Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe @ 100%. Probable Rootkit infection.


  • This topic is locked This topic is locked
37 replies to this topic

#1 Cujo17

Cujo17

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 07 December 2013 - 02:41 AM

So here's the problem...   my computer has been acting up for a while, but I've dealt with it because it worked for what I needed it to and wasn't worth the hassle to fix it.  However recently, my explorer.exe file suddenly started to use all of my computer resources.  I have a very high suspicion that I'm infected with at least one type of malicious software.

 

I've always been able to get rid of viruses and malware myself in the past, with the aid of reading forums like this dealing with similar problems, but this time I am at a loss and posting is my last resort.

 

I have used ad-aware, superantispyware, spybot - search & destroy, tdss killer, AVG, GMER, and yes, even Combofix, even though I know I shouldn't have.  Combofix used to always solve any problem I would have, but now it says I'm infected with Rootkit.ZeroAccess and just sits there for days on end without working in Safe or Normal mode.

 

I even followed the Preperation Guide and tried running dds.com, but it just sits there too indefinitely.  So therefore, at this point, the only thing I can provide is a Hijackthis log and await further instructions.

 

Even though I probably have done most of the steps y'all will recommend, I am more than willing to do them again and whatever else it takes to finally get my clean computer.  Thank you in advance for anyone willing to help.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:13 AM, on 12/7/2013
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
H:\WINDOWS\system32\taskmgr.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\msiexec.exe
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - H:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [CTStartup] "H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "H:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [MSConfig] H:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\???\???\{96184f32-758c-dee9-dd9e-22bcc56787e0}\GoogleUpdate.exe" >
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "H:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "H:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://H:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://H:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://H:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.vizzed.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bw+0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - H:\WINDOWS\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - H:\WINDOWS\system32\CbFsMntNtf3.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - Unknown owner - H:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - H:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - H:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - H:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - H:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: UMVPFSrv - Logitech Inc. - H:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 21682 bytes



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 11 December 2013 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ==============

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.

  • IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    HijackThis doesn't handle your version of the operating well. In your case I need to see a DDS Log.
    You should remove HijackThis using the Add/Remove Programs list. Use the DDS tool from now on.

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.
  • [/list]


#3 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 11 December 2013 - 01:26 PM

Hi Nasdaq.  Thank you for helping me!

 

 

RogueKiller Report:

 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3, v.3264) 32 bits version
Started in : Normal mode
User : Garren [Admin rights]
Mode : Remove -- Date : 12/11/2013 09:16:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- "H:\Program Files\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\   \   \???ﯹ๛\{96184f32-758c-dee9-dd9e-22bcc56787e0}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\???\???ﯹ๛\{96184f32-758c-dee9-dd9e-22bcc56787e0}\GoogleUpdate.exe" >) -> DELETED
[RUN][ZeroAccess] HKUS\S-1-5-21-854245398-1547161642-1177238915-1003\[...]\Run : Google Update ("H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\???\???ﯹ๛\{96184f32-758c-dee9-dd9e-22bcc56787e0}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("H:\Program Files\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\   \   \???ﯹ๛\{96184f32-758c-dee9-dd9e-22bcc56787e0}\GoogleUpdate.exe" < [x]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[BROK VAL] HKCR\[...]\command :  () -> CREATED ("%1" %*)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] L : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\???\???ﯹ๛\{96184f32-758c-dee9-dd9e-22bcc56787e0}\L [-] --> DELETED
[ZeroAccess][Folder] U : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\???\???ﯹ๛\{96184f32-758c-dee9-dd9e-22bcc56787e0}\U [-] --> DELETED
[ZeroAccess][Folder] {96184f32-758c-dee9-dd9e-22bcc56787e0} : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\???\???ﯹ๛\{96184f32-758c-dee9-dd9e-22bcc56787e0} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\???\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ??? : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\???\??? [-] --> DELETED
[ZeroAccess][Folder] ??? : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0}\??? [-] --> DELETED
[ZeroAccess][Folder] {96184f32-758c-dee9-dd9e-22bcc56787e0} : H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Desktop\Install\{96184f32-758c-dee9-dd9e-22bcc56787e0} [-] --> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600AAJB-00PVA0 +++++
--- User ---
[MBR] e7aa3fbc5ae25f5299e124682331aee8
[BSP] 091958decc5d358aa9d85d0280602baa : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12112013_091654.txt >>
RKreport[0]_S_12112013_091048.txt

 

 

 

 

AdwCleaner Log:

 

# AdwCleaner v3.015 - Report created 11/12/2013 at 09:27:57
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3, v.3264 (32 bits)
# Username : Garren - G
# Running from : H:\Documents and Settings\Garren\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Viewpoint Manager Service

