Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Malware/Spyware--Identity Theft Victim


  • This topic is locked This topic is locked
18 replies to this topic

#1 Geldeth

Geldeth

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 27 May 2012 - 09:53 AM

Hello again,

This post is a continuation from "Identity Theft--is it my computer?" http://www.bleepingcomputer.com/forums/topic454947.html
A few weeks ago my bank card was zapped by a few fraudulent charges. I went through the process of cancelling the card and ordering a new one. Two weeks later I was contacted a second time about charges made to a different credit card! The only connection I can make between the two is their use to pay bills and purchase items on my home computer. I am running Windows Vista 64bit. I have previously run the latest versions of Avast! virus scan, Malwarebytes anti-Malware software, and Spyware Terminator, but I've had no success in locating anything malicious. Can you help me make sure my system is clean?

As per your instructions in the prep guide, I backed up my data (to my wife's computer because I experienced an error every time I tried Cobian backup: ("ERR 2012-05-26 15:03 An error occurred when creating or refreshing the archive "G:\C 2012-05-26 14;52;52 (Full).zip": Cannot create file "\\?\G:\C 2012-05-26 14;52;52 (Full).zip". The system cannot find the path specified"), I made sure my firewall was up, I used DeFogger to disable any CD emulation software, and I ran DDS to create the log file below and the one attached. I did NOT create a GMER log since I'm running 64 bit.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Administrator at 10:36:27 on 2012-05-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1384 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Content Manager\CmTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Windows\system32\msiexec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
uRun: [CmTray] "C:\Program Files (x86)\Content Manager\launchCM.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [LogitechVideoRepair] "C:\Program Files (x86)\Logitech\Video\ISStart.exe"
mRun: [LogitechVideoTray] "C:\Program Files (x86)\Logitech\Video\LogiTray.exe"
mRun: [LogitechGalleryRepair] "C:\Program Files (x86)\Logitech\Video\ISStart.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: update.com\download.windows
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1A222D7C-05DA-4556-AAF9-08A04C03CBC0} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [LogitechVideoRepair] "C:\Program Files (x86)\Logitech\Video\ISStart.exe"
mRun-x64: [LogitechVideoTray] "C:\Program Files (x86)\Logitech\Video\LogiTray.exe"
mRun-x64: [LogitechGalleryRepair] "C:\Program Files (x86)\Logitech\Video\ISStart.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8j9n9ji4.default\
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8j9n9ji4.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8j9n9ji4.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-3-12 44768]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-5-26 67584]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-28 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-11 135664]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\system32\DRIVERS\stflt.sys --> C:\Windows\system32\DRIVERS\stflt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-11 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 129976]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-12 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-26 17:50:01 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-05-26 14:17:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{097BD264-C1AD-43AD-919B-B7BE659EAE64}\offreg.dll
2012-05-25 19:49:40 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{097BD264-C1AD-43AD-919B-B7BE659EAE64}\mpengine.dll
2012-05-13 20:08:47 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-13 20:08:46 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 22:28:15 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-11 22:28:12 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-11 22:28:12 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 02:23:32 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 15:39:45 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-01 15:39:45 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-01 14:46:01 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-29 15:37:41 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-02-29 15:37:38 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-29 15:35:44 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-02-29 15:11:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-02-29 14:40:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-29 14:09:35 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-29 14:06:08 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-29 13:52:46 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-02-29 13:44:50 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-05-28 02:39:42 681478144 ----a-w- C:\Program Files (x86)\dndsetup-1.bin
2010-05-28 02:39:41 681984000 ----a-w- C:\Program Files (x86)\dndsetup-3.bin
2010-05-28 02:39:38 681984000 ----a-w- C:\Program Files (x86)\dndsetup-4.bin
2010-05-28 02:39:37 681984000 ----a-w- C:\Program Files (x86)\dndsetup-2.bin
2010-05-28 02:39:37 617896485 ----a-w- C:\Program Files (x86)\dndsetup-5.bin
2010-05-28 01:56:24 510336 ----a-w- C:\Program Files (x86)\dndsetup.exe
.
============= FINISH: 10:39:07.65 ===============


I hope you can help me track down how I'm infected!

