Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast TDI Redirect Driver virus?


  • This topic is locked This topic is locked
38 replies to this topic

#1 theaftergl0w

theaftergl0w

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 19 March 2012 - 03:46 PM

I'm glad I went with my gut and decided not to go out and buy a new video card just yet. I had a feeling something just wasn't right with my computer. I originally posted at techsupportforum.com and had some help trying to diagnose why my computer always boots up with the lowest possible resolution and color. Tried uninstalling my driver NVIDIA, and reinstalling by following the directions of the people at that forum but the issue remained. If you would like to see my thread over at that forum you can do so here : http://www.techsupportforum.com/forums/f19/driver-error-or-possible-video-card-failure-635645.html#post3663132 - I am not currently still receiving help from them as I'm about 99% sure this has nothing to do with my drivers, and that instead I'm infected with another virus/malware or such. I really don't understand why this keeps happening to me, so I'm sorry to bother you guys yet again (this isn't my first time on this forum) :\ I really really do appreciate all of your help though so thank you, thank you, THANK YOU! I downloaded, installed and ran all the programs listed on the preparation page, however when I click the browse button to attach a file - nothing happens. I feel this may be because of the infected computer. Do you want me just to copy/paste the files instead?


edited to add logs :
Hijack this log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:55 PM, on 3/20/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19190)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://swagbucks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtilVst\jswpsapi.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8700 bytes



