Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search hijacking


  • Please log in to reply
7 replies to this topic

#1 rmicalet

rmicalet

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 14 May 2012 - 09:28 AM

Recently, my browser has been intermittently redirected when clicking on google search links. It doesn't happen all the time and when it does happen, if I hit the back button and click again, I'm usually sent to the right address. My pc tools spyware doctor with antivirus hasn't seemed to fix this problem. I tried spybot and i'm cautiously optimistic that that eliminated the problem (spybot only found one infection, namely, W3i.IQ5 and it seemed to have no trouble removing it). After running spybot, I ran hijackthis and am posting the log file here to see if anyone would be kind enough to peruse it and let me know if there are particular entries I should be removing. I'd be extremely grateful, if so.

Regards,
rmicalet

HijackThis log file below:
--------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:22 AM, on 2012/05/14
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\Growl for Windows\Growl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\eSignal\WinSig.exe
C:\Program Files (x86)\eSignal\winros.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files\R\R-2.14.2\bin\i386\Rgui.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pugetsystems.com\welcome.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: Create S Drive.lnk = C:\Windows\System32\cmd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files (x86)\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files (x86)\iMacros\imacros.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMCC 3DM2 (3DM2) - AMCC - C:\Program Files\AMCC\3DM2/3dm2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11524 bytes

BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:33 AM

Posted 14 May 2012 - 01:08 PM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 rmicalet

rmicalet
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 14 May 2012 - 01:35 PM

OTL.TXT:

OTL logfile created on: 2012/05/14 2:25:46 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Raymond\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd

11.99 Gb Total Physical Memory | 8.59 Gb Available Physical Memory | 71.65% Memory free
24.07 Gb Paging File | 20.82 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 558.77 Gb Total Space | 337.50 Gb Free Space | 60.40% Space Free | Partition Type: NTFS
Drive S: | 558.77 Gb Total Space | 337.50 Gb Free Space | 60.40% Space Free | Partition Type: NTFS

