /nombr

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Artanderxia

Artanderxia
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 31 January 2012 - 07:00 PM

I disable MSSSE just by clicking on the real time protection thing?

Even after I do that it still says things about it

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:07 AM

Posted 31 January 2012 - 07:13 PM

that's OK, as long as you have disabled the real time protection, then just carry on

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users