.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_29
Run by Fleischer at 15:12:22 on 2012-03-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1424 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://swagbucks.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [<NO NAME>]
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [D-Link D-Link Xtreme N Dual Band DWA-160] c:\program files\d-link\d-link xtreme n dual band dwa-160\AirNCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{64ECB3D9-BE64-4A70-8CF7-577EFD075FC2} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F495EAA6-79C9-4DD5-B2F3-6339F4D02F13} : DhcpNameServer = 192.168.0.1
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fleischer\appdata\roaming\mozilla\firefox\profiles\hr63hxts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1928863&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/|facebook.com
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-11-5 20352]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2009-11-5 5504]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-14 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 337880]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 20696]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-21 57688]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-8-5 266240]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-16 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-7 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
S3 arusb_lh;Atheros 11n Wireless LAN device driver;c:\windows\system32\drivers\arusb_lh.sys [2009-11-5 415744]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-5 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\d-link xtreme n dual band dwa-160\jswutilvst\jswpsapi.exe [2009-11-5 937984]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-19 19:30:33 388096 ----a-r- c:\users\fleischer\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-19 19:20:06 -------- d-----w- c:\users\fleischer\appdata\roaming\Malwarebytes
2012-03-19 19:20:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 19:20:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-19 19:20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-19 18:11:09 -------- d-----w- c:\users\fleischer\appdata\roaming\Wise Registry Cleaner
2012-03-19 18:09:48 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-03-19 16:43:11 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-03-19 14:34:15 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 14:34:15 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-17 12:57:05 -------- d-----w- C:\sh4ldr
2012-03-17 12:57:05 -------- d-----w- c:\program files\Enigma Software Group
2012-03-17 12:56:36 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-17 12:56:34 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-17 12:44:37 -------- d-----w- c:\windows\A13A764803C54B6AB7C118CB04588E52.TMP
2012-03-17 02:54:10 -------- d-----w- c:\users\fleischer\appdata\local\PackageAware
2012-03-16 21:08:25 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-16 21:08:25 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-03-16 21:08:25 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-16 21:08:25 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-03-16 21:08:25 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-16 21:07:59 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-16 21:06:47 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-16 21:06:47 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-03-16 21:06:47 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-16 21:06:47 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-16 21:06:47 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-16 21:06:46 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-16 21:06:46 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-16 21:06:46 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-16 21:06:46 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-03-16 21:06:46 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-16 21:06:45 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-03-16 21:06:45 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-16 21:05:42 -------- d-----w- C:\NVIDIA
2012-03-16 15:48:49 -------- d-----w- c:\program files\CPUID
2012-03-16 15:29:30 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ec222dea-9ac3-4180-ad33-0bc96858df16}\mpengine.dll
2012-03-15 19:50:02 -------- d-----w- c:\program files\Phyxion.net
2012-03-14 21:01:38 -------- d-----w- c:\programdata\Norton
2012-03-14 21:01:35 -------- d-----w- c:\programdata\NortonInstaller
2012-03-14 20:56:09 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-03-14 20:37:13 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-14 00:13:47 -------- d-----w- c:\programdata\Driver Manager
2012-03-13 23:52:33 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:52:26 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:52:26 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:52:26 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:52:25 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:52:25 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:52:09 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-13 23:51:58 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 23:51:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:12:55 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-03-13 15:37:49 -------- d-----w- c:\users\fleischer\appdata\roaming\SUPERAntiSpyware.com
2012-03-13 15:04:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-12 23:49:12 -------- d-----w- c:\program files\CCleaner
2012-03-12 20:18:45 -------- d-----w- c:\program files\iPod
2012-03-12 20:18:40 -------- d-----w- c:\program files\iTunes
2012-03-12 18:15:38 -------- d-----w- c:\users\fleischer\appdata\local\Microsoft Games
2012-03-12 05:34:08 -------- d-----w- c:\users\fleischer\appdata\local\{52652815-2C0E-4E7D-819B-FC36ACCA7D0D}
2012-03-12 05:33:40 -------- d-----w- c:\users\fleischer\appdata\local\{2CA12D3A-DB90-49F8-A1F1-ED7904FB8E24}
2012-03-11 17:33:19 -------- d-----w- c:\users\fleischer\appdata\local\{4BE4901A-60A8-4556-9C4E-3BE3EEE9B27D}
2012-03-11 17:32:50 -------- d-----w- c:\users\fleischer\appdata\local\{5437CE50-0AE2-4573-8D2C-CF935AE1B194}
2012-03-11 05:32:29 -------- d-----w- c:\users\fleischer\appdata\local\{3145C369-C9A8-4585-AF9B-5C852DD1F362}
2012-03-11 05:32:10 -------- d-----w- c:\users\fleischer\appdata\local\{7F3C8DC7-000C-4D23-86B1-8C8AED88CC54}
2012-03-10 17:30:47 -------- d-----w- c:\users\fleischer\appdata\local\{C8E75588-3EAC-4035-97C0-B8E23D516A70}
2012-03-10 17:30:27 -------- d-----w- c:\users\fleischer\appdata\local\{B41C174E-90DC-4D43-88B6-436FC43A7A66}
2012-03-09 15:23:31 -------- d-----w- c:\users\fleischer\appdata\local\{CA338423-6A54-489F-8026-50F8FFF318C1}
2012-03-09 15:23:05 -------- d-----w- c:\users\fleischer\appdata\local\{3770774A-B3C2-44B3-9B95-664AB2077C72}
2012-03-08 21:50:17 -------- d-----w- c:\users\fleischer\appdata\local\{6D079873-6130-41A2-9A6F-CEA0C4A0F693}
2012-03-08 21:49:58 -------- d-----w- c:\users\fleischer\appdata\local\{F5FE29F3-59FC-4143-9492-2A6BA4261923}
2012-03-08 09:49:24 -------- d-----w- c:\users\fleischer\appdata\local\{A1E307D4-0EFE-47A0-AC7A-97E8F6DD1221}
2012-03-08 09:48:56 -------- d-----w- c:\users\fleischer\appdata\local\{93C9C0E1-862C-4648-A1BA-1501AA3AAC5C}
2012-03-07 21:48:33 -------- d-----w- c:\users\fleischer\appdata\local\{05E96783-11CF-4B94-AFFA-9B80C94CD7A5}
2012-03-07 21:48:14 -------- d-----w- c:\users\fleischer\appdata\local\{8DE55874-1142-4FAF-BCD9-4FE93CDFA97E}
2012-03-07 07:10:50 -------- d-----w- c:\users\fleischer\appdata\local\{9A60C9AC-FDA4-4EB1-99FE-A17A0EB29046}
2012-03-07 07:10:30 -------- d-----w- c:\users\fleischer\appdata\local\{06AD42AE-3306-4262-A20A-C1CA54675E0D}
2012-03-06 19:10:07 -------- d-----w- c:\users\fleischer\appdata\local\{F9FB7886-ABD3-48F7-863B-A9141C00A042}
2012-03-06 19:09:19 -------- d-----w- c:\users\fleischer\appdata\local\{A76800C0-9A67-4771-8CD6-CC2688F54E18}
2012-03-06 07:08:57 -------- d-----w- c:\users\fleischer\appdata\local\{220B6349-5290-4D33-ADAE-B01F527A0D17}
2012-03-06 07:08:37 -------- d-----w- c:\users\fleischer\appdata\local\{64749630-0E69-45A0-82DF-AA9C1A660558}
2012-03-05 19:08:02 -------- d-----w- c:\users\fleischer\appdata\local\{9BACD555-284B-4FD5-9F7B-4B6096B7A464}
2012-03-05 19:07:42 -------- d-----w- c:\users\fleischer\appdata\local\{BD87F8AC-9CC2-4395-85FE-200016211012}
2012-03-05 07:07:20 -------- d-----w- c:\users\fleischer\appdata\local\{EF6B7AB9-4303-4B65-94DC-655030A7CC46}
2012-03-05 07:06:49 -------- d-----w- c:\users\fleischer\appdata\local\{AAC54F40-8831-4BF6-B6AF-B60864B3CDAD}
2012-03-04 19:06:27 -------- d-----w- c:\users\fleischer\appdata\local\{93D8956D-7CD2-492E-9DCC-C7B3AA38BB89}
2012-03-04 19:05:55 -------- d-----w- c:\users\fleischer\appdata\local\{6AC8C493-68F2-46D4-A24F-474E04C39C30}
2012-03-04 07:05:32 -------- d-----w- c:\users\fleischer\appdata\local\{1907C13D-E3B9-456D-9A83-08891BCE173D}
2012-03-04 07:04:57 -------- d-----w- c:\users\fleischer\appdata\local\{D0E2D29A-57EB-4F43-B119-426CE3AF0EF8}
2012-03-03 19:04:32 -------- d-----w- c:\users\fleischer\appdata\local\{D98B8C75-6FD6-4EC1-96BA-2FA6C22950C3}
2012-03-03 19:03:40 -------- d-----w- c:\users\fleischer\appdata\local\{4D4F6764-E9C7-4B7C-8FE0-783CA605FD56}
2012-03-03 07:03:16 -------- d-----w- c:\users\fleischer\appdata\local\{392A525C-DFD1-42D3-8FD9-8580B04AA3E4}
2012-03-03 07:02:38 -------- d-----w- c:\users\fleischer\appdata\local\{EC31C902-5C91-47FC-B375-280269D1CC93}
2012-03-02 19:02:16 -------- d-----w- c:\users\fleischer\appdata\local\{C556BB42-F596-4ED6-BC5E-0DF37C843113}
2012-03-02 19:01:56 -------- d-----w- c:\users\fleischer\appdata\local\{797235A3-15C6-4C78-A245-2F0C68EAE129}
2012-03-02 07:01:33 -------- d-----w- c:\users\fleischer\appdata\local\{19EE424E-EEE1-4ACF-A9A4-A113B41BC03C}
2012-03-02 07:01:02 -------- d-----w- c:\users\fleischer\appdata\local\{FD3C4970-943E-4374-A476-9CBAA879CBE0}
2012-03-01 19:00:40 -------- d-----w- c:\users\fleischer\appdata\local\{AB77511A-0949-4FE4-9ED4-D92FEA3FA4B6}
2012-03-01 19:00:04 -------- d-----w- c:\users\fleischer\appdata\local\{E5BC7DDD-001C-49BB-8E87-6C9BF2262E4F}
2012-03-01 06:59:41 -------- d-----w- c:\users\fleischer\appdata\local\{A36C3501-56E5-4D1F-91DC-FE8060B0E7F4}
2012-03-01 06:59:20 -------- d-----w- c:\users\fleischer\appdata\local\{B36C6717-DE76-4E2D-AAC1-0EECDC3358E3}
2012-02-29 18:58:57 -------- d-----w- c:\users\fleischer\appdata\local\{4A57F055-3193-4629-B9A3-B2976BE4DE8C}
2012-02-29 18:58:18 -------- d-----w- c:\users\fleischer\appdata\local\{7978CAA1-5133-4088-9C34-D30442F5504D}
2012-02-29 18:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-29 06:57:56 -------- d-----w- c:\users\fleischer\appdata\local\{EFFF940D-5B41-4145-8079-2937D00968E7}
2012-02-29 06:57:26 -------- d-----w- c:\users\fleischer\appdata\local\{8A06FF1B-72B0-403C-AD92-F7A84EC10CD4}
2012-02-28 18:57:04 -------- d-----w- c:\users\fleischer\appdata\local\{1E5C0C26-D622-41BA-A259-AFA8388660EC}
2012-02-28 18:56:44 -------- d-----w- c:\users\fleischer\appdata\local\{7C1A1533-4964-4959-8370-2800A619D5BE}
2012-02-28 06:56:07 -------- d-----w- c:\users\fleischer\appdata\local\{CA285A2F-8EAC-47C7-AADF-7BD1B912D4D1}
2012-02-28 06:55:33 -------- d-----w- c:\users\fleischer\appdata\local\{2254AC08-6467-45B5-B614-D141080649F4}
2012-02-27 18:55:10 -------- d-----w- c:\users\fleischer\appdata\local\{1F31EE3F-D336-4569-B126-877F5162607D}
2012-02-27 18:54:51 -------- d-----w- c:\users\fleischer\appdata\local\{A6350CC0-2B84-424C-BB8F-D5568A91CC3E}
2012-02-27 06:54:29 -------- d-----w- c:\users\fleischer\appdata\local\{96FD0C9F-F757-4F67-8CCE-A71F3F041DA6}
2012-02-27 06:53:55 -------- d-----w- c:\users\fleischer\appdata\local\{39ACC54E-A2B6-494A-8A67-033083E49CF9}
2012-02-26 18:53:33 -------- d-----w- c:\users\fleischer\appdata\local\{331EB59A-41C9-43F0-B17F-EC9FFF44963D}
2012-02-26 18:53:13 -------- d-----w- c:\users\fleischer\appdata\local\{127301DB-9CFF-48A5-9764-BCED28ACDF90}
2012-02-26 06:50:48 -------- d-----w- c:\users\fleischer\appdata\local\{135483ED-4138-4134-8A07-770605F6AB29}
2012-02-26 06:50:15 -------- d-----w- c:\users\fleischer\appdata\local\{7FD9F555-C858-4292-8180-78A3A12B3A53}
2012-02-25 18:49:41 -------- d-----w- c:\users\fleischer\appdata\local\{79C11DE9-EEEF-4361-A4C8-D4F5CA80C67E}
2012-02-25 18:49:21 -------- d-----w- c:\users\fleischer\appdata\local\{3B932F0D-BCBF-40CD-A8BA-A2E8EA17B28B}
2012-02-25 15:47:59 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2012-02-25 06:48:55 -------- d-----w- c:\users\fleischer\appdata\local\{54057959-975D-4D83-8387-7F337F33F378}
2012-02-25 06:46:35 -------- d-----w- c:\users\fleischer\appdata\local\{FB9C40F5-D009-42BB-9945-4478EA7C3CD0}
2012-02-24 18:46:13 -------- d-----w- c:\users\fleischer\appdata\local\{0C29BC19-DFC1-4BB9-8DF7-A842825CA324}
2012-02-24 18:45:53 -------- d-----w- c:\users\fleischer\appdata\local\{C8F3A4C2-29AA-42B7-887E-0C07989BA6EE}
2012-02-24 17:49:53 -------- d-----w- c:\users\fleischer\appdata\roaming\GameFly
2012-02-24 17:49:18 -------- d-----w- c:\program files\GameFly
2012-02-24 06:45:23 -------- d-----w- c:\users\fleischer\appdata\local\{B3170C44-04AE-4A9B-8F0E-D6611593D949}
2012-02-24 06:45:03 -------- d-----w- c:\users\fleischer\appdata\local\{1FE9D142-ED14-47DC-B82E-4AB3EB3E6F83}
2012-02-23 18:44:41 -------- d-----w- c:\users\fleischer\appdata\local\{C1CBB96B-70AA-4AF8-A17E-DFBE875C1606}
2012-02-23 18:44:13 -------- d-----w- c:\users\fleischer\appdata\local\{2AE1058E-4EEB-493E-850D-1C520843BD8A}
2012-02-23 06:43:52 -------- d-----w- c:\users\fleischer\appdata\local\{45594E9C-A066-437E-83D3-8A3F27B58365}
2012-02-23 06:43:23 -------- d-----w- c:\users\fleischer\appdata\local\{3F0D57BA-042E-480B-AAA1-609169F311B3}
2012-02-22 18:43:01 -------- d-----w- c:\users\fleischer\appdata\local\{6A51E2FD-232F-471A-8F0F-08F7F1625FAB}
2012-02-22 18:42:26 -------- d-----w- c:\users\fleischer\appdata\local\{CFABB4CB-D7A4-42C1-9F28-CE38F28B48D9}
2012-02-22 06:41:51 -------- d-----w- c:\users\fleischer\appdata\local\{40303BEF-D43B-4034-BA8C-DC876DCF2149}
2012-02-22 06:41:18 -------- d-----w- c:\users\fleischer\appdata\local\{BA216F48-A6AB-4A9F-9B11-C1DE8DB12E9A}
2012-02-21 18:40:56 -------- d-----w- c:\users\fleischer\appdata\local\{BF30CCA1-F454-41EE-A5EC-FFE288AF75CB}
2012-02-21 18:40:37 -------- d-----w- c:\users\fleischer\appdata\local\{B5F93412-230B-4DDD-9A2F-954A981C3324}
2012-02-21 06:40:14 -------- d-----w- c:\users\fleischer\appdata\local\{35EE92CE-DEE9-4429-A9E4-4B047C0D9C7B}
2012-02-21 06:39:46 -------- d-----w- c:\users\fleischer\appdata\local\{18924B29-BA59-455A-AFD2-C84FD6A141D6}
2012-02-20 18:39:24 -------- d-----w- c:\users\fleischer\appdata\local\{2C2590E1-6156-4317-8AAD-D9751490561B}
2012-02-20 18:38:57 -------- d-----w- c:\users\fleischer\appdata\local\{B92F1062-117E-4611-A3F6-1EBA2C9CF5C9}
2012-02-20 06:38:35 -------- d-----w- c:\users\fleischer\appdata\local\{5DC1916D-2465-4FF2-87F4-29EA0BC81F95}
2012-02-20 06:38:15 -------- d-----w- c:\users\fleischer\appdata\local\{3D44E639-C16A-461E-9AC7-436328F34664}
2012-02-19 18:37:54 -------- d-----w- c:\users\fleischer\appdata\local\{97972628-1211-4252-94E3-16870DBF9E93}
2012-02-19 18:37:23 -------- d-----w- c:\users\fleischer\appdata\local\{09DEA325-F91F-42A7-96E8-FDED87444AB0}
2012-02-19 06:37:01 -------- d-----w- c:\users\fleischer\appdata\local\{AE1B4D0C-A475-43D3-BFAA-0110BB99A343}
2012-02-19 06:36:28 -------- d-----w- c:\users\fleischer\appdata\local\{691C652E-AB50-42C4-B050-000A6BC84E1D}
.
==================== Find3M ====================
.
2012-03-19 18:40:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:13:25.61 ===============