- Geldeth :huh:

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 01 June 2012 - 06:58 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Geldeth

Geldeth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 02 June 2012 - 10:34 AM

I'm here and I await your first instructions

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 02 June 2012 - 01:16 PM

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Geldeth

Geldeth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 02 June 2012 - 02:31 PM

I finished the aswMBR scan. Here's the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-02 14:45:55
-----------------------------
14:45:55.275 OS Version: Windows x64 6.0.6002 Service Pack 2
14:45:55.276 Number of processors: 4 586 0x1707
14:45:55.276 ComputerName: ADAM-PC UserName:
14:45:57.428 Initialize success
14:45:57.760 AVAST engine defs: 12060200
14:46:10.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
14:46:10.669 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
14:46:10.677 Disk 0 MBR read successfully
14:46:10.679 Disk 0 MBR scan
14:46:10.682 Disk 0 Windows VISTA default MBR code
14:46:10.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
14:46:10.711 Disk 0 scanning C:\Windows\system32\drivers
14:46:19.403 Service scanning
14:46:24.888 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
14:46:37.733 Modules scanning
14:46:37.739 Disk 0 trace - called modules:
14:46:37.764 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
14:46:37.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f70300]
14:46:38.107 3 CLASSPNP.SYS[fffffa6000dcec33] -> nt!IofCallDriver -> [0xfffffa8004c2c930]
14:46:38.112 5 acpi.sys[fffffa60008f2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8004c3f060]
14:46:38.829 AVAST engine scan C:\Windows
14:46:41.163 AVAST engine scan C:\Windows\system32
14:49:27.191 AVAST engine scan C:\Windows\system32\drivers
14:49:44.463 AVAST engine scan C:\Users\Administrator
15:22:58.943 AVAST engine scan C:\ProgramData
15:27:21.589 Scan finished successfully
15:30:55.576 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
15:30:55.581 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 02 June 2012 - 02:34 PM

Please run OTL next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#7 Geldeth

Geldeth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 02 June 2012 - 02:51 PM

Here are the two reports:

OTL logfile created on: 6/2/2012 3:41:08 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 33.32% Memory free
8.21 Gb Paging File | 5.52 Gb Available in Paging File | 67.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 167.55 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

