Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32:Malware-gen


  • This topic is locked This topic is locked
27 replies to this topic

#1 ptd.gwb

ptd.gwb

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 19 March 2013 - 01:25 AM

I suspect I contracted the 'Win32:Malware-gen' after encountering some recurring pop-ups on a sports streaming website firstrowsports.  I ran avast quick scan which detected this (see attached screenshot), and I selected the 'move to chest' option.  After hitting 'Apply', it indicated the attempt was successful.  I restarted my computer, did a quick scan again (didn't have time for a boot-time scan)  and the 'Win32:Malware-gen' was not detected.  I do need your assistance in making sure that it is fully removed.

 

See below DDS.txt and attached Attach.txt

 

Thank you very much for your help and looking forward to your response!

 

----------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 1.6.0_26
Run by Justin at 2:10:10 on 2013-03-19
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.12286.9973 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files\Itunes\iTunesHelper.exe"
StartupFolder: C:\Users\Justin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6B2924DB-7FEB-4886-95C1-EA8B5BBDF052} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-2 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-10 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-19 280408]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-19 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-19 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-10 42184]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-5-14 4901888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-7-31 52320]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="C:\Windows\System32\NOTEPAD.EXE" "%1"
.txt: <filetype is not registered>
.js: <filetype is not registered>
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-03-19 00:48:54    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC30F2E5-1C02-49D8-A053-91F91F6CA46C}\mpengine.dll
2013-03-08 01:47:16    19352    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2013-02-22 21:44:12    --------    d-----w-    C:\Program Files (x86)\Badosoft
.
==================== Find3M  ====================
.
2013-02-02 06:57:02    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-02 06:42:18    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-17 06:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-05 05:57:43    5500776    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:02:17    3957608    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02:17    3902312    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41:01    1893224    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-04 05:40:54    287576    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-01-04 05:37:01    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-01-04 05:37:00    243200    ----a-w-    C:\Windows\System32\wow64.dll
2013-01-04 05:37:00    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-01-04 05:36:33    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 05:33:49    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-01-04 05:30:34    424960    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-01-04 05:27:03    6144    ---ha-w-    C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27:03    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27:03    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27:02    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27:02    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27:02    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27:01    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27:01    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27:00    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27:00    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27:00    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:51:09    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:51:08    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-01-04 03:22:49    3150848    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 03:19:55    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-01-04 02:48:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:48:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:48:34    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-04 02:48:33    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:43:35    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH:  2:10:47.00 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:09 PM

Posted 19 March 2013 - 05:47 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.
 

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 

 


So long, and thanks for all the fish.

 

 


#3 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 20 March 2013 - 01:51 AM

Hi there, thanks for your help.  I have completed the ESET scan, list of found threats (4) below:

 

C:\Users\Justin\AppData\Local\Temp\jar_cache7737722126518748052.tmp    a variant of Java/Exploit.CVE-2010-0840.NAD trojan
C:\Users\Justin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\79ffde6a-49da9d36    multiple threats
E:\LIBRARY\Software\Adobe Photoshop Lightroom 2\keygen.exe    a variant of Win32/Keygen.BK application
E:\LIBRARY\Software\RHINOCEROS.V4.SR5b\Rhinoceros 4.0 SR5b 20090226\patch.exe    a variant of Win32/HackTool.Patcher.T application
 



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:09 PM

Posted 20 March 2013 - 03:22 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


So long, and thanks for all the fish.

 

 


#5 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 20 March 2013 - 08:21 PM

Hi Noviciate, thank you soo much for helping me.  I have an update on my system, and I am not sure if some or all of these symptoms are a coincidence or associated with the malware infection.

 

When I went to shut down my computer last night, windows installed some "service updates" prior to shutting down, so I let it do its thing.  The updates completed and the computer shut down.  

 

Today when I rebooted my computer, it was froze on the "preparing to configure windows screen".  After letting it be for 20 minutes without progress, I restarted the computer, and each time, bootup went to that screen and froze.

 

I then proceeded to restart the computer in safe mode, upon entering windows, it said something like "failure to install service updates", and using system recovery, i restored the computer to the point right before the service updates were installed the night prior.

 

I tried restarting again, in normal mode, and after the welcome screen, I get a blank white screen.  Restarted the computer again, after welcome to windows screen, blank white screen again. 

 

I have now rebooted successfully again in safe mode with networking, and typing this post.  So my question is, what next?

 

1) Upon learning this information, what do you recommend my next steps should be.  I am not sure if the "service updates" were an extension of the malware infection.  Should I continue with running the above "OTL" step, running this in safe mode?

 

2) A little bit more info, two to three weeks ago prior to the suspected infection, I have imaged my computer using the Windows native backup and imaging option, this image is stored on a backup drive disconnected from my CPU.  Should I try restoring my computer altogether using this image?

 

Thanks again for your help.  I am gonna hold off doing anything else until I hear your response.