Still can not get GMER to run on my computer, since it ran the first time and did not produce a log.

Edited by theaftergl0w, 20 March 2012 - 01:12 PM.


BC AdBot (Login to Remove)

 


#2 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 19 March 2012 - 04:58 PM

I'm heading to work now, but I just wanted to add that I'm not able to save the log from gmer... and 9 times out of 10 it freezes and doesn't complete the scan at all so I wanted to list a few of the problems it shows before turning the computer off.
Type: AttachedDevice, Name:\Driver\tdx\Device\Tcp, Value: aswRdr.SYS [avast!TDI redirect driver/AVAST software].

Type:AttachedDevice, Name\FileSystem\fastfat\Fat, Value:fltmgr.sys [Microsoft Filesystem Filter Manager Microsoft Corporation]

Theres another one of the fastfat with the type listed just as device and the value of 98294A7A

And then theres 4 types listed as .text, name:C:\Program Files\Mozilla Firefox\firefox.exe[236] Values are all different on those.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:34 AM

Posted 22 March 2012 - 06:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 23 March 2012 - 09:07 PM

Hi yes, I would love some help. Thanks!

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:34 AM

Posted 23 March 2012 - 09:11 PM

Okay, let's take a look for something malicious then.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Then run OTL for me

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#6 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 23 March 2012 - 09:49 PM

Attempting to run aswMBR, but it appeared frozen at one point to I restarted it, left the room, came back 5 minutes later and my computer had restarted itself. Im trying to run it again. Should I do this in safemode instead? Im booted up normally right now.

#7 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 23 March 2012 - 10:04 PM

Im not sure if this log is complete? How long does it usually take to scan? It seems to get hung up at certain point, but let me know if you want me to run it again.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 21:46:45
-----------------------------
21:46:45.214 OS Version: Windows 6.0.6002 Service Pack 2
21:46:45.214 Number of processors: 4 586 0xF0B
21:46:45.214 ComputerName: FLEISCHER-PC UserName: Fleischer
21:46:53.139 Initialize success
21:46:56.649 AVAST engine defs: 12032302
21:46:58.209 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:46:58.209 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
21:46:58.224 Disk 0 MBR read successfully
21:46:58.224 Disk 0 MBR scan
21:46:58.224 Disk 0 Windows VISTA default MBR code
21:46:58.224 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:46:58.240 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 81920
21:46:58.240 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289844 MB offset 31539200
21:46:58.255 Disk 0 scanning sectors +625139712
21:46:58.318 Disk 0 scanning C:\Windows\system32\drivers
21:47:09.442 Service scanning
21:47:26.789 Modules scanning
21:47:30.455 Disk 0 trace - called modules:
21:47:30.486 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
21:47:30.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860986b0]
21:47:30.486 3 CLASSPNP.SYS[88ba48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e73030]
21:47:31.609 AVAST engine scan C:\Windows
21:47:34.058 AVAST engine scan C:\Windows\system32
21:49:13.571 AVAST engine scan C:\Windows\system32\drivers
21:49:22.978 AVAST engine scan C:\Users\Fleischer
22:02:23.820 Disk 0 MBR has been saved successfully to "C:\Users\Fleischer\Desktop\MBR.dat"
22:02:23.820 The log file has been saved successfully to "C:\Users\Fleischer\Desktop\aswMBR.txt"

Im going to run the other program now.