Computer Name: MICALETTI | User Name: Raymond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 14:24:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Raymond\Downloads\OTL.exe
PRC - [2012/03/21 16:07:08 | 003,817,472 | ---- | M] (element code project) -- C:\Program Files (x86)\Growl for Windows\Growl.exe
PRC - [2012/03/14 10:04:38 | 000,049,321 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2011/12/05 09:07:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/11/22 20:41:50 | 002,659,256 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/11/22 20:41:50 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2011/11/22 19:20:06 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2011/11/22 19:20:02 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2011/11/14 17:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/02 13:55:38 | 003,858,432 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2008/06/19 14:22:08 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2008/01/31 17:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/12/07 14:39:18 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/10 19:29:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 19:29:16 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/10 19:29:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/10 19:28:15 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 19:28:09 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/03/21 10:47:36 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2012/03/21 10:47:36 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2012/03/21 10:47:36 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2012/03/21 10:47:36 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2012/03/21 10:47:36 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2012/03/21 10:47:36 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2012/03/21 10:47:36 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2012/03/21 10:47:36 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2012/03/21 10:47:36 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2012/03/14 10:04:40 | 000,145,897 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2012/03/14 10:04:40 | 000,063,326 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2012/03/14 10:04:40 | 000,044,389 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2012/03/14 10:04:40 | 000,040,118 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2012/03/14 10:04:40 | 000,036,197 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2012/03/14 10:04:40 | 000,030,942 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2012/03/14 10:04:40 | 000,024,616 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2012/03/14 10:04:40 | 000,024,235 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2012/03/14 10:04:40 | 000,024,031 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2012/03/14 10:04:40 | 000,023,542 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2012/03/14 10:04:40 | 000,023,498 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2012/03/14 10:04:40 | 000,022,976 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2012/03/14 10:04:40 | 000,020,495 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2012/03/14 10:04:40 | 000,018,592 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2012/03/14 10:04:40 | 000,018,119 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2012/03/14 10:04:40 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2012/03/14 10:04:40 | 000,015,592 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2012/03/14 10:04:40 | 000,015,546 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2012/03/14 10:04:40 | 000,014,710 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2012/03/14 10:04:40 | 000,012,822 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2012/03/14 10:04:40 | 000,011,356 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2012/03/14 10:04:40 | 000,010,753 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2012/03/14 10:04:40 | 000,010,716 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2012/03/14 10:04:40 | 000,010,667 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2012/03/14 10:04:40 | 000,009,767 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2012/03/14 10:04:40 | 000,007,803 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2012/03/14 10:04:38 | 000,323,801 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2012/03/14 10:04:38 | 000,284,936 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2012/03/14 10:04:38 | 000,248,914 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2012/03/14 10:04:38 | 000,190,403 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2012/03/14 10:04:38 | 000,178,081 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2012/03/14 10:04:38 | 000,117,957 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2012/03/14 10:04:38 | 000,093,436 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2012/03/14 10:04:38 | 000,087,621 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2012/03/14 10:04:38 | 000,087,595 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2012/03/14 10:04:38 | 000,076,298 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2012/03/14 10:04:38 | 000,071,089 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2012/03/14 10:04:38 | 000,019,699 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2012/03/14 10:04:38 | 000,015,260 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2012/03/14 10:04:38 | 000,014,681 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2012/03/14 10:04:38 | 000,012,818 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2012/03/14 10:04:38 | 000,012,794 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2012/03/14 10:04:38 | 000,011,804 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2012/03/14 10:04:38 | 000,011,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2012/03/14 10:04:38 | 000,010,873 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2012/03/14 10:04:38 | 000,009,946 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2012/03/14 10:04:38 | 000,009,052 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2012/03/14 10:04:38 | 000,008,664 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2012/03/14 10:04:24 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2012/03/14 10:04:22 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2012/03/14 09:59:20 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2012/03/14 09:58:58 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2012/03/14 09:58:56 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2012/03/14 09:58:56 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2012/03/14 09:58:24 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2011/10/10 21:52:14 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/07 19:53:50 | 000,052,271 | ---- | M] () -- C:\Program Files (x86)\Pidgin\growl.dll
MOD - [2009/12/03 22:39:16 | 000,583,659 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidgin-gntp.dll
MOD - [2009/03/30 00:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2007/12/07 14:39:18 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/08/14 20:29:05 | 001,732,608 | ---- | M] () [Auto | Running] -- C:\Program Files\AMCC\3DM2/3dm2.exe -- (3DM2)
SRV:64bit: - [2008/07/15 15:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2008/01/20 22:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 22:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/06 13:46:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/25 17:11:08 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/11/22 20:41:50 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/11/22 19:20:06 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/22 19:20:02 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/11/14 17:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 14:22:08 | 000,868,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 03:05:20 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/11/22 20:43:08 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2011/11/22 20:42:46 | 000,230,952 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/11/22 20:38:16 | 000,337,048 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2011/11/22 19:20:04 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2011/11/22 19:20:04 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011/11/22 19:20:04 | 000,041,968 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011/11/14 16:12:28 | 000,367,912 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/10/07 18:52:26 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2011/09/29 10:49:56 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mozy.sys -- (mozyFilter)
DRV:64bit: - [2011/09/28 14:14:02 | 000,070,760 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/31 08:34:18 | 000,102,400 | ---- | M] (AMCC) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\3waredrv.sys -- (3wareDrv)
DRV:64bit: - [2008/07/10 13:01:46 | 000,472,064 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/06/10 06:33:54 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/01/20 22:46:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/12/06 12:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2005/03/29 04:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pugetsystems.com\welcome.php
IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/06/16 00:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011/12/10 14:44:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/23 01:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 17:11:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/04 01:50:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E5CF5A68-7F34-11E1-826D-B8AC6F996F26}: C:\Users\Raymond\AppData\Local\{E5CF5A68-7F34-11E1-826D-B8AC6F996F26}\ [2012/04/05 11:34:57 | 000,000,000 | ---D | M]