***** [ Files / Folders ] *****

File Found : H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\searchplugins\Conduit.xml
File Found : H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\user.js
File Found : H:\END
Folder Found H:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found H:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found H:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found H:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found H:\Documents and Settings\Garren\Application Data\adawaretb
Folder Found H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\adawaretb
Folder Found H:\Documents and Settings\Garren\Application Data\NCH Software
Folder Found H:\Documents and Settings\Garren\Application Data\Viewpoint
Folder Found H:\Documents and Settings\Garren\Local Settings\Application Data\Splashtop
Folder Found H:\Program Files\adawaretb
Folder Found H:\Program Files\NCH Software
Folder Found H:\Program Files\Splashtop
Folder Found H:\Program Files\Toolbar Cleaner
Folder Found H:\Program Files\Viewpoint

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-222222222229}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\prefs.js ]

Line Found : user_pref("CT3282812_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368727684182,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "Somoto V.1 Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&SearchSource=2&CUI=UN37075177101858189&UM=2&q=");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3282812");
Line Found : user_pref("bettergmail2.enabled.inboxcount", true);
Line Found : user_pref("bettergmail2.enabled.inboxcountfirst", true);
Line Found : user_pref("browser.search.defaultthis.engineName", "Somoto V.1 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&CUI=UN37075177101858189&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.gtdinbox.account_default", "{\"box\":{\"force_above_chat\":true,\"expanded_sections\":{},\"enabled\":true},\"gtd\":{\"shown_welcome\":false,\"allow_multiple_statuses\":false,\"do[...]
Line Found : user_pref("extensions.gtdinbox.account_prefs", "{\"xxx@gmail.com\":{\"box\":{\"force_above_chat\":true,\"expanded_sections\":{\"boxlinks\":true,\"gtdtypes\":true},\"enabled\":true},\"gtd\":{\"sho[...]
Line Found : user_pref("extensions.gtdinbox.plugin_versions", "{\"box\":\"1.0a4\",\"gtd\":\"1.0a14\"}");
Line Found : user_pref("gtdinbox.debugMode", "0");
Line Found : user_pref("gtdinbox.emailVariable", "yd");
Line Found : user_pref("gtdinbox.lastVersion", "2.08");
Line Found : user_pref("gtdinbox.lateLoad", "0");
Line Found : user_pref("gtdinbox.noPreview", "0");
Line Found : user_pref("gtdinbox.settings", "{\"xxx@gmail.com\":{\"labels\":{\"types\":{\"Statuses\":{\"prefix\":\"S:\",\"defaults\":{\"NextAction\":\"Next Action\",\"Action\":\"Action\",\"WaitingOn\":\"Waiti[...]
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&SearchSource=2&CUI=UN37075177101858189&UM=2&q=");
Line Found : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[R0].txt - [6593 octets] - [11/12/2013 09:27:57]

########## EOF - H:\AdwCleaner\AdwCleaner[R0].txt - [6653 octets] ##########

 

 

 

Junkware Log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Garren on Wed 12/11/2013 at 10:18:46.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] viewpoint manager service
Successfully deleted: [Service] viewpoint manager service

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\somoto_v.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer

 

~~~ Files

Successfully deleted: [File] "H:\end"

 

~~~ Folders

Successfully deleted: [Folder] "H:\Documents and Settings\All Users\application data\blekko toolbars"
Successfully deleted: [Folder] "H:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "H:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "H:\Documents and Settings\Garren\Application Data\adawaretb"
Successfully deleted: [Folder] "H:\Documents and Settings\Garren\Application Data\viewpoint"
Successfully deleted: [Folder] "H:\Documents and Settings\Garren\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "H:\Documents and Settings\Garren\Local Settings\Application Data\splashtop"
Successfully deleted: [Folder] "H:\Program Files\adawaretb"
Successfully deleted: [Folder] "H:\Program Files\splashtop"
Successfully deleted: [Folder] "H:\Program Files\viewpoint"