Computer Name: ADAM-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/02 15:38:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/05/11 18:28:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2012/03/15 00:16:12 | 000,392,280 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/17 09:57:34 | 003,887,104 | ---- | M] () -- C:\Program Files (x86)\Content Manager\CmTray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/02 00:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/10/24 22:31:54 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2011/10/09 12:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/12 23:21:30 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011/03/12 23:21:30 | 002,557,440 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2003/08/29 17:20:02 | 000,077,824 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Video\LogiTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/11 18:28:10 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/17 09:57:34 | 003,887,104 | ---- | M] () -- C:\Program Files (x86)\Content Manager\CmTray.exe
MOD - [2012/01/10 12:22:58 | 001,040,896 | ---- | M] () -- C:\Program Files (x86)\Content Manager\mgnLIB.dll
MOD - [2011/12/20 00:23:02 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/20 22:35:00 | 000,247,400 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/03/21 17:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/18 15:13:24 | 007,971,840 | ---- | M] () -- C:\Program Files (x86)\Content Manager\QtGui4.dll
MOD - [2011/03/18 15:13:24 | 002,142,720 | ---- | M] () -- C:\Program Files (x86)\Content Manager\QtCore4.dll
MOD - [2011/03/18 15:13:24 | 000,929,280 | ---- | M] () -- C:\Program Files (x86)\Content Manager\QtNetwork4.dll
MOD - [2011/03/18 15:13:24 | 000,582,144 | ---- | M] () -- C:\Program Files (x86)\Content Manager\mgnUDAPC32.dll
MOD - [2011/03/18 15:13:24 | 000,552,448 | ---- | M] () -- C:\Program Files (x86)\Content Manager\mgnUdsAPIPC32.dll
MOD - [2011/03/18 15:13:24 | 000,334,848 | ---- | M] () -- C:\Program Files (x86)\Content Manager\QtXml4.dll
MOD - [2011/03/18 15:13:24 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Content Manager\QtSql4.dll
MOD - [2011/03/18 15:13:24 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\Content Manager\mgnMPoolPC32.dll
MOD - [2011/03/12 23:23:21 | 001,901,570 | ---- | M] () -- C:\Program Files (x86)\Spyware Terminator\TorentDll.dll
MOD - [2011/01/26 23:07:10 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Content Manager\Plugins\sqldrivers\qsqlite4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/01/20 22:51:33 | 000,067,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2008/01/20 22:48:26 | 000,088,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2008/01/20 22:48:03 | 000,342,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/25 09:32:50 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/05/11 18:28:12 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/12 23:21:30 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/20 22:49:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:05 | 000,043,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/07/07 12:26:46 | 000,050,696 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/15 13:37:54 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:54:21 | 000,299,008 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2008/01/20 22:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2008/01/20 22:47:28 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ipmidrv.sys -- (IPMIDRV)
DRV:64bit: - [2008/01/20 22:47:28 | 000,035,896 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\i2omp.sys -- (i2omp)
DRV:64bit: - [2008/01/20 22:47:27 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2008/01/20 22:47:27 | 000,024,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2008/01/20 22:47:26 | 000,128,056 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2008/01/20 22:47:26 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2008/01/20 22:47:25 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2008/01/20 22:47:25 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2008/01/20 22:47:25 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\usbohci.sys -- (usbohci)
DRV:64bit: - [2008/01/20 22:47:04 | 000,113,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2008/01/20 22:47:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2008/01/20 22:47:03 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2008/01/20 22:47:01 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2008/01/20 22:47:00 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2008/01/20 22:47:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2008/01/20 22:46:59 | 000,397,368 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastorv.sys -- (iaStorV)
DRV:64bit: - [2008/01/20 22:46:59 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hpcisss.sys -- (HpCISSs)
DRV:64bit: - [2008/01/20 22:46:59 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2008/01/20 22:46:59 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2008/01/20 22:46:56 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (MegaSR)
DRV:64bit: - [2008/01/20 22:46:56 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\uliahci.sys -- (uliahci)
DRV:64bit: - [2008/01/20 22:46:56 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2008/01/20 22:46:56 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2008/01/20 22:46:55 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2008/01/20 22:46:54 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2008/01/20 22:46:54 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu160m.sys -- (adpu160m)
DRV:64bit: - [2008/01/20 22:46:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\ohci1394.sys -- (ohci1394)
DRV:64bit: - [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2008/01/20 22:46:53 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2008/01/20 22:46:52 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2008/01/20 22:46:52 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata2.sys -- (ulsata2)
DRV:64bit: - [2008/01/20 22:46:52 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2008/01/20 22:46:51 | 000,314,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (rdpdr)
DRV:64bit: - [2008/01/20 22:46:51 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2008/01/20 22:46:51 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2008/01/20 22:46:51 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2008/01/20 22:46:51 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2008/01/20 22:46:50 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2008/01/20 22:46:50 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,015,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,015,976 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2008/01/20 22:46:50 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2006/11/02 08:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2006/11/02 08:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\symc8xx.sys -- (Symc8xx)
DRV:64bit: - [2006/11/02 08:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_u3.sys -- (Sym_u3)
DRV:64bit: - [2006/11/02 08:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2006/11/02 08:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_hi.sys -- (Sym_hi)
DRV:64bit: - [2006/11/02 08:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mraid35x.sys -- (Mraid35x)
DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteraid.sys -- (iteraid)
DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteatapi.sys -- (iteatapi)
DRV:64bit: - [2006/11/02 07:51:30 | 000,203,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2006/11/02 07:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata.sys -- (UlSata)
DRV:64bit: - [2006/11/02 07:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2006/11/02 07:50:06 | 000,090,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2006/11/02 07:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\djsvs.sys -- (aic78xx)
DRV:64bit: - [2006/11/02 05:44:02 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2006/11/02 05:44:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2006/11/02 05:43:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2006/11/02 05:43:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2006/11/02 05:43:36 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2006/11/02 05:40:24 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2006/11/02 05:38:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2006/11/02 04:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2006/10/09 22:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 17:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserwdm.sys -- (BrSerWdm)
DRV:64bit: - [2006/09/18 17:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brusbmdm.sys -- (BrUsbMdm)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:3.3.1.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/04 21:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/11 18:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/15 21:53:25 | 000,000,000 | ---D | M]