 

Best regards,

 

Justin



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:09 PM

Posted 21 March 2013 - 04:07 PM

Good evening. :)

Do you have the Windows installation disk handy?


So long, and thanks for all the fish.

 

 


#7 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 21 March 2013 - 05:49 PM

When I created the system image I also created a system repair disc.  Can that be used in lieu of the Windows installation disc? 

 

I can also try tracking down the installation disc itself, but will take some digging...



#8 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 21 March 2013 - 10:44 PM

Hi Noviciate, In the case that I do need the installation discs and not just the system repair disc, I have gone ahead and ordered from dell a set of the discs (they allow one order per computer), so they should be arriving in the next day or two, in the case that I need them.  Waiting to hear what you recommend I should do next.  Thanks again, your help much appreciated:)



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:09 PM

Posted 22 March 2013 - 02:49 PM

Good evening. :)

As you have a system repair disk that's the one we'll use. If you haven't already, you need to change the boot order in the BIOS so that the CD/DVD drive is the first boot device - there's a handy pictorial guide here.
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Two handy links for this procedure are here and here. The first shows you how to get to the Startup Repair option and the second tells you more about what you'll see once you get there.

 

All being well this will resolve your issue without further actions - let me know how you get on, or if you have any questions before you begin, please ask.


So long, and thanks for all the fish.

 

 


#10 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 March 2013 - 04:35 PM

Hi Noviciate, so the saga continues.  I have successfully reimaged my HD, now I can successfully log back into windows, but scanning with Avast, it indicates I have the same infection.  So, I must have been infected earlier than I thought (I do not know when though), but it must be before this HD image was taken which was on 3/4/13. 

 

1)This time around, I did not do anything with the infection after finding it in Avast scan (previously, I have placed in chest).

 

2)I have also turned off automatic updates so windows should not automatically download and install service updates for the time being (so as to avoid the same issue as before)

 

3)I have run ESET scanner, and the same results as previously reported above.

 

4)I have downloaded OTL by oldtimer using your link, though, I could not run it (since i'm on a 64bit system), it said it's only possible on Win32.  I therefore downloaded OTL by OldTimer 3.2.70.2 from Softpedia and quick scanned using the default settings.  Posting the results in the next two posts per your direction.

 

5)Scan by OTL completed, but it only displays the OTL.txt and no Extras.txt (maybe it's a setting I need to click?)  Results below.

 

Please let me know next steps, thank you so much!

 

-----------------

 

OTL logfile created on: 3/23/2013 5:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Justin\Contacts\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
12.00 Gb Total Physical Memory | 8.57 Gb Available Physical Memory | 71.42% Memory free
23.99 Gb Paging File | 20.72 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.94 Gb Total Space | 13.79 Gb Free Space | 9.26% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 396.70 Gb Free Space | 42.59% Space Free | Partition Type: NTFS
 
Computer Name: JUSTIN-T5500 | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/23 17:16:48 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Contacts\Downloads\OTL.exe
PRC - [2013/02/20 02:36:11 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2012/12/17 20:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/10/10 22:30:04 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/09 00:44:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/23 10:04:12 | 001,169,408 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\wx._core_.pyd
MOD - [2013/03/23 10:04:12 | 001,024,616 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\windows._cacheinvalidation.pyd
MOD - [2013/03/23 10:04:12 | 000,792,576 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\wx._gdi_.pyd
MOD - [2013/03/23 10:04:12 | 000,731,136 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\wx._misc_.pyd
MOD - [2013/03/23 10:04:12 | 000,645,120 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\_ssl.pyd
MOD - [2013/03/23 10:04:12 | 000,571,392 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\pysqlite2._sqlite.pyd
MOD - [2013/03/23 10:04:12 | 000,354,304 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\pythoncom26.dll
MOD - [2013/03/23 10:04:12 | 000,263,168 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32com.shell.shell.pyd
MOD - [2013/03/23 10:04:12 | 000,153,088 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\pyexpat.pyd
MOD - [2013/03/23 10:04:12 | 000,110,592 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32security.pyd
MOD - [2013/03/23 10:04:12 | 000,110,592 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\PyWinTypes26.dll
MOD - [2013/03/23 10:04:12 | 000,096,256 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32api.pyd
MOD - [2013/03/23 10:04:12 | 000,086,016 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\_elementtree.pyd
MOD - [2013/03/23 10:04:12 | 000,073,728 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\_ctypes.pyd
MOD - [2013/03/23 10:04:12 | 000,070,656 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\wx._html2.pyd
MOD - [2013/03/23 10:04:12 | 000,040,448 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\_socket.pyd
MOD - [2013/03/23 10:04:12 | 000,036,352 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32process.pyd
MOD - [2013/03/23 10:04:12 | 000,023,040 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32ts.pyd
MOD - [2013/03/23 10:04:12 | 000,022,528 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32pdh.pyd
MOD - [2013/03/23 10:04:12 | 000,017,920 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32profile.pyd
MOD - [2013/03/23 10:04:12 | 000,011,776 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32crypt.pyd
MOD - [2013/03/23 10:04:10 | 000,807,424 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\wx._windows_.pyd
MOD - [2013/03/23 10:04:10 | 000,311,808 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\_hashlib.pyd
MOD - [2013/03/23 10:04:10 | 000,121,856 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\wx._wizard.pyd
MOD - [2013/03/23 10:04:10 | 000,111,104 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32file.pyd
MOD - [2013/03/23 10:04:10 | 000,039,424 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32inet.pyd
MOD - [2013/03/23 10:04:09 | 001,056,256 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\wx._controls_.pyd
MOD - [2013/03/23 10:04:09 | 000,585,728 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\unicodedata.pyd
MOD - [2013/03/23 10:04:09 | 000,017,920 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\win32event.pyd
MOD - [2013/03/23 10:04:09 | 000,011,776 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI31482\select.pyd
MOD - [2013/02/20 02:36:11 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/10 22:30:04 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 09:01:24 | 004,901,888 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2013/02/20 02:36:11 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/09 00:44:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/01 00:22:19 | 000,078,536 | ---- | M] (Macrovision                                                    ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2010/04/29 23:16:41 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/31 14:07:34 | 000,052,320 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 10:57:04 | 000,280,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/02/23 10:57:01 | 000,505,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/02/23 10:55:53 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/02/23 10:55:13 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/02/23 10:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 10:54:58 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/12/12 04:37:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/05 17:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\TPkd.sys -- (TPkd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 72 10 42 98 16 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B3205B348-523A-4fac-9BC4-9939CBF583B0%7D:2.1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/18 22:45:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/20 02:36:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/20 02:36:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/20 02:36:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/20 02:36:09 | 000,000,000 | ---D | M]
 