#8 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 23 March 2012 - 10:16 PM

Attempted to run OTL, but was prompted by avast about a suspicious program. I disabled avast and tried to run OTL but it froze the computer and the window was (not responding). I booted into safemode because I noticed when I do, avast isn't in my system tray. Do you want me to try and run these programs while in safemode?

Sidenote : I noticed theres a lot of items on my desktop that I dont know what they are. two files are called desktop.ini and another is called .picasaoriginals. Theres also MBR.dat, which Im unsure of as well.

#9 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 24 March 2012 - 12:38 PM

I was able to run OTL under safemode after a few tries

OTL logfile created on: 3/24/2012 12:31:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Fleischer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.11% Memory free
4.23 Gb Paging File | 3.96 Gb Available in Paging File | 93.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.05 Gb Total Space | 50.48 Gb Free Space | 17.83% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.62 Gb Free Space | 64.11% Space Free | Partition Type: NTFS

Computer Name: FLEISCHER-PC | User Name: Fleischer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Fleischer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (jswpsapi) -- C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtilVst\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation)
SRV - (M1 Server) Intel® Viiv™ -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (SDDMI2) -- C:\Windows\system32\DDMI2.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\FLEISC~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\arusb_lh.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (nmsgopro) -- C:\Windows\System32\drivers\nmsgopro.sys (Gteko Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://swagbucks.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 8E 25 77 FE FC CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=HnIKGX95CE92jyCjSzO30t2JSBM?q={searchTerms}
IE - HKCU\..\SearchScopes\{A9865E50-43E4-40E5-8F3B-D887AFA28283}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{E74B210A-155C-4ECC-953B-E2C76F774A10}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/05 13:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/12/02 01:25:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/12 18:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 11:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/19 11:32:49 | 000,000,000 | ---D | M]