[2009/06/04 12:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/05/23 15:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8j9n9ji4.default\extensions
[2010/04/26 20:35:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8j9n9ji4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 20:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8j9n9ji4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2012/05/23 15:37:39 | 000,000,000 | ---D | M] (Playdom Community Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8j9n9ji4.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
[2012/01/29 23:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/04 21:13:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/12/20 11:32:19 | 000,029,829 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J9N9JI4.DEFAULT\EXTENSIONS\{D09E32DF-8610-4B33-B929-1E631B764130}.XPI
[2012/05/11 18:28:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 23:08:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012/01/29 23:08:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2009/07/16 02:11:57 | 000,317,652 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10897 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files (x86)\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [CmTray] C:\Program Files (x86)\Content Manager\launchCM.exe ()
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: update.com ([download.windows] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A222D7C-05DA-4556-AAF9-08A04C03CBC0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\Inigo Vol 3\Nov. 2009 006.JPG
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\Inigo Vol 3\Nov. 2009 006.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43825d78-a644-11e0-a236-0024212a5fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{43825d78-a644-11e0-a236-0024212a5fa0}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/02 15:38:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/02 14:45:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/05/27 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\D&D Next Playtest 5-24-12
[2012/05/27 10:33:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/05/26 13:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
[2012/05/26 13:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
[2012/05/13 16:09:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012/05/13 16:09:04 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/13 16:09:03 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/13 16:09:03 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/13 16:09:02 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/13 16:09:02 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/13 16:08:47 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/11 18:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/02 15:38:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/02 15:30:55 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/02 15:21:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/02 15:04:14 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/02 15:04:14 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/02 14:45:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/06/02 13:21:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/02 12:47:10 | 000,001,015 | ---- | M] () -- C:\Users\Administrator\Desktop\Vacation possibilities.rtf
[2012/06/02 11:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/29 16:13:02 | 000,736,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/29 16:13:02 | 000,627,586 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/29 16:13:02 | 000,112,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/29 16:03:02 | 000,002,427 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/05/27 11:03:24 | 005,737,483 | ---- | M] () -- C:\Users\Administrator\Desktop\D&D Next Playtest 5-24-12.zip
[2012/05/27 10:33:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/05/26 14:24:53 | 000,036,864 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/26 14:20:21 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012/05/26 14:19:48 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2012/05/14 03:42:28 | 000,382,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/04 21:13:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/02 15:30:55 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/02 12:47:09 | 000,001,015 | ---- | C] () -- C:\Users\Administrator\Desktop\Vacation possibilities.rtf
[2012/05/27 11:03:15 | 005,737,483 | ---- | C] () -- C:\Users\Administrator\Desktop\D&D Next Playtest 5-24-12.zip
[2012/05/26 14:20:21 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012/05/26 14:19:47 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011/07/29 14:45:02 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/29 14:45:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/06 13:36:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/07/06 13:36:21 | 000,002,427 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/06/02 10:57:25 | 000,174,860 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/09/12 15:29:40 | 000,013,195 | ---- | C] () -- C:\Windows\SysWow64\zguicfgw.dat

< End of report >


OTL Extras logfile created on: 6/2/2012 3:41:08 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 33.32% Memory free
8.21 Gb Paging File | 5.52 Gb Available in Paging File | 67.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 167.55 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