[2010/04/19 22:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2013/02/24 02:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions
[2011/05/01 19:42:02 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011/03/02 01:13:42 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2013/02/24 02:57:15 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\firebug@software.joehewitt.com.xpi
[2013/02/13 23:21:50 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/20 02:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/23 09:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/03/23 09:33:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/20 02:36:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/08 08:32:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/20 02:36:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/11/30 01:45:27 | 000,000,885 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B2924DB-7FEB-4886-95C1-EA8B5BBDF052}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/14 22:48:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b4cc6d04-1185-11e1-9924-002564acaf69}\Shell - "" = AutoRun
O33 - MountPoints2\{b4cc6d04-1185-11e1-9924-002564acaf69}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/23 09:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/22 17:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Badosoft
[2013/02/22 17:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Badosoft
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/23 17:04:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 16:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2055016899-2883695897-526314054-1001UA.job
[2013/03/23 10:11:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/23 10:11:05 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/23 10:11:05 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/23 10:11:05 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 10:11:05 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 10:03:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/23 10:03:20 | 1071,804,414 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/23 09:16:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/04 21:52:14 | 000,048,375 | ---- | M] () -- C:\Users\Justin\Desktop\croppingguide.jpg
[2013/03/04 21:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2055016899-2883695897-526314054-1001Core.job
[2013/03/03 11:41:35 | 001,706,509 | ---- | M] () -- C:\Users\Justin\Desktop\MGn7qvj.jpg
[2013/03/02 15:37:15 | 000,150,826 | ---- | M] () -- C:\Users\Justin\Desktop\0,1740,iid=361280,00.jpg
[2013/02/25 03:12:54 | 004,590,220 | ---- | M] () -- C:\Users\Justin\Desktop\130223_Layout_1_Comments1.pdf
[2013/02/22 17:44:12 | 000,002,731 | ---- | M] () -- C:\Users\Public\Desktop\Latency Optimizer.lnk
[2013/02/22 11:59:16 | 000,307,706 | ---- | M] () -- C:\Users\Justin\Desktop\fy5E9.jpg
 
