Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirect: sureonlinefind, I think


  • This topic is locked This topic is locked
30 replies to this topic

#1 dunbarton

dunbarton

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 15 May 2013 - 02:22 PM

Hello.

 

I'm getting intermittent redirects in Firefox 20.0.1, often to a long URL including "sureonlinefind".  MalwareBytes AntiMalware and mrt.exe detect nothing.  Conjecturing it's the same as this thread:

 

http://www.bleepingcomputer.com/forums/t/493596/browser-hijacker-cant-seem-to-remove-it/

 

Here are the dds.txt (appended) and attach.txt (attached) files from DDS.

 

Thanks in advance

 

dunbarton

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by tycobass at 15:02:11 on 2013-05-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3109 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Applications Main\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
E:\Applications Main\ProTools\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\hasplms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
E:\Gabba\OTL.exe
E:\Applications Main\Mozilla Firefox\firefox.exe
E:\Applications Main\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Applications Main\Java\bin\ssv.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Applications Main\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Applications Main\Java\bin\jp2ssv.dll
uRun: [Adobe] Rundll32.exe C:\Users\tycobass\AppData\Local\Adobe\phzccxxr.dll,qsrduzhxgohtzxajxqk
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - E:\Applications Main\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - E:\Applications Main\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - E:\Applications Main\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - E:\Applications Main\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - E:\APPLIC~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2ADD2AB7-2922-4ACC-A289-D9574EB3468B} : DHCPNameServer = 208.67.222.222 208.67.220.220 24.178.162.3
TCP: Interfaces\{6E532BB6-430C-4290-8744-553257C77B0C} : DHCPNameServer = 208.67.222.222 208.67.220.220 209.18.47.61
TCP: Interfaces\{B66C6E80-A7F1-425C-946F-878B44EA1790} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
SSODL: WebCheck - <orphaned>
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\
FF - prefs.js: browser.startup.homepage - hxxp://192.168.100.1/Docsis_system.asp
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: E:\Applications Main\Java\bin\plugin2\npjp2.dll
FF - plugin: E:\Applications Main\VLC\npvlc.dll
FF - plugin: E:\Downloads Main\Adobe\Reader\Reader\AIR\nppdf32.dll
FF - plugin: E:\Downloads Main\Adobe\Reader\Reader\browser\nppdf32.dll
FF - ExtSQL: 2013-04-30 20:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-30 20:34; {f69e22c7-bc50-414a-9269-0f5c344cd94c}; C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
FF - ExtSQL: 2013-04-30 20:34; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-04-30 20:34; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-05-01 13:44; https-everywhere@eff.org; C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\https-everywhere@eff.org
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-10 55024]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;E:\Applications Main\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2012-10-17 78208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver;C:\Windows\System32\drivers\bh560eth.sys [2012-12-20 105072]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-10-13 21480]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2010-6-16 21520]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 MboxAudioDevMon;Mbox Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe [2010-5-25 1919504]
R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-5-6 1919504]
R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-6-11 1919504]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-22 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-22 487280]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-3-10 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-9 346144]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-10-22 18288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HWSuperPowerTablet;HWSuperPowerTablet;C:\Windows\jwpen.exe --> C:\Windows\jwpen.exe [?]
S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;C:\Windows\System32\drivers\libusb0.sys [2013-5-7 52832]
S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys [2010-2-9 28680]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;C:\Windows\System32\drivers\MAudioLegacyKeyboard.sys [2010-2-9 196616]
S3 MBOXMINI;Service for Avid Mbox Mini;C:\Windows\System32\drivers\AvidMboxMini.sys [2010-5-6 419856]
S3 mr97310c;CIF Dual-Mode Camera;C:\Windows\System32\drivers\mr97310c.sys [2008-3-27 143872]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2011-12-23 23816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2010-12-31 854632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 VHWDrawing;HanWang Drawing Tablet;C:\Windows\System32\drivers\HWDrawing.sys [2010-10-10 8320]
S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2012-3-9 198400]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2012-3-9 303616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-10 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\python.exe="C:\Python27\python.exe" "%1" [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-15 14:42:36    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F081A9D6-2452-4AD6-B89E-D38BB5DEE90F}\mpengine.dll
2013-05-07 18:11:29    --------    dc----w-    C:\Users\tycobass\AppData\Roaming\cfclient
2013-05-07 15:00:45    76384    -c--a-w-    C:\Windows\System32\libusb0.dll
2013-05-07 15:00:45    67680    -c--a-w-    C:\Windows\SysWow64\libusb0.dll
2013-05-07 15:00:45    52832    -c--a-w-    C:\Windows\System32\drivers\libusb0.sys
2013-04-25 00:22:56    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 14:43:01    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 14:43:01    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 14:43:01    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-14 23:54:08    71048    -c--a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 23:54:08    692104    -c--a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 06:06:08    278800    -c----w-    C:\Windows\System32\MpSigStub.exe
2013-04-10 15:33:45    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-04-10 15:33:43    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-10 15:33:43    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-10 15:33:43    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-10 15:33:43    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 15:33:43    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 15:33:43    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-13 15:20:40    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-03-09 01:54:19    95648    -c--a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 01:54:19    861088    -c--a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 01:54:19    782240    -c--a-w-    C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 15:02:18.67 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:30 PM

Posted 15 May 2013 - 04:41 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.
 