[2009/06/11 01:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Extensions
[2012/05/01 23:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\vmfa4lmq.default\extensions
[2010/06/29 09:55:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\vmfa4lmq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/08 14:21:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\vmfa4lmq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/13 14:34:38 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\vmfa4lmq.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2012/03/02 16:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/05 11:34:57 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\RAYMOND\APPDATA\LOCAL\{E5CF5A68-7F34-11E1-826D-B8AC6F996F26}
[2012/03/02 16:28:47 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\RAYMOND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMFA4LMQ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/04/25 17:11:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/07/12 17:53:43 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Raymond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Raymond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Raymond\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Raymond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2010/11/17 00:43:01 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O3 - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [atwetm] C:\Users\Raymond\AppData\Local\Temp\atwetm.dll (Voyetra Turtle Beach, Inc.)
O4:64bit: - HKLM..\Run: [deror] C:\Users\Raymond\AppData\Local\Temp\deror.dll (Info-ZIP)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMax] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4274087947-2167187359-298908261-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-4274087947-2167187359-298908261-1000..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe (element code project)
O4 - HKU\S-1-5-21-4274087947-2167187359-298908261-1000..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Create S Drive.lnk = C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files (x86)\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\..Trusted Domains: cftc.gov ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5617816-7E17-4018-A8D9-07C7E16E3D4F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4274087947-2167187359-298908261-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 09:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/05/14 09:49:41 | 000,000,000 | ---D | C] -- C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/08 16:36:45 | 000,000,000 | ---D | C] -- C:\Users\Raymond\Documents\Resume
[2012/04/28 08:42:24 | 000,000,000 | ---D | C] -- C:\Users\Raymond\Desktop\instructions.aspx_files
[2012/04/25 17:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/25 17:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/20 15:01:00 | 000,000,000 | ---D | C] -- C:\Users\Raymond\Documents\mflpro
[2012/04/15 00:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sling Media
[2012/04/15 00:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sling Media
[2012/04/15 00:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sling Media
[2011/02/08 19:53:24 | 011,444,496 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
[2010/12/06 19:32:04 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe

========== Files - Modified Within 30 Days ==========

[2012/05/14 14:25:09 | 000,002,981 | ---- | M] () -- C:\Windows\WinRos.ini
[2012/05/14 14:25:07 | 000,029,185 | ---- | M] () -- C:\Windows\WinSig.ini
[2012/05/14 14:20:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 13:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 13:27:17 | 000,004,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 13:27:17 | 000,004,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 13:20:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 09:49:41 | 000,001,964 | ---- | M] () -- C:\Users\Raymond\Desktop\HiJackThis.lnk
[2012/05/10 19:42:27 | 003,946,794 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/10 19:34:12 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 19:34:12 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 19:34:12 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/10 19:26:21 | 000,290,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 19:26:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 19:25:21 | 4285,652,990 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 15:56:06 | 000,006,195 | ---- | M] () -- C:\Users\Raymond\Desktop\ILOM_Defensives.png
[2012/05/07 14:07:55 | 000,122,200 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/06 13:08:42 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\TWS Previous Version.LNK
[2012/05/06 13:08:42 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Trader Workstation 4.0.LNK
[2012/05/06 13:08:42 | 000,000,545 | ---- | M] () -- C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk
[2012/05/06 13:08:42 | 000,000,043 | ---- | M] () -- C:\Windows\ib.ini
[2012/05/02 13:51:48 | 000,002,675 | ---- | M] () -- C:\Users\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/05/02 11:00:07 | 000,000,134 | ---- | M] () -- C:\Users\Raymond\Desktop\Printers - Shortcut.lnk
[2012/05/02 06:21:10 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/01 21:32:18 | 000,002,675 | ---- | M] () -- C:\Users\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/05/01 06:23:38 | 004,457,510 | ---- | M] () -- C:\Windows\SysNative\PICSI
[2012/05/01 06:23:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\PICSI
[2012/04/28 08:42:24 | 000,043,173 | ---- | M] () -- C:\Users\Raymond\Desktop\instructions.aspx.htm
[2012/04/25 18:20:22 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\R 2.14.2.lnk
[2012/04/25 17:52:34 | 000,000,034 | ---- | M] () -- C:\Users\Raymond\Documents\.Rhistory
[2012/04/21 10:15:05 | 000,000,104 | ---- | M] () -- C:\Users\Raymond\Desktop\Control Panel - Shortcut.lnk
[2012/04/20 15:17:17 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012/04/20 15:16:56 | 000,000,306 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/04/20 15:16:56 | 000,000,094 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012/04/20 15:16:00 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/04/20 15:16:00 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012/04/20 15:15:12 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08b.dat