========== Files Created - No Company Name ==========
 
[2013/03/23 10:03:20 | 1071,804,414 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/04 21:52:14 | 000,048,375 | ---- | C] () -- C:\Users\Justin\Desktop\croppingguide.jpg
[2013/03/03 11:41:35 | 001,706,509 | ---- | C] () -- C:\Users\Justin\Desktop\MGn7qvj.jpg
[2013/03/02 15:37:15 | 000,150,826 | ---- | C] () -- C:\Users\Justin\Desktop\0,1740,iid=361280,00.jpg
[2013/02/25 03:12:54 | 004,590,220 | ---- | C] () -- C:\Users\Justin\Desktop\130223_Layout_1_Comments1.pdf
[2013/02/22 17:44:12 | 000,002,731 | ---- | C] () -- C:\Users\Public\Desktop\Latency Optimizer.lnk
[2013/02/22 11:59:16 | 000,307,706 | ---- | C] () -- C:\Users\Justin\Desktop\fy5E9.jpg
[2012/09/01 00:02:00 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/09/01 00:02:00 | 000,017,686 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/12/04 00:57:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/08/08 23:10:50 | 000,000,132 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/11/27 01:17:53 | 000,000,132 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/18 23:34:12 | 000,001,456 | ---- | C] () -- C:\Users\Justin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/05/08 01:55:50 | 000,000,017 | ---- | C] () -- C:\Users\Justin\AppData\Local\resmon.resmoncfg
[2010/04/29 19:53:51 | 000,008,704 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/04/23 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.minecraft
[2010/12/12 02:28:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ashampoo
[2011/07/23 12:39:03 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Audacity
[2010/04/29 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Autodesk
[2011/01/12 02:36:10 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Canon
[2012/05/21 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/10 22:16:58 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.adobe.ExMan
[2010/12/12 04:45:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DAEMON Tools Lite
[2012/11/05 04:36:28 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\FileZilla
[2012/08/29 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\JawboneUpdater
[2010/05/02 00:24:55 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\MaxwellDotNET
[2011/09/20 02:14:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PACE Anti-Piracy
[2011/12/05 23:22:26 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Red Alert 3
[2010/05/02 12:44:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Robert McNeel & Associates
[2011/03/11 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\SharePod
[2013/01/29 01:18:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify
[2010/10/18 01:13:07 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/03 21:37:42 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Stardock
[2011/02/20 01:56:24 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\svBuilder
[2013/03/01 22:57:48 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1135 bytes -> C:\Users\Justin\AppData\Local\Esgs9EdkWvCE4a:SsaVs2HrwuX3Kujm6QRh3y

< End of report >
 



#11 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 March 2013 - 04:40 PM

Oh my bad, there is an Extras.Txt, posted here:

 

OTL Extras logfile created on: 3/23/2013 5:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Justin\Contacts\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
12.00 Gb Total Physical Memory | 8.57 Gb Available Physical Memory | 71.42% Memory free
23.99 Gb Paging File | 20.72 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.94 Gb Total Space | 13.79 Gb Free Space | 9.26% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 396.70 Gb Free Space | 42.59% Space Free | Partition Type: NTFS
 