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Search and, once complete, let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 

 


So long, and thanks for all the fish.

 

 


#3 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 15 May 2013 - 07:08 PM

Hi and thanks for quick response!

 

I will copy-and-paste the three requested files in three posts, including this one.

 

In the interim between my inital post and your reply I discovered something anomalous: Revo Uninstaller and CCleaner both showed a much newer installation of Free Download Manager than I expected.  (Dated early last week; I haven't used FDM in a month.)  So I uninstalled it.  I haven't experienced any redirects since then, but I haven't done that much browsing either; this may be purely coincidence; I mention it only for completeness.

 

# AdwCleaner v2.300 - Logfile created 05/15/2013 at 19:59:01
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : tycobass - TYCOBASS-PC
# Boot Mode : Normal
# Running from : E:\Gabba\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [664 octets] - [15/05/2013 19:59:01]

########## EOF - C:\AdwCleaner[R1].txt - [723 octets] ##########
 



#4 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 15 May 2013 - 07:15 PM

otl.txt follows:

 

OTL logfile created on: 5/15/2013 8:10:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Gabba
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.43 Gb Available Physical Memory | 73.78% Memory free
12.00 Gb Paging File | 10.22 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.17 Gb Total Space | 2.97 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 61.77 Mb Free Space | 61.77% Space Free | Partition Type: NTFS
Drive E: | 465.66 Gb Total Space | 388.69 Gb Free Space | 83.47% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 61.83 Mb Free Space | 61.83% Space Free | Partition Type: NTFS
 
Computer Name: TYCOBASS-PC | User Name: tycobass | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - E:\Applications Main\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Gabba\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - E:\Applications Main\ProTools\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
PRC - C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe (Avid)
PRC - C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe (Avid)
PRC - C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe (Avid)
PRC - E:\Applications Main\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\Applications Main\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DigiRefresh) -- E:\Applications Main\ProTools\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
SRV - (digiSPTIService) -- E:\Applications Main\ProTools\Digidesign\Pro Tools\digiSPTIService.exe (Avid Technology, Inc.)
SRV - (MboxProAudioDevMon) -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe (Avid)
SRV - (MboxAudioDevMon) -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe (Avid)
SRV - (MboxMiniAudioDevMon) -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe (Avid)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- E:\Applications Main\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (psdrv3) -- C:\Windows\SysNative\drivers\psdrv3.sys (Prime Sense Ltd.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (bh560eth) -- C:\Windows\SysNative\drivers\bh560eth.sys (Blackhawk)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (DigiNet) -- C:\Windows\SysNative\drivers\diginet.sys (Avid Technology, Inc.)
DRV:64bit: - (MBOXMINI) -- C:\Windows\SysNative\drivers\AvidMboxMini.sys (Avid)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MADFULEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard_DFU.sys (M-Audio)
DRV:64bit: - (MAUSBLEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard.sys (M-Audio)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VMUVC) -- C:\Windows\SysNative\drivers\vmuvc.sys (Vimicro Corporation)
DRV:64bit: - (vvftUVC) -- C:\Windows\SysNative\drivers\vvftUVC.sys (Vimicro Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (mr97310c) -- C:\Windows\SysNative\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV:64bit: - (VHWDrawing) -- C:\Windows\SysNative\drivers\HWDrawing.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 4E EF B6 96 90 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://192.168.100.1/Docsis_system.asp"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.2
FF - prefs.js..extensions.enabledAddons: %7Bf69e22c7-bc50-414a-9269-0f5c344cd94c%7D:7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: E:\Applications Main\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: E:\Applications Main\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Downloads Main\Adobe\Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: E:\Applications Main\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: E:\Applications Main\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: E:\Applications Main\Mozilla Thunderbird\components [2013/05/15 13:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: E:\Applications Main\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: E:\Applications Main\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: E:\Applications Main\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: E:\Applications Main\Mozilla Thunderbird\components [2013/05/15 13:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: E:\Applications Main\Mozilla Thunderbird\plugins
 