========== Files Created - No Company Name ==========

[2012/05/14 09:49:41 | 000,001,964 | ---- | C] () -- C:\Users\Raymond\Desktop\HiJackThis.lnk
[2012/05/10 15:56:06 | 000,006,195 | ---- | C] () -- C:\Users\Raymond\Desktop\ILOM_Defensives.png
[2012/05/07 14:07:55 | 000,122,200 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/02 11:00:07 | 000,000,134 | ---- | C] () -- C:\Users\Raymond\Desktop\Printers - Shortcut.lnk
[2012/05/01 06:23:33 | 004,457,510 | ---- | C] () -- C:\Windows\SysNative\PICSI
[2012/05/01 06:23:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\PICSI
[2012/04/28 08:42:24 | 000,043,173 | ---- | C] () -- C:\Users\Raymond\Desktop\instructions.aspx.htm
[2012/04/25 17:52:34 | 000,000,034 | ---- | C] () -- C:\Users\Raymond\Documents\.Rhistory
[2012/04/21 10:15:05 | 000,000,104 | ---- | C] () -- C:\Users\Raymond\Desktop\Control Panel - Shortcut.lnk
[2012/04/20 15:17:17 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2011/06/02 14:41:47 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/02 14:41:47 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 20:42:18 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1255.old
[2011/02/14 20:42:18 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll

========== LOP Check ==========

[2009/06/22 18:14:12 | 000,000,000 | -H-D | M] -- C:\Users\Raymond\AppData\Roaming\$Han-soft Installation$
[2012/05/14 14:25:07 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\.purple
[2010/12/22 10:45:00 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\acccore
[2011/12/31 00:40:53 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\BitZipper
[2009/08/06 19:12:36 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\counters
[2010/09/06 20:26:11 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\eSignal
[2012/04/24 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\FileZilla
[2012/04/11 12:55:02 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\gtk-2.0
[2009/06/11 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Leadertech
[2010/04/27 00:34:10 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Microsys
[2012/01/23 03:49:08 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Notepad++
[2011/09/11 19:40:28 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\ScanSoft
[2012/04/13 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Sling Media
[2011/10/18 09:13:40 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Subversion
[2011/10/06 11:25:33 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\TeamViewer
[2012/04/12 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\TechWizard
[2011/12/10 14:42:15 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\TestApp
[2009/06/03 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\TMP
[2011/05/17 16:18:04 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Tradeworks Software
[2011/05/27 22:27:21 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\WinMX Music
[2012/05/10 19:22:04 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/06/14 16:51:58 | 000,000,482 | ---- | M] () -- C:\Windows\Tasks\SyncBack Bimonthly Local Backup.job
[2009/06/14 16:46:59 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SyncBack Monthly Local Backup.job
[2009/07/26 07:25:04 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SyncBack Nightly Local Backup.job
[2009/06/14 16:43:08 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\SyncBack Weekly Local Backup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8C35AEA7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6DFF1A8A

< End of report >

#4 rmicalet

rmicalet
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 14 May 2012 - 01:36 PM

Extras.Txt:

OTL Extras logfile created on: 2012/05/14 2:25:46 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Raymond\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd

11.99 Gb Total Physical Memory | 8.59 Gb Available Physical Memory | 71.65% Memory free
24.07 Gb Paging File | 20.82 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 558.77 Gb Total Space | 337.50 Gb Free Space | 60.40% Space Free | Partition Type: NTFS
Drive S: | 558.77 Gb Total Space | 337.50 Gb Free Space | 60.40% Space Free | Partition Type: NTFS