Computer Name: JUSTIN-T5500 | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Unable to open value key File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Unable to open value key File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{200F5164-689D-4BF4-B547-9E3CD3789A3D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3BFEB21D-EDF5-44EF-BE8E-17E5AB02A6A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DAC9634-CC64-4704-B63E-E44881DC62E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{56891B5C-E13D-494C-8B8C-6953CE2C6365}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64168EAC-477B-4188-9A11-172C4DF96DA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{653971B3-7880-46B2-A258-00BBFDC9A739}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8C045082-0634-49FA-ABBE-06F82D9323CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{907AA4C2-647B-4ACC-B52A-8EF2ADFB7F50}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A340C2F8-51E6-4C1C-A04F-EF071E07D2AC}" = lport=138 | protocol=17 | dir=in | app=system |
"{AB89547B-3065-4615-A4D4-4B6ED313305E}" = lport=55224 | protocol=6 | dir=in | name=akamai netsession interface |
"{BBD57CAB-A342-44D8-8FE9-B5FA59944C40}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C5272088-B293-421B-BE3F-5ECA18FFD11A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA6BA456-3EB6-4FFA-BFCF-6FA6D7AD6C5A}" = rport=137 | protocol=17 | dir=out | app=system |
"{CCD1201A-F201-43DC-AC2A-3FF640EEE1D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{D27DD63A-4E03-4AB8-BD49-2D78C2AC8984}" = rport=138 | protocol=17 | dir=out | app=system |
"{D6072DBE-2690-40D5-9301-C8EF1D949121}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1510347-FBD2-4F21-989A-565F030218D9}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CAAB5A8-CC18-4F06-BF9A-E28C7C25D211}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{164325D5-9618-438D-B8B2-E884DF1C3F08}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B1E6470-60A2-4436-9790-4AC9B2D77616}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"{1CC4F0A6-D01E-4D30-BEBC-E9DBA31CDB5D}" = protocol=17 | dir=in | app=c:\program files (x86)\jawbone\jawboneupdater.exe |
"{2E3A034E-9375-4A16-A3E7-13043B555230}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3C3E086A-5D58-42B2-8E27-25255175FAB5}" = protocol=6 | dir=in | app=c:\program files (x86)\jawbone\jawboneupdater.exe |
"{3CC6E5AB-F261-4793-A00D-5791B8DD9B79}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40B2ADBA-B9B0-4232-8BAB-658EC06FF1E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{40E1EE89-5CBA-4C06-B975-D8C9160B640F}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{48D04C24-2A73-4CBC-B8D6-A22FCDC8DEB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{4D5BD518-939F-4776-94CB-73673B37871D}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{52677EFC-C717-49CD-BEC5-660F9C1DC072}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{59512F47-A81C-4E14-9959-240DBCEAF5CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{655A70C4-0E90-434C-977F-B165ABA8A8D3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6C2FA03F-2945-4355-8DB0-467889472F0A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{8D7059FE-EA95-4572-B37A-E6AE0ED3360F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94023B16-8533-4EC8-BC43-A777E4D04AF1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99A44BB4-92F7-4ACE-9771-32A31F87518C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AF1318C-1C56-4EDD-8BD3-19B1CC3AC861}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9F914C59-7C14-49DE-90C8-2FDDE9C189F3}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{A85D9A04-E546-495E-9085-D5EDA219CCB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC4A1E9C-CFEF-455E-9C48-551F184F356C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B367ACE6-1150-445E-9BED-80E772C97BB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B6BBA9E4-D3CE-44D7-BACD-C964EFDD35A2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B9D5EDC6-D35A-4EB6-9FCB-7AB9A03CFD50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC7D2E97-D7E0-4E37-8561-4EE828518A95}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{C7A03AAF-5556-4BD5-890F-D13A823BFCD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8321CCA-4CA1-4019-9F69-C941969D1D74}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{C8D6E834-87CB-4F34-B4F7-3CC041CDCC8B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{CC66CABF-A958-40AB-9D95-6A3134707393}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB767E85-21EB-448E-9D57-2E99361A04A9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EC3B8CE9-A158-4708-9916-23222BD5337F}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"TCP Query User{0B6C6EC1-C836-4BD4-BD49-B5FD1CC74E0A}C:\program files\next limit\maxwell 2\maxwell.exe" = protocol=6 | dir=in | app=c:\program files\next limit\maxwell 2\maxwell.exe |
"TCP Query User{11EB2ED6-DAF7-4331-8D3D-4338FB6A2390}C:\users\justin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{1336F3C5-FB66-4826-B98D-780089E9F09D}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{2C8FEA58-DCDC-4044-B6A1-4FC9279C108D}C:\program files (x86)\electronic arts\command and conquer red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command and conquer red alert 3\data\ra3_1.12.game |
"TCP Query User{C080550F-9028-46C6-B974-18E9C21B4BD4}C:\users\justin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D6306B43-CDF2-4861-BF94-DC9EF1449DFC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{14E68563-5255-4B21-A588-152F02F8CFFD}C:\program files (x86)\electronic arts\command and conquer red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command and conquer red alert 3\data\ra3_1.12.game |
"UDP Query User{73EF75F4-FB0D-4EF5-BBA1-1C9D176D5F97}C:\program files\next limit\maxwell 2\maxwell.exe" = protocol=17 | dir=in | app=c:\program files\next limit\maxwell 2\maxwell.exe |
"UDP Query User{B779E8C0-A10F-417E-AC2B-9F66ADEBE842}C:\users\justin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C276F6F9-92D2-45A2-94EB-8020A3CFAFFF}C:\users\justin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D3667C0F-D593-4F6D-B973-1E6EE252129B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{D8340423-34F0-4332-992A-FEAA85E0F6ED}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F532222-A793-4362-876B-72F56C60EF9C}" = Maxwell Shell Extension (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A9767A4-577D-4806-A121-7F0010F6BC60}" = Latency Optimizer FREE VERSION
"{2E9D8007-BC77-456E-8FC5-87E6643807A0}" = Maxwell for Rhino x86
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47558092-6F3C-E0AF-49C2-F1795CCF20C2}" = svBuilder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{5B9E1A73-6A74-4DAF-AF1C-DDEBD79C942E}" = Rhinoceros 4.0 SR5b
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68E6762C-20CA-41B2-8720-1B178B2C6AED}" = DxO FilmPack 2.0
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7B4B0AA9-F97E-49C4-AE6F-D40580B65A22}" = onOne PerfectPresets
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{876D2C17-263E-43FD-A7E2-34428E82F239}" = Google Talk, Labs Edition
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E7E283-8AB2-3EFE-A3BD-8482F72BAFCF}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4B76E93-3FC2-4E90-81EE-EE62948CFB03}" = Sony Ericsson Mobile Phone Monitor
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED9A325D-9622-4FD0-A731-73D23C6265F3}" = CapMan
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Command and Conquer - Red Alert 3" = Command and Conquer - Red Alert 3
"CRASHCLOCK" = CRASHCLOCK Screensaver
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Setup" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DROPCLOCK" = DROPCLOCK Screensaver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5
"Google Chrome" = Google Chrome
"Grasshopper" = Grasshopper
"Jawbone Updater" = Jawbone Updater
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Maxwell 2" = Maxwell 2
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Spotify" = Spotify
"svBuilder" = svBuilder
"Switch" = Switch Sound File Converter
"T-Splines for Rhino" = T-Splines for Rhino
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/14/2012 3:08:41 AM | Computer Name = Justin-t5500 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/14/2012 3:08:53 AM | Computer Name = Justin-t5500 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/15/2012 12:08:07 AM | Computer Name = Justin-t5500 | Source = Application Error | ID = 1000
Description = Faulting application name: lightroom.exe, version: 3.6.0.10, time
stamp: 0x4edc3f82  Faulting module name: ntdll.dll, version: 6.1.7600.16915, time
stamp: 0x4ec4b137  Exception code: 0xc0000374  Fault offset: 0x00000000000c6ae2  Faulting
 process id: 0x19f4  Faulting application start time: 0x01cd4aabc32d3568  Faulting application
 path: C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\lightroom.exe  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: b6137501-b69f-11e1-bbbb-0023ae8cf78b
 