[2013/04/30 20:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Extensions
[2011/03/25 17:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/05/15 15:23:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions
[2013/05/11 19:40:47 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/05/01 13:44:09 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\https-everywhere@eff.org
[2013/05/05 20:59:12 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/09 12:39:40 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/30 20:34:37 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/04/30 20:32:52 | 000,010,345 | ---- | M] () -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\searchplugins\duckduckgo.xml
[2013/04/30 20:33:41 | 000,012,776 | ---- | M] () -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\searchplugins\imdbcom-all.xml
[2013/04/30 20:34:02 | 000,002,492 | ---- | M] () -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\searchplugins\ixquick-https.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Applications Main\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Applications Main\Java\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe] C:\Users\tycobass\AppData\Local\Adobe\phzccxxr.dll (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - E:\Applications Main\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Applications Main\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADD2AB7-2922-4ACC-A289-D9574EB3468B}: DhcpNameServer = 208.67.222.222 208.67.220.220 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E532BB6-430C-4290-8744-553257C77B0C}: DhcpNameServer = 208.67.222.222 208.67.220.220 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B66C6E80-A7F1-425C-946F-878B44EA1790}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/15 15:00:22 | 000,688,992 | R--- | C] (Swearware) -- E:\Gabba\dds.com
[2013/05/15 14:11:05 | 000,000,000 | ---D | C] -- E:\Gabba\OTL Outputs
[2013/05/15 14:02:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Gabba\OTL.exe
[2013/05/07 14:11:29 | 000,000,000 | ---D | C] -- C:\Users\tycobass\AppData\Roaming\cfclient
[2013/05/07 11:00:45 | 000,076,384 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2013/05/07 11:00:45 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2013/05/07 11:00:45 | 000,052,832 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
[2013/05/07 10:59:54 | 000,000,000 | ---D | C] -- C:\Users\tycobass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crazyflie client
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/15 19:58:17 | 000,628,743 | ---- | M] () -- E:\Gabba\AdwCleaner.exe
[2013/05/15 19:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/15 19:50:24 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/15 19:50:24 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/15 19:47:35 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/15 19:47:35 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/15 19:47:35 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/15 19:43:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/15 19:43:13 | 536,272,895 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/15 15:00:25 | 000,688,992 | R--- | M] (Swearware) -- E:\Gabba\dds.com
[2013/05/15 14:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Gabba\OTL.exe
[2013/05/15 11:19:26 | 000,306,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/13 11:16:29 | 040,336,257 | ---- | M] () -- E:\Gabba\Untangling_the_Web.pdf
[2013/05/07 10:10:32 | 000,454,204 | ---- | M] () -- E:\Gabba\Fid_Wells_EFT.png
[2013/05/01 16:56:04 | 000,000,600 | ---- | M] () -- C:\Users\tycobass\AppData\Local\PUTTY.RND
[2013/04/24 13:31:00 | 000,076,384 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2013/04/24 13:31:00 | 000,067,680 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2013/04/24 13:31:00 | 000,052,832 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
 
========== Files Created - No Company Name ==========
 
[2013/05/15 19:58:12 | 000,628,743 | ---- | C] () -- E:\Gabba\AdwCleaner.exe
[2013/05/13 11:16:16 | 040,336,257 | ---- | C] () -- E:\Gabba\Untangling_the_Web.pdf
[2013/05/07 10:10:32 | 000,454,204 | ---- | C] () -- E:\Gabba\Fid_Wells_EFT.png
[2012/05/22 21:29:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/22 21:29:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/05/01 17:29:44 | 000,000,600 | ---- | C] () -- C:\Users\tycobass\AppData\Local\PUTTY.RND
[2011/12/26 00:59:11 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/26 00:59:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/10/25 00:35:25 | 000,001,777 | ---- | C] () -- C:\Users\tycobass\gdbtk.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/03 16:20:58 | 000,007,597 | ---- | C] () -- C:\Users\tycobass\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/05/15 10:42:48 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/05/15 10:42:48 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/27 19:01:12 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\.spectrumdigital
[2011/05/20 23:32:02 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Arduino
[2012/06/07 00:23:03 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Autodesk
[2012/05/08 14:54:45 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Blender Foundation
[2013/02/19 17:04:32 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\CadSoft
[2013/05/07 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\cfclient
[2013/02/21 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Digidesign
[2013/03/05 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\HandBrake
[2011/10/31 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\InfraRecorder
[2012/03/18 17:04:50 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\netfabb
[2013/04/12 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Opera
[2011/08/12 00:36:22 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\PACE Anti-Piracy
[2011/03/25 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Thunderbird
[2011/08/12 00:37:33 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Trillium Lane
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1421 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ycMqHMiYBXzhpWjhSwzMKcPy
@Alternate Data Stream - 1415 bytes -> C:\Users\tycobass\AppData\Local\sB7sRwcnpqbvYRL:aM2Ncu3LOGKiLOzy101
@Alternate Data Stream - 1409 bytes -> C:\ProgramData\Microsoft:QcELrBNyL731Tg7kTDQl3F
@Alternate Data Stream - 1310 bytes -> C:\Users\tycobass\AppData\Local\6KI4UJxhZeqAxh:MFeMNqGQzpMhleRmQ9xWL0
@Alternate Data Stream - 1297 bytes -> C:\ProgramData\Microsoft:Bo359l4uAHvLtH08GT2wN
@Alternate Data Stream - 1208 bytes -> C:\Users\tycobass\AppData\Local\BrLTgaUVaEb:nFlKxu6LhBJ00h3Bg3Lkoeow3YJ

< End of report >
 



#5 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 15 May 2013 - 07:19 PM

I'm confused: OTL Quick Scan did not seem to generate an Extras file (only one Notepad window, and no such file on Desktop). 

 

(Before I contacted you, I downloaded otl as per the instructions in the thread I referenced in OP and clicked "Run Scan" rather than "Quick Scan"; this did give me an Extras file.) 

 

Apologies if I'm being dense.  Please advise.