Computer Name: ADAM-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C7 39 F6 F0 D3 EB C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12F85BF5-9386-4CE5-874C-ED2108BF490C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{228AD673-6A38-4DF6-920C-D81691C3B804}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25380F65-4CEC-4A72-8588-9645955F5BCC}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{2934535C-86AA-43AB-BF3D-8F411704182A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38D60E04-B4E0-4CD4-987D-71D9AC2B7B7D}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A8A46E8-BCB5-49DB-8883-C67663072F4D}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B425BD4-B88C-4A93-B1A1-FCECBC5807FE}" = rport=138 | protocol=17 | dir=out | app=system |
"{3CA72D1B-14C7-448D-832C-87D902D98146}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{53B14BE1-4EA2-44F3-80B9-A0DD2DB9C8F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79111217-E5E4-4318-B06B-CA509467FB88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F4F8FA6-F6EE-4234-9E90-3B7603CC6276}" = rport=139 | protocol=6 | dir=out | app=system |
"{91EEA807-E180-4B84-9A45-D5307FE26596}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4483C5B-9C4A-4A09-87CE-5C2D0F9B77A3}" = lport=137 | protocol=17 | dir=in | app=system |
"{C6C2BFA0-93A5-4D60-B421-7E2360CF4EC5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6E2588D-6A6C-4204-AA53-6947ABEBB3E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E4F9F78D-6689-48AB-8358-ACC595F455B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E51F74AD-30AA-4896-811D-2D581DFC3DB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E56BAFB3-CDB3-4B87-AB09-70983C135E10}" = lport=445 | protocol=6 | dir=in | app=system |
"{F1558B15-3CBD-4DA5-B572-5C8B8CD6FD6C}" = rport=137 | protocol=17 | dir=out | app=system |
"{F1E440FB-807E-4C35-942E-18BC1FB9F8FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{F8DFEF48-B033-4AEC-89FD-89021AB9C320}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E71EA2-88EF-40C8-A3AD-828BC200B929}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{00FF7E13-ED5D-4675-9088-B02129A522C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{01A50116-1ACA-43A5-8AE1-ED5291CB5DEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{032D474B-6D91-49C3-AF86-0E37BEEDBAF2}" = protocol=6 | dir=in | app=c:\program files (x86)\city of heroes\cohupdater.exe |
"{0DEE053C-968D-4EAD-949F-34EE749B2E92}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1384B586-CBF1-4ECD-9271-A816EF68B83B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{15004B23-E9E0-441C-90C4-580EA908D199}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{184E0D3F-A96D-4F5F-B6CC-E5EEA9A38572}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1D102F95-596C-4A85-9762-72F2C086EF6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EFECF4A-60FC-4386-AC21-6E28C21A7093}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F7356EC-71EF-4D24-9DEB-A755F585CE26}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FEC6A63-BE7A-4C0E-969F-167EE73A4660}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20026A56-465C-4ACD-8451-4CF5A9ADA77F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{240E65FD-D2F6-4519-89B6-BBF058971D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\city of heroes\cityofheroes.exe |
"{241EE782-59B0-46E4-AC72-1DDE0D09F9F1}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{27C073F3-A9FF-4E40-9E17-9A66E4B70343}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{35838745-59EA-4173-B9BA-971B02642B16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35EDE8D1-1A2A-4ED8-BD92-CF0F78C3CEF1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{3A4CB904-5486-4F3E-9219-BB5314D6F80F}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{3B0C2730-79BC-4B54-BA52-B61D2FB09396}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{45FA8BB1-8363-488D-A525-3D5F588126E1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{47937931-CB51-4093-ABB5-DB8596CA54A7}" = protocol=6 | dir=in | app=c:\program files (x86)\city of heroes\covupdater.exe |
"{4B041E18-812B-4043-96CD-A2EBF2DB8D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{4B94E117-FE9B-4C4E-8494-7ECEE6B65411}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58859F6E-F0AD-4921-8A9E-DF6170BC3408}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{5AECA565-C1C3-416A-A3FE-4E212E532571}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{5CEF917E-A300-4B26-9F89-B9CD051E6D2C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6278B214-B62C-4B8F-9416-582C793CBFFB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6315B562-DE6A-4982-890B-B9F8741D052E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{706AC458-9E22-46A2-9A22-62623DA10E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\content manager\cmtray.exe |
"{791D237C-483D-4C5C-8A7B-DC57BD280CED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{810CE8C0-F26A-4AA7-846A-851CACC1BBBF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{84F6112F-8BFD-4500-AF65-26810151D4D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85527B0D-459B-45BF-8216-FC8DA053A63C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8691478B-6848-4733-AD9D-EFC4477C5C0B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{875C5B88-08DA-4D45-B3FC-26758BAACE94}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{881EC6AB-700B-491A-91DE-4CD98AE77E41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{89164645-BCC8-40DE-9F3C-8D5E6E8C92F3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{8C6AE362-04D4-48F5-90D5-80BE0827E076}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{91AE00B8-3D88-4F25-B867-213CE81EED3B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{93EC4A1B-7B74-4E3B-82D7-B149ED7AF7CA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{946DD40D-F25C-467D-B1C1-930698C9108C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9783CDE5-C1EE-419B-9A04-B23624F4DF25}" = protocol=6 | dir=out | app=system |