[2012/01/09 10:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 09:34:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/19 09:34:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/24 21:22:57 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/01/15 12:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 00:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2011/02/28 11:25:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/02/28 11:25:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/10/14 22:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/11/26 14:20:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/11/26 14:20:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/11/26 14:20:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/11/26 14:20:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/11/26 14:20:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/11/26 14:20:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/11/26 14:20:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/02/03 10:17:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/02/03 10:17:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/03 10:17:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/02/03 10:17:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/24 21:22:58 | 000,002,020 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
[2012/02/03 10:17:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/03 10:17:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/03/19 11:39:04 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Fleischer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: No name found = C:\Users\Fleischer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/03/12 18:02:19 | 000,440,678 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64ECB3D9-BE64-4A70-8CF7-577EFD075FC2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F495EAA6-79C9-4DD5-B2F3-6339F4D02F13}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fleischer\Pictures\{Canon Pix}\2010_05_01\IMG_5651.JPG
O24 - Desktop BackupWallPaper: C:\Users\Fleischer\Pictures\{Canon Pix}\2010_05_01\IMG_5651.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 22:05:24 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012/03/23 21:17:44 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Fleischer\Desktop\OTL.exe
[2012/03/23 21:17:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fleischer\Desktop\aswMBR.exe
[2012/03/19 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\Desktop\gmer
[2012/03/19 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/19 14:20:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/19 14:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/19 14:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/19 11:43:11 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2012/03/17 07:57:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/03/17 07:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/17 07:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/03/16 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\PackageAware
[2012/03/16 16:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/03/16 16:08:25 | 003,881,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/03/16 16:08:25 | 002,719,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/03/16 16:08:25 | 000,108,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/03/16 16:08:25 | 000,062,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/03/16 16:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/03/16 16:06:47 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/03/16 16:06:47 | 010,819,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/03/16 16:06:47 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/03/16 16:06:47 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/03/16 16:06:47 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/16 16:06:46 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/03/16 16:06:46 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/03/16 16:06:46 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/03/16 16:06:46 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/03/16 16:06:46 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/03/16 16:06:45 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/03/16 16:06:45 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/03/16 16:05:42 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/03/16 10:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/03/16 10:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/03/15 14:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/03/15 14:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2012/03/14 16:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/03/14 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/03/14 15:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/13 19:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Manager
[2012/03/13 18:52:33 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 18:52:26 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/13 18:52:26 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/13 18:52:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/13 18:52:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/13 18:52:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/13 18:51:58 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/13 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2012/03/13 10:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/12 18:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/12 18:02:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2012/03/12 15:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/12 15:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/12 15:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/12 13:15:38 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\Microsoft Games
[2012/03/12 00:34:08 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{52652815-2C0E-4E7D-819B-FC36ACCA7D0D}
[2012/03/12 00:33:40 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{2CA12D3A-DB90-49F8-A1F1-ED7904FB8E24}
[2012/03/11 12:33:19 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{4BE4901A-60A8-4556-9C4E-3BE3EEE9B27D}
[2012/03/11 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{5437CE50-0AE2-4573-8D2C-CF935AE1B194}
[2012/03/11 00:32:29 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{3145C369-C9A8-4585-AF9B-5C852DD1F362}
[2012/03/11 00:32:10 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{7F3C8DC7-000C-4D23-86B1-8C8AED88CC54}
[2012/03/10 12:30:47 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{C8E75588-3EAC-4035-97C0-B8E23D516A70}
[2012/03/10 12:30:27 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{B41C174E-90DC-4D43-88B6-436FC43A7A66}
[2012/03/09 10:23:31 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{CA338423-6A54-489F-8026-50F8FFF318C1}
[2012/03/09 10:23:05 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{3770774A-B3C2-44B3-9B95-664AB2077C72}
[2012/03/08 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{6D079873-6130-41A2-9A6F-CEA0C4A0F693}
[2012/03/08 16:49:58 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{F5FE29F3-59FC-4143-9492-2A6BA4261923}
[2012/03/08 04:49:24 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{A1E307D4-0EFE-47A0-AC7A-97E8F6DD1221}
[2012/03/08 04:48:56 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{93C9C0E1-862C-4648-A1BA-1501AA3AAC5C}
[2012/03/07 16:48:33 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{05E96783-11CF-4B94-AFFA-9B80C94CD7A5}
[2012/03/07 16:48:14 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{8DE55874-1142-4FAF-BCD9-4FE93CDFA97E}
[2012/03/07 02:10:50 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{9A60C9AC-FDA4-4EB1-99FE-A17A0EB29046}
[2012/03/07 02:10:30 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{06AD42AE-3306-4262-A20A-C1CA54675E0D}
[2012/03/06 14:10:07 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{F9FB7886-ABD3-48F7-863B-A9141C00A042}
[2012/03/06 14:09:19 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{A76800C0-9A67-4771-8CD6-CC2688F54E18}
[2012/03/06 02:08:57 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{220B6349-5290-4D33-ADAE-B01F527A0D17}
[2012/03/06 02:08:37 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{64749630-0E69-45A0-82DF-AA9C1A660558}
[2012/03/05 14:08:02 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{9BACD555-284B-4FD5-9F7B-4B6096B7A464}
[2012/03/05 14:07:42 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{BD87F8AC-9CC2-4395-85FE-200016211012}
[2012/03/05 10:43:52 | 000,000,000 | -H-D | C] -- C:\Users\Fleischer\Desktop\.picasaoriginals
[2012/03/05 02:07:20 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{EF6B7AB9-4303-4B65-94DC-655030A7CC46}
[2012/03/05 02:06:49 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{AAC54F40-8831-4BF6-B6AF-B60864B3CDAD}
[2012/03/04 14:06:27 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{93D8956D-7CD2-492E-9DCC-C7B3AA38BB89}
[2012/03/04 14:05:55 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{6AC8C493-68F2-46D4-A24F-474E04C39C30}
[2012/03/04 02:05:32 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{1907C13D-E3B9-456D-9A83-08891BCE173D}
[2012/03/04 02:04:57 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{D0E2D29A-57EB-4F43-B119-426CE3AF0EF8}
[2012/03/03 14:04:32 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{D98B8C75-6FD6-4EC1-96BA-2FA6C22950C3}
[2012/03/03 14:03:40 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{4D4F6764-E9C7-4B7C-8FE0-783CA605FD56}
[2012/03/03 02:03:16 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{392A525C-DFD1-42D3-8FD9-8580B04AA3E4}
[2012/03/03 02:02:38 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{EC31C902-5C91-47FC-B375-280269D1CC93}
[2012/03/02 14:02:16 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{C556BB42-F596-4ED6-BC5E-0DF37C843113}
[2012/03/02 14:01:56 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{797235A3-15C6-4C78-A245-2F0C68EAE129}
[2012/03/02 02:01:33 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{19EE424E-EEE1-4ACF-A9A4-A113B41BC03C}
[2012/03/02 02:01:02 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{FD3C4970-943E-4374-A476-9CBAA879CBE0}
[2012/03/01 14:00:40 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{AB77511A-0949-4FE4-9ED4-D92FEA3FA4B6}
[2012/03/01 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{E5BC7DDD-001C-49BB-8E87-6C9BF2262E4F}
[2012/03/01 01:59:41 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{A36C3501-56E5-4D1F-91DC-FE8060B0E7F4}
[2012/03/01 01:59:20 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{B36C6717-DE76-4E2D-AAC1-0EECDC3358E3}
[2012/02/29 13:58:57 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{4A57F055-3193-4629-B9A3-B2976BE4DE8C}
[2012/02/29 13:58:18 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{7978CAA1-5133-4088-9C34-D30442F5504D}
[2012/02/29 01:57:56 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{EFFF940D-5B41-4145-8079-2937D00968E7}
[2012/02/29 01:57:26 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{8A06FF1B-72B0-403C-AD92-F7A84EC10CD4}
[2012/02/28 13:57:04 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{1E5C0C26-D622-41BA-A259-AFA8388660EC}
[2012/02/28 13:56:44 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{7C1A1533-4964-4959-8370-2800A619D5BE}
[2012/02/28 01:56:07 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{CA285A2F-8EAC-47C7-AADF-7BD1B912D4D1}
[2012/02/28 01:55:33 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{2254AC08-6467-45B5-B614-D141080649F4}
[2012/02/27 13:55:10 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{1F31EE3F-D336-4569-B126-877F5162607D}
[2012/02/27 13:54:51 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{A6350CC0-2B84-424C-BB8F-D5568A91CC3E}
[2012/02/27 01:54:29 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{96FD0C9F-F757-4F67-8CCE-A71F3F041DA6}
[2012/02/27 01:53:55 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{39ACC54E-A2B6-494A-8A67-033083E49CF9}
[2012/02/26 13:53:33 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{331EB59A-41C9-43F0-B17F-EC9FFF44963D}
[2012/02/26 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{127301DB-9CFF-48A5-9764-BCED28ACDF90}
[2012/02/26 01:50:48 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{135483ED-4138-4134-8A07-770605F6AB29}
[2012/02/26 01:50:15 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{7FD9F555-C858-4292-8180-78A3A12B3A53}
[2012/02/25 13:49:41 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{79C11DE9-EEEF-4361-A4C8-D4F5CA80C67E}
[2012/02/25 13:49:21 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{3B932F0D-BCBF-40CD-A8BA-A2E8EA17B28B}
[2012/02/25 10:48:12 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012/02/25 10:48:12 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2012/02/25 10:48:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012/02/25 10:48:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2012/02/25 10:48:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012/02/25 10:48:11 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012/02/25 10:48:11 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2012/02/25 10:48:11 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012/02/25 10:48:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012/02/25 10:48:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012/02/25 10:48:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012/02/25 10:48:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012/02/25 10:48:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012/02/25 10:48:09 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/02/25 10:48:07 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012/02/25 10:48:07 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012/02/25 10:48:06 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2012/02/25 10:48:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/02/25 10:48:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2012/02/25 10:48:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2012/02/25 10:48:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2012/02/25 10:48:04 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012/02/25 10:48:04 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012/02/25 10:48:04 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2012/02/25 10:48:04 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012/02/25 10:48:03 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012/02/25 10:48:03 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012/02/25 10:48:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012/02/25 10:48:03 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012/02/25 10:48:03 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012/02/25 10:48:03 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012/02/25 10:48:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012/02/25 10:48:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012/02/25 10:48:02 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012/02/25 10:48:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012/02/25 10:48:02 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012/02/25 10:48:01 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012/02/25 10:48:01 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012/02/25 10:48:01 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012/02/25 10:48:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012/02/25 10:48:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012/02/25 10:48:00 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2012/02/25 10:48:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2012/02/25 10:48:00 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2012/02/25 10:47:59 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2012/02/25 10:47:59 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2012/02/25 10:47:59 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2012/02/25 10:47:58 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2012/02/25 10:47:58 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2012/02/25 10:47:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2012/02/25 10:47:58 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2012/02/25 10:47:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2012/02/25 10:47:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2012/02/25 10:47:57 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2012/02/25 10:47:55 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012/02/25 10:47:54 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012/02/25 10:47:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012/02/25 10:47:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012/02/25 10:47:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012/02/25 10:47:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2012/02/25 10:47:53 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012/02/25 10:47:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012/02/25 10:47:53 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012/02/25 10:47:53 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012/02/25 10:47:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012/02/25 10:47:52 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012/02/25 10:47:52 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012/02/25 10:47:51 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012/02/25 10:47:50 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/02/25 10:47:50 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012/02/25 10:47:49 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/02/25 10:47:49 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/02/25 10:47:48 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/02/25 10:47:48 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/02/25 10:47:48 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/02/25 10:47:47 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/02/25 10:47:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/02/25 10:47:37 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/02/25 10:47:36 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/02/25 10:47:36 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/02/25 10:47:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/02/25 10:47:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/02/25 10:47:34 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/02/25 10:47:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/02/25 10:47:32 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/02/25 01:48:55 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{54057959-975D-4D83-8387-7F337F33F378}
[2012/02/25 01:46:35 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{FB9C40F5-D009-42BB-9945-4478EA7C3CD0}
[2012/02/24 13:46:13 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{0C29BC19-DFC1-4BB9-8DF7-A842825CA324}
[2012/02/24 13:45:53 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{C8F3A4C2-29AA-42B7-887E-0C07989BA6EE}
[2012/02/24 12:49:53 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\Documents\Gamefly
[2012/02/24 12:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\GameFly
[2012/02/24 01:45:23 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{B3170C44-04AE-4A9B-8F0E-D6611593D949}
[2012/02/24 01:45:03 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{1FE9D142-ED14-47DC-B82E-4AB3EB3E6F83}
[2012/02/23 13:44:41 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{C1CBB96B-70AA-4AF8-A17E-DFBE875C1606}
[2012/02/23 13:44:13 | 000,000,000 | ---D | C] -- C:\Users\Fleischer\AppData\Local\{2AE1058E-4EEB-493E-850D-1C520843BD8A}
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/24 12:29:59 | 000,625,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/24 12:29:59 | 000,112,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/24 12:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/23 22:02:23 | 000,000,512 | ---- | M] () -- C:\Users\Fleischer\Desktop\MBR.dat
[2012/03/23 21:38:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/23 21:38:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/23 21:38:35 | 365,016,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/23 21:17:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Fleischer\Desktop\OTL.exe
[2012/03/23 21:17:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fleischer\Desktop\aswMBR.exe
[2012/03/19 15:17:14 | 000,294,216 | ---- | M] () -- C:\Users\Fleischer\Desktop\gmer.zip
[2012/03/19 15:06:46 | 000,000,000 | ---- | M] () -- C:\Users\Fleischer\defogger_reenable
[2012/03/19 13:40:24 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/19 11:03:18 | 000,326,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/13 18:45:00 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/13 18:44:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/12 18:58:56 | 000,233,316 | ---- | M] () -- C:\Users\Fleischer\Documents\cc_20120312_185826.reg
[2012/03/12 18:02:19 | 000,440,678 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/12 15:19:33 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/11 06:58:36 | 000,013,230 | ---- | M] () -- C:\Windows\System32\Support.xml
[2012/03/10 23:07:16 | 000,001,356 | ---- | M] () -- C:\Users\Fleischer\AppData\Local\d3d9caps.dat
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 18:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/29 18:59:00 | 019,444,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/29 18:59:00 | 017,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/29 18:59:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/02/29 18:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/29 18:59:00 | 007,713,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/02/29 18:59:00 | 005,892,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/29 18:59:00 | 002,517,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/29 18:59:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/29 18:59:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/02/29 18:59:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/02/29 18:59:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/02/29 18:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/29 18:59:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/29 15:56:41 | 003,881,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/02/29 15:55:16 | 002,719,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/02/29 15:53:47 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/02/29 15:53:46 | 000,062,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/02/29 13:26:56 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/23 21:31:07 | 000,000,512 | ---- | C] () -- C:\Users\Fleischer\Desktop\MBR.dat
[2012/03/19 15:17:14 | 000,294,216 | ---- | C] () -- C:\Users\Fleischer\Desktop\gmer.zip
[2012/03/19 15:06:46 | 000,000,000 | ---- | C] () -- C:\Users\Fleischer\defogger_reenable
[2012/03/16 22:48:00 | 365,016,237 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/16 16:06:47 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/03/13 18:45:00 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/12 18:58:34 | 000,233,316 | ---- | C] () -- C:\Users\Fleischer\Documents\cc_20120312_185826.reg
[2012/03/12 15:19:33 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/01/30 15:35:18 | 000,000,567 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/03 18:35:34 | 000,000,579 | ---- | C] () -- C:\Users\Fleischer\AppData\Local\cookies.ini
[2011/09/11 20:16:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/09/11 20:16:07 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010/12/31 14:41:31 | 000,716,976 | ---- | C] () -- C:\Users\Fleischer\AppData\Local\rx_image.Cache
[2010/12/31 14:41:23 | 000,118,048 | ---- | C] () -- C:\Users\Fleischer\AppData\Local\rx_audio.Cache
[2010/12/20 17:07:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/20 17:07:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/20 17:07:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/20 17:07:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/20 17:07:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/17 09:35:10 | 000,000,036 | ---- | C] () -- C:\Users\Fleischer\AppData\Local\housecall.guid.cache
[2010/12/16 14:45:37 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/08/05 15:52:10 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe
[2010/07/21 14:17:21 | 000,001,356 | ---- | C] () -- C:\Users\Fleischer\AppData\Local\d3d9caps.dat
[2010/05/30 20:22:30 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/04/14 13:10:19 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2010/04/14 13:10:17 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2010/04/14 13:10:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2010/04/14 13:10:14 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2010/04/14 13:07:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2010/04/14 13:07:47 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL

========== LOP Check ==========

[2012/03/22 12:18:24 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Fleischer\Documents\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Fleischer\Documents\My RoboForm Data:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 3/24/2012 12:31:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Fleischer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.11% Memory free
4.23 Gb Paging File | 3.96 Gb Available in Paging File | 93.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.05 Gb Total Space | 50.48 Gb Free Space | 17.83% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.62 Gb Free Space | 64.11% Space Free | Partition Type: NTFS

Computer Name: FLEISCHER-PC | User Name: Fleischer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F45F2EC-C114-4382-BE10-208C3EC62390}" = lport=137 | protocol=17 | dir=in | app=system |
"{1AD259AF-C83C-4C10-B4E9-E7CA09D433B0}" = rport=445 | protocol=6 | dir=out | app=system |
"{1C4819A9-4A9B-4EED-A85C-BC6C458E782A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{490B3A03-403F-45E6-B611-CB6166E17549}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F6F8E37-4F27-4051-A3F7-67A645DBAEA5}" = rport=137 | protocol=17 | dir=out | app=system |
"{53871D28-2B2C-4390-97B2-F6EAA661345E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C2DD326-5242-420F-A6B1-A1B052463106}" = rport=138 | protocol=17 | dir=out | app=system |
"{5ED7791B-FBC2-46F3-B551-7A0CA87F3410}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{64470C85-5DD4-4826-869A-B49C5738F5C9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7882E379-132A-4D79-A1DA-A2E404003B87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C3FA55D-2A1C-4958-8577-F1F6511207F0}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{833339F5-C936-413C-8891-430BDF4F3729}" = rport=139 | protocol=6 | dir=out | app=system |
"{852D48C1-4712-4764-B28D-6FB57058E71B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9843225B-77CB-4485-A373-9BDB3C8D09AF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A007A479-8426-4AC7-9D98-203A469F19BE}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1ED8A22-562A-4570-BF7F-27A32CEC213D}" = lport=445 | protocol=6 | dir=in | app=system |
"{AEF0E7F6-F5F9-4F26-82A0-C6FD02691E97}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D0104DC8-5F97-479C-8630-8E05B0CA0C83}" = lport=139 | protocol=6 | dir=in | app=system |
"{F072451C-71A1-4A27-8323-B9F5EFA0FDBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBC5D46E-1F79-4658-816B-D503499C5347}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03025A6B-0A49-4D9A-B7BA-E950BE84CEBE}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{0ED4A7F5-D94B-495D-A02F-E37D5C657000}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1D802DC1-E52F-4AFB-91A6-124F797A61DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1FF2F028-A286-4063-840C-DE4E8B6258D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D8AB3A5-D79A-41BF-8201-8F29D98F3D1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{312D07F7-DDC9-4BC1-A1C3-92682BAB9DB7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3BBEAD77-92CF-4D48-B478-350F017635B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4765FC2F-F7AD-4048-B30F-9A6C4EA3D27B}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{50E0A426-68E5-4B98-913E-32E523EB5D29}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{75466582-7D59-40B2-B47E-901220132A3D}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{75981AF5-FD8D-4CE8-AB0C-D5DF45642366}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{84C116A4-3C76-47C8-9B3B-06B2DB6F4E57}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{8A0239FE-6D49-49A6-A31B-0814A4B816C6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{989A0EE5-B363-4115-81F6-DE18B1D3303A}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{C1C85F9C-8D8E-4AAF-915E-2EEE705429A2}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{D072AB71-644B-4829-9184-FC69AC98B4C8}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{DCF14B84-1020-472D-BD7A-360C2AB00B93}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{EA9F0707-9D8C-4672-95CB-D8E659D8DF25}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{EB1B0B33-8182-4F2B-86EB-495E87373965}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F2118912-C104-4C92-B07B-575D99118676}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{F8B3F466-FC1B-4300-A94A-3A4C0F7D565D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{2C3F304C-DA2C-48E5-841F-BC5387BA543F}C:\users\fleischer\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\fleischer\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D27497DB-3014-4946-87B1-F77C7A6FFEEA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{A5436B21-72EC-4EF1-9E90-AF067A174253}C:\users\fleischer\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\fleischer\appdata\roaming\spotify\spotify.exe |
"UDP Query User{EC8CC383-297F-4161-961A-513A39BE64D9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0F2FFDCA-43EB-47C0-A02E-D9A2ECF98A8A}" = Roxio RecordNow 9 Music Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.1.69
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv™ Software
"{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}" = D-Link Xtreme N Dual Band DWA-160
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}" = HP Deskjet 1050 J410 series Product Improvement Study
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E26B7916-0201-45C3-8415-2FA24DDAEE37}" = iTunesFolderWatch
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}" = HP Deskjet 1050 J410 series Basic Device Software
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = RoboForm 7-6-4 (All Users)
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"avast" = avast! Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"Dell PC Fax" = Dell PC Fax
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Desktop" = Google Desktop
"Intel® Configuration Center" = Intel® Viiv™ Software
"Live 7.0.3" = Live 7.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel® PRO Network Connections 11.2.1.69
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TinyWord2" = TinyWord 2.9.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2012 4:32:11 PM | Computer Name = Fleischer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/14/2012 4:32:11 PM | Computer Name = Fleischer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/14/2012 4:32:12 PM | Computer Name = Fleischer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/14/2012 4:32:12 PM | Computer Name = Fleischer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/14/2012 5:01:48 PM | Computer Name = Fleischer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/14/2012 5:01:48 PM | Computer Name = Fleischer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/14/2012 5:02:25 PM | Computer Name = Fleischer-PC | Source = Application Error | ID = 1000
Description = Faulting application hsplayer.exe, version 10.7.1.10, time stamp 0x4d30956f,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x02fe24e8, process id 0x178c, application start time 0x01cd0225bfaab786.