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:30 PM

Posted 16 May 2013 - 01:37 PM

Good evening. :)
 

You need to open OTL again and click the radio button next to Use SafeList under Extra Registry and then click the Quick Scan button.


So long, and thanks for all the fish.

 

 


#7 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 16 May 2013 - 03:02 PM

I clicked the "Use SafeList" radio button in the "Extra Registry" box and then ran "Quick Scan"; the button clicked back to "None" and no Extra.txt was produced.  However, when I selected "Use SafeList" and ran "Run Scan":, I got both files.  Here they are in two posts including this one:

 

OTL logfile created on: 5/16/2013 3:53:55 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Gabba
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.47 Gb Available Physical Memory | 74.45% Memory free
12.00 Gb Paging File | 10.29 Gb Available in Paging File | 85.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.17 Gb Total Space | 2.95 Gb Free Space | 7.95% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 61.77 Mb Free Space | 61.77% Space Free | Partition Type: NTFS
Drive E: | 465.66 Gb Total Space | 388.68 Gb Free Space | 83.47% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 61.83 Mb Free Space | 61.83% Space Free | Partition Type: NTFS
 
Computer Name: TYCOBASS-PC | User Name: tycobass | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - E:\Applications Main\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Gabba\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - E:\Applications Main\ProTools\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
PRC - C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe (Avid)
PRC - C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe (Avid)
PRC - C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe (Avid)
PRC - E:\Applications Main\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\Applications Main\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DigiRefresh) -- E:\Applications Main\ProTools\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
SRV - (digiSPTIService) -- E:\Applications Main\ProTools\Digidesign\Pro Tools\digiSPTIService.exe (Avid Technology, Inc.)
SRV - (MboxProAudioDevMon) -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe (Avid)
SRV - (MboxAudioDevMon) -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe (Avid)
SRV - (MboxMiniAudioDevMon) -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe (Avid)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- E:\Applications Main\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (psdrv3) -- C:\Windows\SysNative\drivers\psdrv3.sys (Prime Sense Ltd.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (bh560eth) -- C:\Windows\SysNative\drivers\bh560eth.sys (Blackhawk)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (DigiNet) -- C:\Windows\SysNative\drivers\diginet.sys (Avid Technology, Inc.)
DRV:64bit: - (MBOXMINI) -- C:\Windows\SysNative\drivers\AvidMboxMini.sys (Avid)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MADFULEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard_DFU.sys (M-Audio)
DRV:64bit: - (MAUSBLEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard.sys (M-Audio)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VMUVC) -- C:\Windows\SysNative\drivers\vmuvc.sys (Vimicro Corporation)
DRV:64bit: - (vvftUVC) -- C:\Windows\SysNative\drivers\vvftUVC.sys (Vimicro Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (mr97310c) -- C:\Windows\SysNative\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV:64bit: - (VHWDrawing) -- C:\Windows\SysNative\drivers\HWDrawing.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 4E EF B6 96 90 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://192.168.100.1/Docsis_system.asp"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.2
FF - prefs.js..extensions.enabledAddons: %7Bf69e22c7-bc50-414a-9269-0f5c344cd94c%7D:7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: E:\Applications Main\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: E:\Applications Main\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Downloads Main\Adobe\Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: E:\Applications Main\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: E:\Applications Main\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: E:\Applications Main\Mozilla Thunderbird\components [2013/05/15 13:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: E:\Applications Main\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: E:\Applications Main\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: E:\Applications Main\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: E:\Applications Main\Mozilla Thunderbird\components [2013/05/15 13:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: E:\Applications Main\Mozilla Thunderbird\plugins
 