"{99965C6B-B380-4948-82C5-380D03C4597A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C665455-7DDE-4BD2-997A-35746D636C34}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A11A6707-4438-4947-B223-9DEFCDEB53D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3EB2996-2967-4F57-AD32-878E921CADCB}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{A99836D8-8B5B-4121-8BB4-33C398B8B03A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB2F424A-CD12-49C1-BFC2-60677D5EBC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\city of heroes\covupdater.exe |
"{B2774AE3-671D-4A05-9D49-8F3A74307A11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B812F9CF-DB1E-4E9C-9505-5B2CC983354B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9AE2406-FE29-40E3-8AC6-356A36800827}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-enus-win-update-downloader.exe |
"{BFB33FE4-0135-4D67-873B-2BC115FC17E1}" = protocol=17 | dir=in | app=c:\program files (x86)\city of heroes\cityofheroes.exe |
"{C8768D42-D494-4339-9999-A7346669BAEC}" = protocol=17 | dir=in | app=c:\program files (x86)\city of heroes\cohupdater.exe |
"{CEB53DDD-D43D-4924-9D2A-1D3814E219F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0407755-19C1-4880-BB6B-1EC40E5138D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0819232-B35A-4E79-8CA6-E22F616807EE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DBD66622-9B55-4171-AB85-5AEFB9E6C693}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{DE326124-27C8-48AA-8BD2-68B87C196B6A}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{E1E930EA-FCBF-4316-B49C-07ACC19B4BE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E37B697C-9A90-4FA9-89C9-F904ECA4CE2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6B46825-7984-4BF7-9CA7-0FFEAFB938EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F07795D1-2A8A-438F-A287-4DDF56BA6060}" = protocol=17 | dir=in | app=c:\program files (x86)\content manager\cmtray.exe |
"{F0896079-AFF9-4EAB-86F7-845C86F50F89}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{F521DBE9-2028-4D68-9651-AF42644874AB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F692E0CB-0CD0-4E51-90EF-939C3476BBB1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-enus-win-update-downloader.exe |
"TCP Query User{0E823DDB-8874-4687-96AB-D5ABB78EA1B1}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{2E8A0FD0-3E8E-4A0C-9226-817ABD4A7F7D}C:\Program Files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{5060A16C-093C-4588-8D7A-C72F5CDC1B22}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{5500D61B-CE33-443E-A192-23BFCEE87DF6}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{59C89E9B-7862-4B31-A26F-77EE678FC964}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{EE345636-99E9-4294-9492-73F074FAEA59}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{F2089B15-0232-4CEB-A495-1511F32E3F23}C:\users\administrator\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=6 | dir=in | app=c:\users\administrator\downloads\star trek downloader st.0.20100108a.0.exe |
"UDP Query User{288BC4D5-EBDD-4F78-9F34-66FAAAC372B3}C:\Program Files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{2B3E6B64-1E97-47B2-87F5-82699B92962C}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{3FC32F7F-6439-4AC6-A190-E155ADB3CABE}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{9A175B03-BAAB-475D-95B3-A2B9A4D76662}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{C8A183ED-30AE-4A5A-A62F-BD1F3A117A3E}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{EA54B6A2-8983-41A7-97E3-959D8CEBD370}C:\users\administrator\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=17 | dir=in | app=c:\users\administrator\downloads\star trek downloader st.0.20100108a.0.exe |
"UDP Query User{EF5461C3-CB95-40E7-B225-FEBD72C7C33E}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 30
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35C1A71E-C56B-438B-A4A5-E8B645936ABA}" = CC3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = Lord of the Rings: The Fellowship of the Ring
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6F12E64D-2F6F-4F85-A8FE-4ED29350BD6C}" = calibre
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A94A306F-05A5-4F73-99A6-BC98EBA36283}" = Dungeon Designer 3
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = Content Manager
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CC3" = CC3
"CDisplay_is1" = CDisplay 1.8
"CobBackup11" = Cobian Backup 11 Gravity
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CurseClient" = Curse Client
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Dungeon Designer 3" = Dungeon Designer 3
"DungeonSiege 1.0" = Dungeon Siege
"FastCAD" = FastCAD
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"Hegemony Philip of Macedon" = Hegemony: Philip of Macedon
"InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = Lord of the Rings: The Fellowship of the Ring
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mids' Hero/Villain Designer" = Mids' Hero/Villain Designer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Plants vs. Zombies" = Plants vs. Zombies
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Spyware Terminator_is1" = Spyware Terminator
"Star Trek Character Builder" = Star Trek Character Builder 3.5
"Star Trek Online" = Star Trek Online
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2012 2:47:32 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/6/2012 2:47:32 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 5/6/2012 2:47:32 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 5/9/2012 9:01:59 PM | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e03158, faulting module mcstoredb.ni.dll, version 6.0.6002.18005, time stamp
0x49e04144, exception code 0xc0000005, fault offset 0x0000000000036a2d, process
id 0x10c0, application start time 0x01cd2cb3601d7cde.