Error - 3/14/2012 5:13:08 PM | Computer Name = Fleischer-PC | Source = Application Error | ID = 1000
Description = Faulting application hsplayer.exe, version 10.7.1.10, time stamp 0x4d30956f,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x031224e8, process id 0x1688, application start time 0x01cd02273fc0cc16.

Error - 3/15/2012 12:16:39 PM | Computer Name = Fleischer-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/15/2012 4:27:42 PM | Computer Name = Fleischer-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 2/1/2011 2:45:10 PM | Computer Name = Fleischer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/23/2012 11:11:24 PM | Computer Name = Fleischer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/23/2012 11:11:24 PM | Computer Name = Fleischer-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/23/2012 11:29:50 PM | Computer Name = Fleischer-PC | Source = DCOM | ID = 10005
Description =

Error - 3/24/2012 1:26:02 PM | Computer Name = Fleischer-PC | Source = DCOM | ID = 10005
Description =

Error - 3/24/2012 1:26:08 PM | Computer Name = Fleischer-PC | Source = DCOM | ID = 10005
Description =

Error - 3/24/2012 1:26:09 PM | Computer Name = Fleischer-PC | Source = DCOM | ID = 10005
Description =

Error - 3/24/2012 1:26:10 PM | Computer Name = Fleischer-PC | Source = DCOM | ID = 10005
Description =

Error - 3/24/2012 1:26:10 PM | Computer Name = Fleischer-PC | Source = DCOM | ID = 10005
Description =

Error - 3/24/2012 1:27:11 PM | Computer Name = Fleischer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2012 1:27:11 PM | Computer Name = Fleischer-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Thanks!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:34 AM

Posted 25 March 2012 - 04:39 PM

None of the files you are highlighting are malicious but they are usually hidden so something has unhidden them. They need to be hidden at the end of the fix.

If Avast is stopping you running the tools then you need to disable the security program beforehand. Check the instructions here, I recommend that for the next step you disable it for 1 hour.

http://www.bleepingcomputer.com/forums/topic114351.html


Next we will run Combofix (if this fails in normal mode then boot into safe mode and run it there. Please let me know if you do this.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 26 March 2012 - 11:41 AM

Hi Mole. I ran combofix in regular mode, it took awhile and I got many error prompts during the scan. I got a notification of Rootkit Activity and was told to write down "C:\Documents and Settings\Release Engineer.Macrovision\Application Data\ntos.exe", my computer rebooted and I get this error several times "Find String (QGREP) Utility Stopped Working" and also "A readily available replacement was not found, combofix will need to do an extensive search", I also got an "error saving file C:\windows\erdnt\00000005\snx_rhive!"

The computer restarted itself, and I do no see a ComboFix.txt log.
I have catchme.log on the desktop but when I open it, it is just
File "C:\comfix\MT_taskmgr.exe.tmp" added successfully
File "C:\comfix\MT_vssvc.exe.tmp" added successfully
File "C:\comfix\MT_comres.dll.tmp" added successfully

I tried to search the C drive manually to look for the log, but I dont see it there either?

#12 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 26 March 2012 - 12:37 PM

Was able to run aswMBR completely and produce a full log, if it helps.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 21:46:45
-----------------------------
21:46:45.214 OS Version: Windows 6.0.6002 Service Pack 2
21:46:45.214 Number of processors: 4 586 0xF0B
21:46:45.214 ComputerName: FLEISCHER-PC UserName: Fleischer
21:46:53.139 Initialize success
21:46:56.649 AVAST engine defs: 12032302
21:46:58.209 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:46:58.209 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
21:46:58.224 Disk 0 MBR read successfully
21:46:58.224 Disk 0 MBR scan
21:46:58.224 Disk 0 Windows VISTA default MBR code
21:46:58.224 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:46:58.240 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 81920
21:46:58.240 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289844 MB offset 31539200
21:46:58.255 Disk 0 scanning sectors +625139712
21:46:58.318 Disk 0 scanning C:\Windows\system32\drivers
21:47:09.442 Service scanning
21:47:26.789 Modules scanning
21:47:30.455 Disk 0 trace - called modules:
21:47:30.486 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
21:47:30.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860986b0]
21:47:30.486 3 CLASSPNP.SYS[88ba48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e73030]
21:47:31.609 AVAST engine scan C:\Windows
21:47:34.058 AVAST engine scan C:\Windows\system32
21:49:13.571 AVAST engine scan C:\Windows\system32\drivers
21:49:22.978 AVAST engine scan C:\Users\Fleischer
22:02:23.820 Disk 0 MBR has been saved successfully to "C:\Users\Fleischer\Desktop\MBR.dat"
22:02:23.820 The log file has been saved successfully to "C:\Users\Fleischer\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 11:53:47
-----------------------------
11:53:47.730 OS Version: Windows 6.0.6002 Service Pack 2
11:53:47.730 Number of processors: 4 586 0xF0B
11:53:47.730 ComputerName: FLEISCHER-PC UserName: Fleischer
11:53:48.744 Initialize success
11:53:52.457 AVAST engine defs: 12032601
11:53:55.249 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:53:55.249 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
11:53:55.265 Disk 0 MBR read successfully
11:53:55.265 Disk 0 MBR scan
11:53:55.265 Disk 0 Windows VISTA default MBR code
11:53:55.265 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:53:55.280 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 81920
11:53:55.280 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289844 MB offset 31539200
11:53:55.280 Disk 0 scanning sectors +625139712
11:53:55.343 Disk 0 scanning C:\Windows\system32\drivers
11:54:01.037 Service scanning
11:54:12.705 Modules scanning
11:54:15.545 Disk 0 trace - called modules:
11:54:15.576 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
11:54:15.576 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86786ac8]
11:54:15.576 3 CLASSPNP.SYS[88ba78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85a95030]
11:54:16.512 AVAST engine scan C:\Windows
11:54:19.413 AVAST engine scan C:\Windows\system32
11:55:48.895 AVAST engine scan C:\Windows\system32\drivers
11:55:55.369 AVAST engine scan C:\Users\Fleischer
12:08:24.559 AVAST engine scan C:\ProgramData
12:15:37.319 Scan finished successfully
12:34:23.670 Disk 0 MBR has been saved successfully to "C:\Users\Fleischer\Desktop\MBR.dat"
12:34:23.717 The log file has been saved successfully to "C:\Users\Fleischer\Desktop\aswMBR.txt"