Error - 6/15/2012 2:30:44 AM | Computer Name = Justin-t5500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Adobe\adobe
 premiere pro cs4\MPEGHDVExport.exe".  Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/16/2012 1:20:37 AM | Computer Name = Justin-t5500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Adobe\adobe
 premiere pro cs4\MPEGHDVExport.exe".  Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/17/2012 2:49:30 AM | Computer Name = Justin-t5500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Adobe\adobe
 premiere pro cs4\MPEGHDVExport.exe".  Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/19/2012 1:14:25 AM | Computer Name = Justin-t5500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Adobe\adobe
 premiere pro cs4\MPEGHDVExport.exe".  Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/21/2012 1:01:53 AM | Computer Name = Justin-t5500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Adobe\adobe
 premiere pro cs4\MPEGHDVExport.exe".  Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/22/2012 2:46:43 AM | Computer Name = Justin-t5500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Adobe\adobe
 premiere pro cs4\MPEGHDVExport.exe".  Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/23/2012 1:01:23 AM | Computer Name = Justin-t5500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Adobe\adobe
 premiere pro cs4\MPEGHDVExport.exe".  Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 3/3/2013 6:05:24 PM | Computer Name = Justin-t5500 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TPkd
 
Error - 3/4/2013 2:51:51 AM | Computer Name = Justin-t5500 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 3/4/2013 9:19:36 PM | Computer Name = Justin-t5500 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TPkd
 
Error - 3/4/2013 11:35:24 PM | Computer Name = Justin-t5500 | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 3/23/2013 10:04:03 AM | Computer Name = Justin-t5500 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TPkd
 
Error - 3/23/2013 10:04:34 AM | Computer Name = Justin-t5500 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
 
Error - 3/23/2013 10:04:34 AM | Computer Name = Justin-t5500 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 3/23/2013 10:05:01 AM | Computer Name = Justin-t5500 | Source = DCOM | ID = 10005
Description =
 
Error - 3/23/2013 10:05:01 AM | Computer Name = Justin-t5500 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Search service to connect.
 
Error - 3/23/2013 10:05:01 AM | Computer Name = Justin-t5500 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
 
< End of report >
 



#12 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 24 March 2013 - 10:14 AM

Good Morning Noviciate,

Apologies for another post, but wanted to make sure you had the most updated info to work with when you check the thread.  Windows last night (even though i turned off automatic updates) made an update on my computer, (not sure if it was legit or not).  I was able to reboot to windows afterwards no problem.  It did make changes to my registry, etc though.  So I wanted to post another OTL log for your reference in case anything changed since my last OTL log post.  (and this time, really no extras.txt that popped up, think it's only on the first run right?)

 

Thanks again for your attention!

 

-----

 

OTL logfile created on: 3/24/2013 10:31:03 AM - Run 3
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Justin\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
12.00 Gb Total Physical Memory | 9.33 Gb Available Physical Memory | 77.77% Memory free
23.99 Gb Paging File | 21.29 Gb Available in Paging File | 88.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.94 Gb Total Space | 11.91 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 393.62 Gb Free Space | 42.26% Space Free | Partition Type: NTFS
 