Computer Name: MICALETTI | User Name: Raymond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4274087947-2167187359-298908261-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 50 BF 8B CE FD E4 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A20FF2-439C-4CAE-856C-AD3C6D4F97D0}" = rport=445 | protocol=6 | dir=out | app=system |
"{37996ACE-2AB8-431F-A6A6-4CD34FAD2ECE}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{3A7C59C7-9A4A-4A8D-9E55-E2B263DCBF0D}" = rport=138 | protocol=17 | dir=out | app=system |
"{42A70466-55DA-47F2-BD72-427011C5C561}" = lport=138 | protocol=17 | dir=in | app=system |
"{5BE98EAF-1B90-4F28-99BB-4D4D4962D188}" = lport=3389 | protocol=6 | dir=in | app=system |
"{77EF749C-4934-48FB-B40D-BB05CBBD315D}" = lport=445 | protocol=6 | dir=in | app=system |
"{9554C336-416F-4173-885C-7C86270C7607}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA1B0037-C123-46A5-A187-A72A2D15C598}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B5334523-07CF-4478-942F-14E022EE709B}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{BEC9B24F-EAA8-4B67-865D-366A930EFA23}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9A7FA7E-7148-490C-A0A1-1982E1AD399E}" = lport=139 | protocol=6 | dir=in | app=system |
"{E787835A-92C1-48DC-8995-2C7337CF653D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7F914CA-1144-4B8E-AD99-19F4B7F65FCB}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{120AA630-1002-4A70-9177-9642EE5AE363}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1240AF90-EAC6-4464-9572-746CF367CCD8}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1E6D9E5F-F729-4A49-AAF1-0EB3D645B171}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{33404A97-68BE-4546-9B93-6BC64F8EBEF4}" = protocol=6 | dir=in | app=c:\program files (x86)\winmx music\winmx music.exe |
"{37D5F6F8-E4CC-440D-B320-6EE891E2269C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4231AB4E-FF7B-494D-BF61-0D89FDA750EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C8B811B-0C2E-4E38-83F8-D94F169E4985}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
"{583EE208-258B-46F5-B709-A4F2F2AD330F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5D0DC914-6C74-49DD-AA12-50A0302B5B77}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{680C2D46-5477-40CB-9A65-B50B9017EFC1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6C54A4E7-C4C7-49F9-8B6B-0C8BCBE03841}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{755E6CA1-A3E1-4964-A505-66C7A6FA7CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{89583EAB-5854-496A-B755-643E5AC2D89C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{94D47946-56FF-4B02-9374-28E81392CCA4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9FC4429F-2E41-449D-A3C3-EC745FC48BC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A1B2FDB9-EE0F-4DC9-8C74-615FC6F3567D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B105B3DD-3E40-45F4-A627-7EFB7DCEB468}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
"{B8783987-DD3B-492C-B196-BB7C5AAAE5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{B92FD3D0-9A55-454E-BE21-518922A59A04}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
"{B95C4698-1861-4029-A1F9-E6294321F39E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C9B005B3-DCB4-4F52-8EBA-8355F5BCA46D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DD2A2881-99E2-4F4C-9403-DCE299FC351E}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
"{E24A7AE8-BB56-46E9-A485-9CADF0CDC1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{E9A8F1F5-CB40-47B5-867E-8F400DC22951}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{F371144B-E3E9-4717-8E62-475EB6F22E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\winmx music\winmx music.exe |
"{FAA4C478-6A96-4CDC-BAD3-13ADC5F77106}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"TCP Query User{0B32AB8F-F5A3-4E2E-93C6-1F7DDD9DE81A}C:\program files (x86)\esignal\winros.exe" = protocol=6 | dir=in | app=c:\program files (x86)\esignal\winros.exe |
"TCP Query User{18900D24-BEC8-4DA7-9663-011A8CC42546}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{44BC0B56-E5D9-4094-8CD0-16BCA5C4A0A8}C:\program files (x86)\esignal\winsig.exe" = protocol=6 | dir=in | app=c:\program files (x86)\esignal\winsig.exe |
"TCP Query User{50DA7211-4825-4E55-B078-01BEB2F07103}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{565E4858-CF18-49C3-9B8A-99EAC3A25A0D}C:\program files (x86)\growl for windows\growl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\growl for windows\growl.exe |
"TCP Query User{6D64921A-7C45-4DF3-94FF-B5CFEBC36918}C:\program files (x86)\growl for windows\growl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\growl for windows\growl.exe |
"TCP Query User{706871D2-4B67-4E8D-8FC5-3F4A5F8C3FCC}C:\program files (x86)\esignal\winros.exe" = protocol=6 | dir=in | app=c:\program files (x86)\esignal\winros.exe |
"TCP Query User{9B47FC00-D405-457E-BB26-42E72ECB29BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F257FA75-0FCC-4391-A313-DE11A8280A74}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{71F4DE2F-54B4-43D2-BF3D-AFF37787BFC1}C:\program files (x86)\esignal\winros.exe" = protocol=17 | dir=in | app=c:\program files (x86)\esignal\winros.exe |
"UDP Query User{75512F03-BF48-45C1-A137-10B0CBD51BB1}C:\program files (x86)\growl for windows\growl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\growl for windows\growl.exe |
"UDP Query User{A4BFF93C-8256-483F-80CF-9EE937C72703}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AA856B83-48BF-4BD9-80BA-A15DBF2D402D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{B2EFB6EB-5E40-4D55-B703-3AC1F8B80282}C:\program files (x86)\growl for windows\growl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\growl for windows\growl.exe |
"UDP Query User{E39E9605-97F4-4214-945E-8C7EC341F349}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{EF22CD88-B305-4D8F-9AFD-A9BAF2CD9607}C:\program files (x86)\esignal\winsig.exe" = protocol=17 | dir=in | app=c:\program files (x86)\esignal\winsig.exe |
"UDP Query User{EFD33C52-CD57-476E-A535-B5340A9B728B}C:\program files (x86)\esignal\winros.exe" = protocol=17 | dir=in | app=c:\program files (x86)\esignal\winros.exe |
"UDP Query User{FC0A48C9-4EFB-4DCE-A38F-D3020533714E}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FC945A7-D54E-4F00-BE32-90553F80FCE8}" = ActivePerl 5.14.2 Build 1402 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A4FE25A0-9262-487A-9002-893FCBF16B18}" = TortoiseSVN 1.7.0.22068 (64 bit)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D5F02102-C0FD-D252-FA0F-45936D3B66B4}" = MozyHome
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8c793da9f0aa7e94d3b4faba721006ff-1001563592" = 3ware Disk Management Tools
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"R for Windows 2.12.0_is1" = R for Windows 2.12.0
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"R for Windows 2.14.0_is1" = R for Windows 2.14.0
"R for Windows 2.14.2_is1" = R for Windows 2.14.2
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C911352-0BCE-420B-935E-93A24FDE9D53}" = Growl for Windows
"{36C65751-6AED-4F89-A57B-3BE1239F046C}" = CyberPower PowerPanel Personal Edition 1.2.2
"{39EEC73E-1B1E-47E6-8258-9EDA20179F97}" = EasyZip
"{3CDAD516-CC7F-49C3-AF4C-9107F7025FB8}" = eSignal IB Plugin
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8158D056-19CE-40AD-9AD6-83DC5A92A923}_is1" = QCollector Expert For eSignal version 4.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{BD9B9F58-BFB5-4F6B-AE91-5A7D7A4E494F}" = eSignal QLink
"{BE334994-2F01-4103-9A96-B027B54DE41B}" = eSignal
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-790CW MFC-490CW
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Across Lite 2.0" = Across Lite 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"AmiBroker_is1" = AmiBroker 5.20
"Auto Backup_is1" = Auto Backup 2.4
"Browser Defender_is1" = Browser Defender 4.0
"eSignal" = eSignal 10.6
"FileHound 2.0 alpha 7" = FileHound 2.0 alpha 7
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"R for Windows 2.9.0_is1" = R for Windows 2.9.0
"RAndExcelWorkbooks_is1" = R and Excel Workbooks
"RealPlayer 15.0" = RealPlayer
"RExcel_is1" = RExcel
"Rtools_is1" = Rtools 2.15
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
"statconnDCOM_is1" = statconnDCOM 3.1-2B6
"SWord_is1" = SWord 0.99-3B3Beta
"SyncBack_is1" = SyncBack
"TeamViewer 6" = TeamViewer 6
"TWS Interoperability Components" = TWS Interoperability Components
"VLC media player" = VLC media player 1.1.11
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4274087947-2167187359-298908261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me
"Trader Workstation" = Trader Workstation