[2013/04/30 20:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Extensions
[2011/03/25 17:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/05/15 15:23:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions
[2013/05/11 19:40:47 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/05/01 13:44:09 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\https-everywhere@eff.org
[2013/05/05 20:59:12 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/09 12:39:40 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/30 20:34:37 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/04/30 20:32:52 | 000,010,345 | ---- | M] () -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\searchplugins\duckduckgo.xml
[2013/04/30 20:33:41 | 000,012,776 | ---- | M] () -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\searchplugins\imdbcom-all.xml
[2013/04/30 20:34:02 | 000,002,492 | ---- | M] () -- C:\Users\tycobass\AppData\Roaming\Mozilla\Firefox\Profiles\0i4ebotm.default\searchplugins\ixquick-https.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Applications Main\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Applications Main\Java\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe] C:\Users\tycobass\AppData\Local\Adobe\phzccxxr.dll (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - E:\Applications Main\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Applications Main\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADD2AB7-2922-4ACC-A289-D9574EB3468B}: DhcpNameServer = 208.67.222.222 208.67.220.220 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E532BB6-430C-4290-8744-553257C77B0C}: DhcpNameServer = 208.67.222.222 208.67.220.220 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B66C6E80-A7F1-425C-946F-878B44EA1790}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/15 15:00:22 | 000,688,992 | R--- | C] (Swearware) -- E:\Gabba\dds.com
[2013/05/15 14:02:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Gabba\OTL.exe
[2013/05/15 10:38:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 10:38:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 10:38:42 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 10:38:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 10:38:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 10:38:42 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 10:38:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/07 14:11:29 | 000,000,000 | ---D | C] -- C:\Users\tycobass\AppData\Roaming\cfclient
[2013/05/07 11:00:45 | 000,076,384 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2013/05/07 11:00:45 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2013/05/07 11:00:45 | 000,052,832 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
[2013/05/07 10:59:54 | 000,000,000 | ---D | C] -- C:\Users\tycobass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crazyflie client
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/16 15:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 15:33:45 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 15:33:45 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 15:30:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/16 15:30:52 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/16 15:30:52 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/16 15:26:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 15:26:34 | 536,272,895 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/15 19:58:17 | 000,628,743 | ---- | M] () -- E:\Gabba\AdwCleaner.exe
[2013/05/15 15:00:25 | 000,688,992 | R--- | M] (Swearware) -- E:\Gabba\dds.com
[2013/05/15 14:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Gabba\OTL.exe
[2013/05/15 11:19:26 | 000,306,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 10:43:01 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 10:43:01 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 10:42:48 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 10:42:48 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 10:42:48 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 10:42:48 | 000,111,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 10:42:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/14 19:54:08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 19:54:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/13 11:16:29 | 040,336,257 | ---- | M] () -- E:\Gabba\Untangling_the_Web.pdf
[2013/05/01 16:56:04 | 000,000,600 | ---- | M] () -- C:\Users\tycobass\AppData\Local\PUTTY.RND
[2013/04/24 13:31:00 | 000,076,384 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2013/04/24 13:31:00 | 000,067,680 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2013/04/24 13:31:00 | 000,052,832 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
 
========== Files Created - No Company Name ==========
 
[2013/05/15 19:58:12 | 000,628,743 | ---- | C] () -- E:\Gabba\AdwCleaner.exe
[2013/05/13 11:16:16 | 040,336,257 | ---- | C] () -- E:\Gabba\Untangling_the_Web.pdf
[2012/05/22 21:29:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/22 21:29:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/05/01 17:29:44 | 000,000,600 | ---- | C] () -- C:\Users\tycobass\AppData\Local\PUTTY.RND
[2011/12/26 00:59:11 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/26 00:59:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/10/25 00:35:25 | 000,001,777 | ---- | C] () -- C:\Users\tycobass\gdbtk.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/03 16:20:58 | 000,007,597 | ---- | C] () -- C:\Users\tycobass\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/05/15 10:42:48 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/05/15 10:42:48 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/27 19:01:12 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\.spectrumdigital
[2011/05/20 23:32:02 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Arduino
[2012/06/07 00:23:03 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Autodesk
[2012/05/08 14:54:45 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Blender Foundation
[2013/02/19 17:04:32 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\CadSoft
[2013/05/07 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\cfclient
[2013/02/21 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Digidesign
[2013/03/05 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\HandBrake
[2011/10/31 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\InfraRecorder
[2012/03/18 17:04:50 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\netfabb
[2013/04/12 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Opera
[2011/08/12 00:36:22 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\PACE Anti-Piracy
[2011/03/25 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Thunderbird
[2011/08/12 00:37:33 | 000,000,000 | ---D | M] -- C:\Users\tycobass\AppData\Roaming\Trillium Lane
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1421 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ycMqHMiYBXzhpWjhSwzMKcPy
@Alternate Data Stream - 1415 bytes -> C:\Users\tycobass\AppData\Local\sB7sRwcnpqbvYRL:aM2Ncu3LOGKiLOzy101
@Alternate Data Stream - 1409 bytes -> C:\ProgramData\Microsoft:QcELrBNyL731Tg7kTDQl3F
@Alternate Data Stream - 1310 bytes -> C:\Users\tycobass\AppData\Local\6KI4UJxhZeqAxh:MFeMNqGQzpMhleRmQ9xWL0
@Alternate Data Stream - 1297 bytes -> C:\ProgramData\Microsoft:Bo359l4uAHvLtH08GT2wN
@Alternate Data Stream - 1208 bytes -> C:\Users\tycobass\AppData\Local\BrLTgaUVaEb:nFlKxu6LhBJ00h3Bg3Lkoeow3YJ

< End of report >
 



#8 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 16 May 2013 - 03:04 PM

OTL Extras logfile created on: 5/16/2013 3:53:55 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Gabba
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.47 Gb Available Physical Memory | 74.45% Memory free
12.00 Gb Paging File | 10.29 Gb Available in Paging File | 85.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.17 Gb Total Space | 2.95 Gb Free Space | 7.95% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 61.77 Mb Free Space | 61.77% Space Free | Partition Type: NTFS
Drive E: | 465.66 Gb Total Space | 388.68 Gb Free Space | 83.47% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 61.83 Mb Free Space | 61.83% Space Free | Partition Type: NTFS
 