Computer Name: JUSTIN-T5500 | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/23 17:16:48 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
PRC - [2013/03/23 09:33:04 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/10 20:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/17 20:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/10/10 22:30:04 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/24 10:07:09 | 000,792,576 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\wx._gdi_.pyd
MOD - [2013/03/24 10:07:09 | 000,571,392 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\pysqlite2._sqlite.pyd
MOD - [2013/03/24 10:07:09 | 000,263,168 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32com.shell.shell.pyd
MOD - [2013/03/24 10:07:09 | 000,153,088 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\pyexpat.pyd
MOD - [2013/03/24 10:07:09 | 000,096,256 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32api.pyd
MOD - [2013/03/24 10:07:09 | 000,086,016 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\_elementtree.pyd
MOD - [2013/03/24 10:07:09 | 000,070,656 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\wx._html2.pyd
MOD - [2013/03/24 10:07:09 | 000,040,448 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\_socket.pyd
MOD - [2013/03/24 10:07:09 | 000,023,040 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32ts.pyd
MOD - [2013/03/24 10:07:09 | 000,011,776 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32crypt.pyd
MOD - [2013/03/24 10:07:08 | 001,169,408 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\wx._core_.pyd
MOD - [2013/03/24 10:07:08 | 001,024,616 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\windows._cacheinvalidation.pyd
MOD - [2013/03/24 10:07:08 | 000,807,424 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\wx._windows_.pyd
MOD - [2013/03/24 10:07:08 | 000,731,136 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\wx._misc_.pyd
MOD - [2013/03/24 10:07:08 | 000,645,120 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\_ssl.pyd
MOD - [2013/03/24 10:07:08 | 000,354,304 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\pythoncom26.dll
MOD - [2013/03/24 10:07:08 | 000,311,808 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\_hashlib.pyd
MOD - [2013/03/24 10:07:08 | 000,121,856 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\wx._wizard.pyd
MOD - [2013/03/24 10:07:08 | 000,111,104 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32file.pyd
MOD - [2013/03/24 10:07:08 | 000,110,592 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32security.pyd
MOD - [2013/03/24 10:07:08 | 000,110,592 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\PyWinTypes26.dll
MOD - [2013/03/24 10:07:08 | 000,073,728 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\_ctypes.pyd
MOD - [2013/03/24 10:07:08 | 000,036,352 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32process.pyd
MOD - [2013/03/24 10:07:08 | 000,022,528 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32pdh.pyd
MOD - [2013/03/24 10:07:08 | 000,017,920 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32profile.pyd
MOD - [2013/03/24 10:07:07 | 001,056,256 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\wx._controls_.pyd
MOD - [2013/03/24 10:07:07 | 000,585,728 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\unicodedata.pyd
MOD - [2013/03/24 10:07:07 | 000,039,424 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32inet.pyd
MOD - [2013/03/24 10:07:07 | 000,017,920 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\win32event.pyd
MOD - [2013/03/24 10:07:07 | 000,011,776 | ---- | M] () -- C:\Users\Justin\AppData\Local\Temp\_MEI27083\select.pyd
MOD - [2013/03/23 09:33:03 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/10 20:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 20:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 20:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 20:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 20:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2012/10/10 22:30:04 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/14 15:44:16 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 09:01:24 | 004,901,888 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2013/03/23 09:33:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/09 00:44:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/01 00:22:19 | 000,078,536 | ---- | M] (Macrovision                                                    ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2010/04/29 23:16:41 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/31 14:07:34 | 000,052,320 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 10:57:04 | 000,280,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/02/23 10:57:01 | 000,505,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/02/23 10:55:53 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/02/23 10:55:13 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/02/23 10:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 10:54:58 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/12/12 04:37:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/05 17:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\TPkd.sys -- (TPkd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 72 10 42 98 16 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B3205B348-523A-4fac-9BC4-9939CBF583B0%7D:2.1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/18 22:45:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/23 09:33:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/23 09:33:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/23 09:33:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/23 09:33:02 | 000,000,000 | ---D | M]
 
[2010/04/19 22:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2013/02/24 02:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions
[2011/05/01 19:42:02 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011/03/02 01:13:42 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2013/02/24 02:57:15 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\firebug@software.joehewitt.com.xpi
[2013/02/13 23:21:50 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\isfbrt4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/23 09:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/23 09:33:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/08 08:32:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/20 02:36:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/11/30 01:45:27 | 000,000,885 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B2924DB-7FEB-4886-95C1-EA8B5BBDF052}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/14 22:48:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b4cc6d04-1185-11e1-9924-002564acaf69}\Shell - "" = AutoRun
O33 - MountPoints2\{b4cc6d04-1185-11e1-9924-002564acaf69}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/24 10:14:33 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2013/03/23 09:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/23 09:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/22 17:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Badosoft
[2013/02/22 17:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Badosoft
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/24 10:14:15 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 10:14:15 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 10:13:16 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/24 10:13:16 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/24 10:13:16 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/24 10:07:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/24 10:06:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/24 10:06:38 | 1071,804,414 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/24 03:04:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/24 02:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2055016899-2883695897-526314054-1001UA.job
[2013/03/24 02:18:25 | 000,001,583 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/23 20:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2055016899-2883695897-526314054-1001Core.job
[2013/03/23 17:16:48 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2013/03/04 21:52:14 | 000,048,375 | ---- | M] () -- C:\Users\Justin\Desktop\croppingguide.jpg
[2013/03/03 11:41:35 | 001,706,509 | ---- | M] () -- C:\Users\Justin\Desktop\MGn7qvj.jpg
[2013/03/02 15:37:15 | 000,150,826 | ---- | M] () -- C:\Users\Justin\Desktop\0,1740,iid=361280,00.jpg
[2013/02/25 03:12:54 | 004,590,220 | ---- | M] () -- C:\Users\Justin\Desktop\130223_Layout_1_Comments1.pdf
[2013/02/22 17:44:12 | 000,002,731 | ---- | M] () -- C:\Users\Public\Desktop\Latency Optimizer.lnk
[2013/02/22 11:59:16 | 000,307,706 | ---- | M] () -- C:\Users\Justin\Desktop\fy5E9.jpg
 