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:33 AM

Posted 14 May 2012 - 01:55 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-4274087947-2167187359-298908261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 0
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E5CF5A68-7F34-11E1-826D-B8AC6F996F26}: C:\Users\Raymond\AppData\Local\{E5CF5A68-7F34-11E1-826D-B8AC6F996F26}\ [2012/04/05 11:34:57 | 000,000,000 | ---D | M]
    [2012/04/05 11:34:57 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\RAYMOND\APPDATA\LOCAL\{E5CF5A68-7F34-11E1-826D-B8AC6F996F26}
    O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [atwetm] C:\Users\Raymond\AppData\Local\Temp\atwetm.dll (Voyetra Turtle Beach, Inc.)
    O4:64bit: - HKLM..\Run: [deror] C:\Users\Raymond\AppData\Local\Temp\deror.dll (Info-ZIP)
    O20 - HKU\S-1-5-21-4274087947-2167187359-298908261-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#6 rmicalet

rmicalet
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 14 May 2012 - 04:39 PM

Prior to running OTL and ComboFix things seemed ok with the computer. After running spybot earlier in the day, I hadn't had any browser hijackings (after it removed one infection W3i.IQ5). After having run OTL and ComboFix, things still seem fine. OTL crashed the first time I ran it. I reran it and it seemed to finish properly. The reboot took forever to start up, but I assume that's due to OTL finishing what it had to do as the computer was rebooting. Here's the ComboFix log:

ComboFix 12-05-14.03 - Raymond 2012/05/14 17:23:26.1.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.12278.9441 [GMT -4:00]
Running from: c:\users\Raymond\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 21:29 . 2012-05-14 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 20:11 . 2012-05-14 20:11 -------- d-----w- C:\_OTL
2012-05-14 13:49 . 2012-05-14 13:49 388096 ----a-r- c:\users\Raymond\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-14 13:49 . 2012-05-14 13:49 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-10 00:08 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:08 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-04-25 21:11 . 2012-04-25 21:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 21:11 . 2012-04-25 21:11 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 21:11 . 2012-04-25 21:11 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-20 18:59 . 2007-12-17 02:02 65536 ------r- c:\program files (x86)\Mozilla Firefox\mflpro\Setup490cw\Setup.exe
2012-04-20 18:59 . 2006-05-24 17:10 455600 ------r- c:\program files (x86)\Mozilla Firefox\mflpro\Data\Disk1\setup.exe
2012-04-20 18:59 . 2008-10-06 04:37 552214 ------r- c:\program files (x86)\Mozilla Firefox\mflpro\Data\Disk1\ISSetup.dll
2012-04-20 18:59 . 2006-05-17 16:21 385968 ------r- c:\program files (x86)\Mozilla Firefox\mflpro\Data\Disk1\_Setup.dll
2012-04-20 18:59 . 2004-10-22 07:41 45056 ------r- c:\program files (x86)\Mozilla Firefox\mflpro\Data\Disk1\Brolink\Brolink0.exe
2012-04-15 04:02 . 2012-04-15 04:52 -------- d-----w- c:\program files (x86)\Sling Media
2012-04-15 04:02 . 2012-04-15 04:02 -------- d-----w- c:\programdata\Sling Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 17:46 . 2012-04-03 21:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 17:46 . 2011-05-18 13:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 17:46 . 2012-04-13 17:46 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-02-29 15:37 . 2012-04-11 07:02 5632 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:37 . 2012-04-11 07:02 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:35 . 2012-04-11 07:02 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 15:11 . 2012-04-11 07:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-29 15:11 . 2012-04-11 07:02 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-29 15:09 . 2012-04-11 07:02 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-02-29 13:52 . 2012-04-11 07:02 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 06:56 . 2012-04-11 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2003-03-19 00:14 . 2003-03-19 00:14 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-03-18 23:05 . 2003-03-18 23:05 89088 ----a-w- c:\program files (x86)\atl71.dll
2003-02-21 08:42 . 2003-02-21 08:42 348160 ----a-w- c:\program files (x86)\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"Growl"="c:\program files (x86)\Growl for Windows\Growl.exe" [2012-03-21 3817472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-05 296056]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
.
c:\users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2009-9-18 194775]
Create S Drive.lnk - c:\windows\System32\cmd.exe [2008-1-20 363008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S0 3wareDrv;3wareDrv;c:\windows\system32\drivers\3waredrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:46]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 17:10]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 17:10]
.
2009-06-14 c:\windows\Tasks\SyncBack Bimonthly Local Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2009-06-14 16:00]
.
2009-06-14 c:\windows\Tasks\SyncBack Monthly Local Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2009-06-14 16:00]
.
2009-07-26 c:\windows\Tasks\SyncBack Nightly Local Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2009-06-14 16:00]
.
2009-06-14 c:\windows\Tasks\SyncBack Weekly Local Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2009-06-14 16:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-09-29 14:50 4525336 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-09-29 14:50 4525336 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-22 16142368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-22 82464]
"nwiz"="nwiz.exe" [2009-04-16 1712672]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"SoundMax"="c:\program files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" [2008-09-02 3858432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pugetsystems.com\welcome.php
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: cftc.gov\www
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\vmfa4lmq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3DM2]
"ImagePath"="c:\program files\AMCC\3DM2/3dm2.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-05-14 17:32:31
ComboFix-quarantined-files.txt 2012-05-14 21:32
.
Pre-Run: 362,727,931,904 bytes free
Post-Run: 362,579,357,696 bytes free
.
- - End Of File - - 33B77B697A9EABE4BAAD299622CD2D68

#7 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:33 AM

Posted 15 May 2012 - 09:50 AM

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#8 rmicalet

rmicalet
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 15 May 2012 - 06:17 PM

Thank you so much for your help, Gammo. I very much appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users