Computer Name: TYCOBASS-PC | User Name: tycobass | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Applications Main\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Applications Main\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Applications Main\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\APPLIC~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Applications Main\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Applications Main\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\APPLIC~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA9C24-0743-43A1-936A-7A50E7C441E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{1E0B75D7-04F2-4B3A-BD6B-8711A5A36D26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FBD16D9-7CBD-4B9A-AAD5-AC942C5F8CA7}" = lport=138 | protocol=17 | dir=in | app=system |
"{5163B242-4317-4934-9606-C20DC467E803}" = rport=445 | protocol=6 | dir=out | app=system |
"{6216188E-5B0C-4112-B9DF-12B94844032B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D301E48-F1AD-42FA-A566-9FFBC404DEB9}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2D1FDE7-AC65-4955-963D-C4E72D9BB670}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5F3FDC3-E6E8-4FF0-B5C4-B0B8EF2677BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{B7440E40-F521-492D-BD19-32114E829523}" = rport=138 | protocol=17 | dir=out | app=system |
"{C25C1F85-7F4A-4758-81A7-5A766DAC404D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E399451F-A67D-4120-BEE0-DDE83EDBC4CE}" = lport=137 | protocol=17 | dir=in | app=system |
"{F46295D8-3049-4D03-9E48-F00C99E45148}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2345C80D-72F1-4585-ADC6-96660FEB6CC0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2C0A59D3-0776-41DE-919F-1BED54667F9D}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{6D42FCF7-FF94-4CED-9D65-F39C26270522}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{749BA157-58FE-4A5B-BA65-4724C738BB3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E137DAD-64B7-4D82-BA6B-324559DB60C0}" = protocol=17 | dir=in | app=e:\applications main\microsoft office\office12\onenote.exe |
"{A15C6C66-2740-4152-8AAF-E42B052A007E}" = protocol=6 | dir=in | app=e:\applications main\microsoft office\office12\onenote.exe |
"{B4C72F3C-5019-4244-85C9-B24EB31A9B31}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0B41944C-C479-43B7-BF39-5C2D1F103F09}E:\tidev\ccsv5\eclipse\jre\bin\java.exe" = protocol=6 | dir=in | app=e:\tidev\ccsv5\eclipse\jre\bin\java.exe |
"TCP Query User{725643E6-754F-4C91-BF0D-968DFFF067B1}E:\tidev\ccsv5\eclipse\ccstudio.exe" = protocol=6 | dir=in | app=e:\tidev\ccsv5\eclipse\ccstudio.exe |
"TCP Query User{BB4396E0-324D-4D02-A592-E25E2A4AA300}E:\applications main\vlc\vlc.exe" = protocol=6 | dir=in | app=e:\applications main\vlc\vlc.exe |
"TCP Query User{F34C0A4B-7198-404E-98FC-781F7E8E92AD}E:\applications main\trendnetcamera\setupwizard.exe" = protocol=6 | dir=in | app=e:\applications main\trendnetcamera\setupwizard.exe |
"UDP Query User{6DFB0B4C-EA65-459D-A1D7-6858158263CB}E:\applications main\trendnetcamera\setupwizard.exe" = protocol=17 | dir=in | app=e:\applications main\trendnetcamera\setupwizard.exe |
"UDP Query User{906229E7-C3FC-49E0-8D48-09613048DD33}E:\tidev\ccsv5\eclipse\ccstudio.exe" = protocol=17 | dir=in | app=e:\tidev\ccsv5\eclipse\ccstudio.exe |
"UDP Query User{94C79B5B-EB93-4FB3-9174-54A7C5F89D0A}E:\tidev\ccsv5\eclipse\jre\bin\java.exe" = protocol=17 | dir=in | app=e:\tidev\ccsv5\eclipse\jre\bin\java.exe |
"UDP Query User{F8293427-8270-4B4B-BB9F-53FF1372EE3E}E:\applications main\vlc\vlc.exe" = protocol=17 | dir=in | app=e:\applications main\vlc\vlc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{2CA9F96F-AFFC-4D41-B781-47EBD2378DB8}" = M-Audio Legacy Keyboard Driver 5.0.0 (x64)
"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
"{2F227ACA-204C-4529-BA33-D095C42C72DB}" = Avid Audio Drivers (x64)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{70806D7E-103D-41F9-8143-482D066E450C}" = Avid Mbox Mini Driver 1.0.4 (x64)
"{7F708BB1-43E5-41F7-8D48-A490C80A4DF0}" = Avid Mbox Pro Driver 1.0.10 (x64)
"{84FC6AF4-54DF-4701-BEFE-E5EC4A64D12D}" = Avid Mbox Driver 1.0.18 (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DFE96CF0-A611-40C4-AE24-2E4C21E3FF3E}" = Digidesign ElevenRack Driver 1.0.8 (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0BDF85E56A265712467599C1BB6297100A196F83" = Windows Driver Package - Texas Instruments CDM Driver Package (03/18/2011 2.08.14)