========== Files Created - No Company Name ==========
 
[2013/03/23 10:03:20 | 1071,804,414 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/04 21:52:14 | 000,048,375 | ---- | C] () -- C:\Users\Justin\Desktop\croppingguide.jpg
[2013/03/03 11:41:35 | 001,706,509 | ---- | C] () -- C:\Users\Justin\Desktop\MGn7qvj.jpg
[2013/03/02 15:37:15 | 000,150,826 | ---- | C] () -- C:\Users\Justin\Desktop\0,1740,iid=361280,00.jpg
[2013/02/25 03:12:54 | 004,590,220 | ---- | C] () -- C:\Users\Justin\Desktop\130223_Layout_1_Comments1.pdf
[2013/02/22 17:44:12 | 000,002,731 | ---- | C] () -- C:\Users\Public\Desktop\Latency Optimizer.lnk
[2013/02/22 11:59:16 | 000,307,706 | ---- | C] () -- C:\Users\Justin\Desktop\fy5E9.jpg
[2012/09/01 00:02:00 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/09/01 00:02:00 | 000,017,686 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/12/04 00:57:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/08/08 23:10:50 | 000,000,132 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/11/27 01:17:53 | 000,000,132 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/18 23:34:12 | 000,001,456 | ---- | C] () -- C:\Users\Justin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/05/08 01:55:50 | 000,000,017 | ---- | C] () -- C:\Users\Justin\AppData\Local\resmon.resmoncfg
[2010/04/29 19:53:51 | 000,008,704 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/04/23 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.minecraft
[2010/12/12 02:28:59 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ashampoo
[2011/07/23 12:39:03 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Audacity
[2010/04/29 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Autodesk
[2011/01/12 02:36:10 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Canon
[2012/05/21 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/10 22:16:58 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.adobe.ExMan
[2010/12/12 04:45:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DAEMON Tools Lite
[2012/11/05 04:36:28 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\FileZilla
[2012/08/29 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\JawboneUpdater
[2010/05/02 00:24:55 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\MaxwellDotNET
[2011/09/20 02:14:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PACE Anti-Piracy
[2011/12/05 23:22:26 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Red Alert 3
[2010/05/02 12:44:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Robert McNeel & Associates
[2011/03/11 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\SharePod
[2013/01/29 01:18:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify
[2010/10/18 01:13:07 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/03 21:37:42 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Stardock
[2011/02/20 01:56:24 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\svBuilder
[2013/03/23 19:24:10 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1135 bytes -> C:\Users\Justin\AppData\Local\Esgs9EdkWvCE4a:SsaVs2HrwuX3Kujm6QRh3y

< End of report >
 



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:09 PM

Posted 24 March 2013 - 03:36 PM

Good evening. :)

I'd like you to run Avast and let it remove anything it finds - I suspect that the system issue was just a coincidence and that Windows update just didn't go according to plan. It wouldn't be the first time that such a thing occurred. Reboot the PC afterwards and tell me how it went.


So long, and thanks for all the fish.

 

 


#14 ptd.gwb

ptd.gwb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 24 March 2013 - 10:57 PM

Hi Noviciate, so, current status:

 

1) Ran Avast, detected same infection (win32malware-gen), and I choose remove.  It successfully performed the action, and asked for a restart and a boottime scan.

 

2)Ran bootime scan, and it detected a series of java related issues, I clicked Delete after the scan detected each of these:

Java: agent-aha [Expl]

Java: CVE-2010-0842-E [Expl]

Java:CVE-2010-8042-L [Expl]

Java:CVE-2010-0094-Y [Expl]

Java: Agent-AAK [Expl]

Java:Agent-ABV [Expl]

Java:CVE-2011-3544-DS [Expl]

Java:CVE-2012-0507-EM [Expl]

Java:Downloader-BK [Expl]

 

3)The scan completed, upon restarting, a dialogue box popped up for some reason indicating that the version of Windows I'm running might not be genuine and might be counterfeit (which is weird since it is a genuine installed OS that came with the workstation).

 

4) From reading a few threads, i went ahead and uninstalled JAVA from the windows control panel, and disabled JAVA on my browsers.

 

5)I was on a roll, so i went ahead and used CCleaner, as well as running its registry cleaner too.

 

6)After all this, ran Avast again, and received a clean scan.

 

Given this information, any additional scans or further steps you recommend I should perform? 

 

Thanks again for your attention as usual!

 

J



#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:09 PM

Posted 25 March 2013 - 03:08 PM

Good evening. :)

I'm not a big fan of any registry cleaners as the potential for serious harm is too great for my liking, but that's just my two penneth. Does another restart cause the Windows pop-up regarding the genuine nature of your OS to appear again?


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users