Error - 5/13/2012 11:29:41 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/13/2012 11:29:41 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 5/13/2012 11:29:41 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 5/13/2012 11:29:43 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/13/2012 11:29:43 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3906

Error - 5/13/2012 11:29:43 PM | Computer Name = Adam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3906

[ Media Center Events ]
Error - 7/31/2009 10:53:24 PM | Computer Name = Adam-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 7/31/2009 10:58:24 PM | Computer Name = Adam-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 12/14/2011 5:32:16 PM | Computer Name = Adam-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/9/2012 9:09:31 PM | Computer Name = Adam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 4:43:16 PM | Computer Name = Adam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 10:20:41 AM | Computer Name = Adam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 1:37:00 PM | Computer Name = Adam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 10:46:58 PM | Computer Name = Adam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 3:36:46 PM | Computer Name = Adam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 3:45:48 PM | Computer Name = Adam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 5/23/2012 9:13:07 PM | Computer Name = Adam-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 5/23/2012 9:13:07 PM | Computer Name = Adam-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 5/26/2012 10:41:29 AM | Computer Name = Adam-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 5/26/2012 10:41:30 AM | Computer Name = Adam-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 5/29/2012 4:07:04 PM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2012 4:07:13 PM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2012 4:07:21 PM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/2/2012 11:12:32 AM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/2/2012 11:12:32 AM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/2/2012 11:12:32 AM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 02 June 2012 - 04:40 PM

We don't have any malware to remove but we need to run an OTL Fix just to tidy up a bit
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Please run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#9 Geldeth

Geldeth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 02 June 2012 - 06:19 PM

OTL fix report:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.

OTL by OldTimer - Version 3.2.45.0 log created on 06022012_174342





MBAM report:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: ADAM-PC [administrator]

6/2/2012 5:47:34 PM
mbam-log-2012-06-02 (17-47-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415786
Time elapsed: 1 hour(s), 26 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 02 June 2012 - 06:24 PM

Well, Geldeth, nothing found so far which is good.

We need to perform a long scan with ESET - this can take some time but it is a thorough process and will find any remnants there may be

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#11 Geldeth

Geldeth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 02 June 2012 - 08:18 PM

The program didn't generate a log, but it did find a "threat"

C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\42057fb4-7496f94e a variant of Java/JShrink.A application deleted - quarantined

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 02 June 2012 - 08:32 PM

Yes, "threat" in inverted commas is about right. This is a copy of a malware file which has been cached by Java. That's gone now.

I think there's still Superantispyware to use - this is good for registry remnants

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#13 Geldeth

Geldeth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 02 June 2012 - 10:27 PM

Completed SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/02/2012 at 11:07 PM

Application Version : 5.0.1150

Core Rules Database Version : 8675
Trace Rules Database Version: 6487

Scan type : Complete Scan
Total Scan Time : 01:05:36

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 83724
Registry threats detected : 0
File items scanned : 57422
File threats detected : 69