"2CC6CDFCB4BBBB42596B33BF910114E0982B07A6" = Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0)
"38DBA62E5F3E8B1A9D29076F0059C87E4A5B5785" = Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (02/16/2011 3.1.2.0)
"3B093C44CA19A7D5324F4A3CEB666DD4EBB257D6" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"426BB71EACDB64FF41684DB46CC07442F338C232" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"5AB23CC5A2E8D3A0AA129214C6F9CE8D7F4874B9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"65A7887924E47D0EA3E2A212B2247E7E9FA1F9EB" = Windows Driver Package - Spectrum Digital (sdusb2em) SDUSBEmulators  (03/25/2011 6.0.999.2)
"6DBBE862580281438868BCDD37A84E63A0FBB067" = Windows Driver Package - FTDI CDM Driver Package - VCP Driver (03/18/2011 2.08.14)
"75CE7050FCC4D8267A3BD5D3253B1AF44CB375B9" = Windows Driver Package - Texas Instruments CDM Driver Package (03/18/2011 2.08.14)
"79B08B825D0B6F029183E3C04190D86AEE93AF12" = Windows Driver Package - Texas Instruments (usbser) Ports  (05/01/2009 1.1.0.0)
"811EE677BA910AF18E88222F81F2AA6F083E3C53" = Windows Driver Package - Texas Instruments, Inc. (WinUSB) StellarisICDIDeviceClass  (08/03/2012 2.0.9270)
"883C04C33C70062A4AD0ED48685D05F25A854C1D" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"8A1FDB05EC5DC94785A88769D4A9AF2F496970A1" = Windows Driver Package - Texas Instruments, Inc. (usbser) Ports  (08/03/2012 2.0.9270)
"8E34866C72B4ED9C8D3B60249DA48CF113B9FFBE" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"95395462375D9A29E54B3082BE6D3CAA7CEFD7BA" = Windows Driver Package - Texas Instruments Incorporated (usbser) Ports  (04/21/2009 5.1.2600.0)
"A0AA8F842A8763D58C48062D95A9CB19C452DF57" = Windows Driver Package - Texas Instruments Inc. (WinUSB) StellarisDFUDeviceClass  (08/03/2012 1.2.9270)
"ABE36B9BBD00CD433A4454EBCAD52F303406A488" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"ACBD450607B9A261AF1F694FAE00A92218E1F94B" = Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14)
"Blender" = Blender
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"F51BEF9C0C3A82026BF1EBA9F1F5F08EFF1BE870" = Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (11/21/2011 3.1.3.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Pen Tablet Driver" = Bamboo
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054D3947-9686-4969-9B9A-ACC7A08516AD}" = BDTI_OpenCV_Executable_Demo_Package
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Avid Pro Tools Creative Collection 8.0.4
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}" = Avid Pro Tools LE 8.0.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{564B9269-0DEA-44F8-BC58-C20600F585D9}" = SetupWizard
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Digital microscope
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{884CF059-9A11-4DF7-A2A7-17EFE90B9278}" = Graphviz
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A212BF95-8B73-4143-9BF9-DB193ECBDE11}" = PrimeSense Sensor KinectMod 5.1.0.25 for Windows
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0.3
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B8A98E3A-A852-4BE6-B5FE-1AEF9D5A5AB7}" = OpenNI 1.5.2.23 for Windows
"{BC64CEDA-74F9-4007-B9DE-09EDE0A35A67}" = Autodesk 123D Catch
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{CE48BAE6-CDEF-4EB2-9AB0-67018F25C7C4}_is1" = LAN Speed Test
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FED9BF39-9703-4201-9FB9-CC0A298E6B52}" = LM Flash Programmer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Cfclient" = Crazyflie Client
"Code Composer Studio 5.3.0" = Code Composer Studio 5.3.0
"Code Composer Studio v5" = Code Composer Studio v5
"D1120502-1130-4000-9C10-A4F62C0C66D4" = Blackhawk Emulation Device Drivers for Windows - v1.12.05.02
"DCC21963-AE65-4A4D-A535-D3BBCA439957" = eZ430-Chronos
"EAGLE 6.4.0" = EAGLE 6.4.0
"FUDVROCX_is1" = FUDVROCX V1.0.3.11
"HandBrake" = HandBrake 0.9.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0 (x86 en-US)" = Mozilla Thunderbird 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"netfabb" = netfabb Studio
"pepakura_designer3en" = Pepakura Designer 3
"PuTTY_is1" = PuTTY version 0.62
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpeedFan" = SpeedFan (remove only)
"VLC media player" = VLC media player 1.1.4
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinAVR-20100110" = WinAVR 20100110 (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 7040
Description =
 