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:34 AM

Posted 26 March 2012 - 06:36 PM

Check for the log here:

Please go to start -> Run.

Copy and paste the bold line in the run-box and click OK:

cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt

A text file opens up, copy and paste the content to your reply.
Posted Image
m0le is a proud member of UNITE

#14 theaftergl0w

theaftergl0w
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 PM

Posted 26 March 2012 - 09:39 PM

C:\QooBox\Add-Remove Programs.txt
C:\QooBox\BackEnv
C:\QooBox\ComboFix-quarantined-files.txt
C:\QooBox\ComboFix2.txt
C:\QooBox\LastRun
C:\QooBox\Quarantine
C:\QooBox\SnapShot@2010-12-20_22.15.02.dat
C:\QooBox\Test
C:\QooBox\TestC
C:\QooBox\BackEnv\AppData.folder.dat
C:\QooBox\BackEnv\Cache.folder.dat
C:\QooBox\BackEnv\Cookies.folder.dat
C:\QooBox\BackEnv\Desktop.folder.dat
C:\QooBox\BackEnv\Favorites.folder.dat
C:\QooBox\BackEnv\History.folder.dat
C:\QooBox\BackEnv\LocalAppData.folder.dat
C:\QooBox\BackEnv\LocalSettings.folder.dat
C:\QooBox\BackEnv\Music.folder.dat
C:\QooBox\BackEnv\NetHood.folder.dat
C:\QooBox\BackEnv\Personal.folder.dat
C:\QooBox\BackEnv\Pictures.folder.dat
C:\QooBox\BackEnv\PrintHood.folder.dat
C:\QooBox\BackEnv\Profiles.Folder.dat
C:\QooBox\BackEnv\Profiles.Folder.folder.dat
C:\QooBox\BackEnv\Programs.folder.dat
C:\QooBox\BackEnv\Recent.folder.dat
C:\QooBox\BackEnv\SendTo.folder.dat
C:\QooBox\BackEnv\SetPath.bat
C:\QooBox\BackEnv\StartMenu.folder.dat
C:\QooBox\BackEnv\StartUp.folder.dat
C:\QooBox\BackEnv\SysPath.dat
C:\QooBox\BackEnv\Templates.folder.dat
C:\QooBox\BackEnv\VikPev00
C:\QooBox\LastRun\CregC.old
C:\QooBox\LastRun\d-del4AV.dat
C:\QooBox\LastRun\drev_.dat
C:\QooBox\LastRun\erunt.dat
C:\QooBox\LastRun\Gateway
C:\QooBox\LastRun\ndis_log.old
C:\QooBox\LastRun\RenVDel.dat
C:\QooBox\LastRun\SvcTarget.dat
C:\QooBox\LastRun\zhsvc.old
C:\QooBox\Quarantine\C
C:\QooBox\Quarantine\catchme.log
C:\QooBox\Quarantine\Registry_backups
C:\QooBox\Quarantine\C\Documents and Settings
C:\QooBox\Quarantine\C\Program Files
C:\QooBox\Quarantine\C\ProgramData
C:\QooBox\Quarantine\C\Users
C:\QooBox\Quarantine\C\Windows
C:\QooBox\Quarantine\C\Documents and Settings\ReleaseEngineer.MACROVISION
C:\QooBox\Quarantine\C\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar
C:\QooBox\Quarantine\C\Program Files\Search Settings
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\IE
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome.manifest.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\components
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\install.rdf.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\locale
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\chevron.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\chevron.xul.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\login.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\login.xul.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\parser.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.xul.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\widgichevron.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\widgicomm.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\widgihandling.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\widgilisteners.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\content\widgiui.js.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\amazon.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\apple.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\barnes.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\chevron.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\ebay.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\macys.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\newegg.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\overstock.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search-button.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\searchbox.css.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\separator.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\target.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\walmart.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\components\config.ini.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\IE\4.0.2
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\IE\4.0.2\config.ini.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\amazon.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\apple.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\barnes.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\bestbuy.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\dealio_logo.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\dealio_logo_hover.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\ebay.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\icon_settings.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\macys.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\newegg.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\overstock.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search-button-hover.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search-button.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search-chevron-hover.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search-chevron.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search_amazon.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search_dealio.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search_ebay.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\search_yahoo.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\target.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\walmart.gif.vir
C:\QooBox\Quarantine\C\Program Files\Dealio Toolbar\Res\widgets.xml.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF
C:\QooBox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome.manifest.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\components
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\install.rdf.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\content
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\locale
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\content\plugin.js.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\content\plugin.xul.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\content\protection.js.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\content\utils.js.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\locale\en-US
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\components\IFBHOSearch.xpt.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt.vir
C:\QooBox\Quarantine\C\Program Files\Search Settings\FF\components\IFHelperPreferences.xpt.vir
C:\QooBox\Quarantine\C\ProgramData\Microsoft
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir
C:\QooBox\Quarantine\C\Users\Fleischer
C:\QooBox\Quarantine\C\Users\Fleischer\AppData
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming\inst.exe.vir
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming\Microsoft
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming\Microsoft\Windows
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming\Microsoft\Windows\Start Menu
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
C:\QooBox\Quarantine\C\Users\Fleischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk.vir
C:\QooBox\Quarantine\C\Windows\System32
C:\QooBox\Quarantine\C\Windows\System32\comres.dll.vir
C:\QooBox\Quarantine\C\Windows\System32\taskmgr.exe.vir
C:\QooBox\Quarantine\C\Windows\System32\vssvc.exe.vir
C:\QooBox\Quarantine\Registry_backups\HKLM-Run-SearchSettings.reg.dat
C:\QooBox\Quarantine\Registry_backups\SafeBoot-mcmscsvc.reg.dat
C:\QooBox\Quarantine\Registry_backups\SafeBoot-MCODS.reg.dat
C:\QooBox\Quarantine\Registry_backups\tcpip.reg

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:34 AM

Posted 27 March 2012 - 02:42 PM

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users