Adware.Tracking Cookie
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adv.surinter[2].txt [ /adv.surinter ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@at.atwola[2].txt [ /at.atwola ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@bs.serving-sys[1].txt [ /bs.serving-sys ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@cgm.adbureau[2].txt [ /cgm.adbureau ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@chitika[1].txt [ /chitika ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@content.yieldmanager.edgesuite[1].txt [ /content.yieldmanager.edgesuite ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@iacas.adbureau[1].txt [ /iacas.adbureau ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@interclick[2].txt [ /interclick ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@invitemedia[1].txt [ /invitemedia ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@kontera[1].txt [ /kontera ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@media6degrees[1].txt [ /media6degrees ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@microsoftgamestudio.112.2o7[1].txt [ /microsoftgamestudio.112.2o7 ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@msnbc.112.2o7[1].txt [ /msnbc.112.2o7 ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@smartadserver[2].txt [ /smartadserver ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@specificmedia[2].txt [ /specificmedia ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@xiti[1].txt [ /xiti ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\50993D09.txt [ /atdmt.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\LO0278XK.txt [ /media6degrees.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\IIAM7A6V.txt [ /c.atdmt.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\HRYN1IHF.txt [ /adserver.adtechus.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\7EN02KWJ.txt [ /amazon-adsystem.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\HZWY58PO.txt [ /traveladvertising.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\Q7480P5I.txt [ /adbrite.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\AJU6AHTC.txt [ /statse.webtrendslive.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\94ZO8PGS.txt [ /specificclick.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\VUH570GK.txt [ /revsci.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\LEQ0II0S.txt [ /2o7.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\YMZHAX0H.txt [ /tribalfusion.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\CF2DUQB4.txt [ /pro-market.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8MI3NC8P.txt [ /adxpose.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\GJOCUPMN.txt [ /invitemedia.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\28WK2STG.txt [ /mm.chitika.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\AH9XK8P3.txt [ /interclick.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\9I7SPYWU.txt [ /doubleclick.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\PEGHY4XS.txt [ /statcounter.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8GD6SS8U.txt [ /serving-sys.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\O0F4WE2Q.txt [ /advertising.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\ZGW5E6RE.txt [ /yieldmanager.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\3NL9QUK9.txt [ /ad.yieldmanager.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\G3GK5YOZ.txt [ /findthedata.org ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\HYYYDQ46.txt [ /casalemedia.com ]
C:\USERS\ADMINISTRATOR\Cookies\50993D09.txt [ Cookie:administrator@atdmt.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\LO0278XK.txt [ Cookie:administrator@media6degrees.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\IIAM7A6V.txt [ Cookie:administrator@c.atdmt.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\HRYN1IHF.txt [ Cookie:administrator@adserver.adtechus.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\7EN02KWJ.txt [ Cookie:administrator@amazon-adsystem.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\HZWY58PO.txt [ Cookie:administrator@traveladvertising.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\Q7480P5I.txt [ Cookie:administrator@adbrite.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\AJU6AHTC.txt [ Cookie:administrator@statse.webtrendslive.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\94ZO8PGS.txt [ Cookie:administrator@specificclick.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\VUH570GK.txt [ Cookie:administrator@revsci.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\LEQ0II0S.txt [ Cookie:administrator@2o7.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\YMZHAX0H.txt [ Cookie:administrator@tribalfusion.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\CF2DUQB4.txt [ Cookie:administrator@pro-market.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\8MI3NC8P.txt [ Cookie:administrator@adxpose.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\28WK2STG.txt [ Cookie:administrator@mm.chitika.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\AH9XK8P3.txt [ Cookie:administrator@interclick.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\9I7SPYWU.txt [ Cookie:administrator@doubleclick.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\8GD6SS8U.txt [ Cookie:administrator@serving-sys.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\O0F4WE2Q.txt [ Cookie:administrator@advertising.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\ZGW5E6RE.txt [ Cookie:administrator@yieldmanager.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\3NL9QUK9.txt [ Cookie:administrator@ad.yieldmanager.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\G3GK5YOZ.txt [ Cookie:administrator@findthedata.org/ ]
.divx.112.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 03 June 2012 - 06:01 AM

Your machine looks clean to me. :)

Any issues during the topic that you did not tell me about?
Posted Image
m0le is a proud member of UNITE

#15 Geldeth

Geldeth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 03 June 2012 - 09:01 AM

No other issues. Now my only concern is prevention. I've already had to replace two credit cards and I really don't want to have to do it again. How can I be more proactive in preventing malware/spyware in the future?

Also, which of these scans would you recommend running on a regular basis?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users