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 7042
Description =
 
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 9002
Description =
 
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 5/1/2013 12:47:26 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 5/1/2013 12:47:59 PM | Computer Name = tycobass-PC | Source = Windows Search Service | ID = 1019
Description =
 
Error - 5/4/2013 2:50:34 PM | Computer Name = tycobass-PC | Source = Application Hang | ID = 1002
Description = The program LAN_SpeedTest.exe version 3.4.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 4a4    Start
 Time: 01ce48f833059e14    Termination Time: 0    Application Path: E:\Applications Main\LAN
 Speed Test\LAN_SpeedTest.exe    Report Id: 7eae3e8f-b4eb-11e2-990c-00252261a87c  
 
Error - 5/4/2013 8:34:57 PM | Computer Name = tycobass-PC | Source = Application Hang | ID = 1002
Description = The program LAN_SpeedTest.exe version 3.4.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d38    Start
 Time: 01ce49284edefd9b    Termination Time: 16    Application Path: E:\Applications Main\LAN
 Speed Test\LAN_SpeedTest.exe    Report Id: 9b865153-b51b-11e2-828d-00252261a87c  
 
Error - 5/4/2013 8:35:19 PM | Computer Name = tycobass-PC | Source = Application Hang | ID = 1002
Description = The program LAN_SpeedTest.exe version 3.4.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: bfc    Start
 Time: 01ce49285f759480    Termination Time: 0    Application Path: E:\Applications Main\LAN
 Speed Test\LAN_SpeedTest.exe    Report Id: a8a2a592-b51b-11e2-828d-00252261a87c  
 
[ System Events ]
Error - 5/14/2013 9:33:52 PM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/15/2013 10:34:01 AM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/15/2013 11:19:26 AM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/15/2013 11:21:17 AM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/15/2013 11:32:58 AM | Computer Name = tycobass-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 5/15/2013 4:55:38 PM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/15/2013 7:43:20 PM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/16/2013 10:00:54 AM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/16/2013 2:15:56 PM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
Error - 5/16/2013 3:26:41 PM | Computer Name = tycobass-PC | Source = Service Control Manager | ID = 7000
Description = The HWSuperPowerTablet service failed to start due to the following
 error:   %%2
 
 
< End of report >
 



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:30 PM

Posted 16 May 2013 - 03:29 PM

Top job. Pay a visit to the ESET Online Scanner.
 

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 

 


So long, and thanks for all the fish.

 

 


#10 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 16 May 2013 - 09:19 PM

Text of log follows (1 infected file found).  I successfully fired up my kettle but was unable to locate any biccies; please advise.

 

C:\Users\tycobass\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5debd791-3df1ca72    multiple threats
 



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:30 PM

Posted 17 May 2013 - 01:55 PM

Good evening. :)

I successfully fired up my kettle but was unable to locate any biccies; please advise.

If your biscuit tin has crashed i'm afraid there's nothing to be done - crumbs!

 

Can you tell me if you installed anything just prior to seeing this infection rearing it's ugly head.

 


So long, and thanks for all the fish.

 

 


#12 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 17 May 2013 - 02:15 PM

Can't be sure when "just prior" was - within the last week or so, though.  According to the installed list on Revo Uninstaller, recent installs include

 

Adobe Flash Player 11 plugin

Adobe Reader X (10.1.7) (installation date is after infection date though, I think)

Crazyflie client (https://bitbucket.org/bitcraze/crazyflie-pc-client/downloads/cfclient-2013.4.1.tar.gz)

Crazyradio Windows driver (https://bitbucket.org/bitcraze/crazyradio-firmware/downloads/crazyradio_windows_driver.zip)

(these last two are controller client for a quadcopter and driver for its radio dongle)

Mozilla Firefox 21.0 (x86 en-us)

Mozilla Thunderbird 17.0.6 (x86 en-us)

(both updates, both post-date the infection, I think)

 

I thought I might have updated Java around that time -- I was getting prompts for it - but I might not have.  (I noticed ESET spent a very long time on every file of the form *\java\lib\rt.jar", of which I had several in different places...)

 

That's all I can find or think of.

 

I assume the point of your question is to figure out how I got the infection, in which case honesty forces me to admit that I clicked on a link in an email putatively from DealExtreme.com very near the time of infection.  Although I don't have careful notes about timing and behavior, I have a bad feeling about it.  (I do get emails from them regularly, so perhaps I'm jumping to conclusions.)

 

 

 

 

 



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:30 PM

Posted 17 May 2013 - 04:06 PM

Install this add-on and restart Firefox.
 

  • Click Tools > Add-ons.
  • In the top right hand corner, click Dump list
  • In the window that opens, click Copy to clipboard.
  • Paste the contents of the clipboard into your next reply.
  • Please click the Plugins Tab on the left and repeat the process.

 

 


So long, and thanks for all the fish.

 

 


#14 dunbarton

dunbarton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 17 May 2013 - 04:20 PM

Add-ons Dump List:

 

Application: Firefox 21.0 (20130511120803)
Operating System: WINNT (x86-msvc)

- Adblock Plus 2.2.4
- BetterPrivacy 1.68
- Extension List Dumper 1.15.2
- HTTPS-Everywhere 3.2
- NoScript 2.6.6.1 (Disabled)
- Theme Font & Size Changer 7.1

 

Plug-ins Dump List:

 

 

Application: Firefox 21.0 (20130511120803)
Operating System: WINNT (x86-msvc)

-  Wacom Dynamic Link Library 1.1.0.5 (Disabled)
- Adobe Acrobat 10.1.7.27
- Adobe Acrobat 10.1.7.27
- Java Deployment Toolkit 7.0.170.2 10.17.2.2
- Java™ Platform SE 7 U17 10.17.2.2
- Shockwave Flash 11.7.700.202
- VLC Multimedia Plug-in 1.1.4.0



#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:30 PM

Posted 18 May 2013 - 03:00 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users