 

~~~ FireFox

Successfully deleted: [File] H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\user.js
Successfully deleted: [File] H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\extensions\fnuydczszm@fnuydczszm.org.xpi [Tracur]
Successfully deleted: [File] H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\extensions\ittrstketv@ittrstketv.org.xpi [Tracur]
Successfully deleted: [File] H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\extensions\qudobmxftg@qudobmxftg.org.xpi [Tracur]
Successfully deleted: [File] H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\extensions\twzamtrtvd@twzamtrtvd.org.xpi [Tracur]
Successfully deleted: [File] H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\searchplugins\conduit.xml
Successfully deleted the following from H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "Somoto V.1 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&SearchSource=2&CUI=UN37075177101858189&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3282812");
user_pref("browser.search.defaultthis.engineName", "Somoto V.1 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&CUI=UN37075177101858189&UM=2&SearchSource=3&q={searchTerms}");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&SearchSource=2&CUI=UN37075177101858189&UM=2&q=");
Emptied folder: H:\Documents and Settings\Garren\Application Data\mozilla\firefox\profiles\0yt21hag.default\minidumps [7 files]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/11/2013 at 10:27:54.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 11 December 2013 - 01:35 PM

As I stated in my original post, DDS will not work in either Normal or Safe mode.  It says Please Wait... and will just sit there hours on end.  I tried using all three DDS links to no avail.

 

There is no apparent change in my computer after following these steps, despite items being deleted by RougeKiller, so I await your further instructions.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 11 December 2013 - 02:04 PM

Try this one.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#6 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 11 December 2013 - 02:53 PM

ok, I installed a fresh copy of ComboFix and I'm letting it run now, but it's acting like it has in the past..... it first says I have "ESET NOD32 Antivirus 4.0" installed and running, which I know for a fact I don't, then after it starts scanning it says I'm infected with "Rootkit.ZeroAccess".

In the past, I've let ComboFix run for two days, but it just sits there with a blinking cursor after it says "infected machines may easily double."

So, I'll let it run for however long you want, but how long should I let it run for this time?

#7 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 December 2013 - 03:26 AM

Update: I let ComboFix run for over 12 hours, but it only stayed stuck on the screen that I previously described, without doing anything. I am now running ComboFix in Safe mode, but it is now stuck at that same spot and I can pretty much guaranteed it won't do anything no matter how long I let it sit.

In the case that ComboFix hasn't done anything further by the time you reply, what do you suggest for my next step?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 12 December 2013 - 09:15 AM

Stop the ComboFix process and try this one.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#9 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 December 2013 - 10:45 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013
Ran by Garren (administrator) on G on 12-12-2013 09:07:51
Running from H:\Documents and Settings\Garren\Desktop
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) H:\WINDOWS\system32\nvsvc32.exe
(Logitech Inc.) H:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Lavasoft) H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft Limited) H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) H:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) H:\Program Files\Internet Explorer\iexplore.exe
(Sun Microsystems, Inc.) H:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
(GFI Software) H:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) H:\WINDOWS\system32\MsPMSPSv.exe
(Symantec Corporation) H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
(Lavasoft Limited) H:\Program Files\Ad-Aware Antivirus\AdAware.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CTStartup] - H:\Program Files\Creative\Splash Screen\CTEaxSpl.exe [49152 2002-09-13] (Creative Technology Ltd.)
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - H:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [Ad-Aware Browsing Protection] - H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] - "H:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\!SASWinLogon: H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [NoPopUpsOnBoot] 1
HKCU\...\RunOnce: [CTStartup] - "H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play [49152 2002-09-13] (Creative Technology Ltd.)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\Administrator\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - H:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - H:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
Toolbar: HKLM - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
Toolbar: HKCU - &RoboForm - {724D43A0-0D85-11D4-9908-00400523E39A} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - H:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bw+0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw+0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw-0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw-0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw00 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw00s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw10 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw10s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw20 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw20s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw30 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw30s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw40 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw40s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw50 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw50s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw60 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw60s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw70 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw70s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw80 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw80s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw90 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw90s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwa0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwa0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwb0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwb0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwc0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwc0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwd0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwd0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwe0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwe0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwf0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwf0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwg0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwg0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwh0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwh0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwi0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwi0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwj0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwj0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwk0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwk0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwl0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwl0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwm0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwm0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwn0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwn0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwo0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwo0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwp0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwp0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwq0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwq0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwr0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwr0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bws0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bws0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwt0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwt0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwu0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwu0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwv0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwv0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bww0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bww0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwx0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwx0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwy0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwy0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwz0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwz0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - H:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - H:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: offline-8876480 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 H:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default
FF Plugin: @adobe.com/FlashPlayer - H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - H:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - H:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/JavaPlugin - H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - H:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - H:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @millisecond.com/npInquisit,version=3.0 - H:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin: @videolan.org/vlc,version=2.0.4 - H:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @viewpoint.com/VMP - H:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
FF Plugin: Adobe Reader - H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @millisecond.com/npInquisit,version=3.0 - H:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - H:\Documents and Settings\Garren\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - H:\Documents and Settings\Garren\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ActiveGS - H:\Program Files\ActiveGS\npActiveGS.dll (Free Tools Association)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - H:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Extension: Better GCal - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\bettergcal@ginatrapani.org
FF Extension: Lavasoft Search Plugin - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: . - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{511d7F73-c935-cf2d-ca36-541e7a751a36}
FF Extension: . - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{546c7A76-c932-cc33-cf2d-52617e770133}
FF Extension: Gmail Space - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
FF Extension: betterflickr - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\betterflickr@ginatrapani.org.xpi
FF Extension: bettergmail2 - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\bettergmail2@ginatrapani.org.xpi
FF Extension: bettergreader - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\bettergreader@ginatrapani.org.xpi
FF Extension: gmailthis - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\gmailthis@lazyrussian.com.xpi
FF Extension: rtmgmail - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\rtmgmail@rememberthemilk.com.xpi
FF Extension: texpertension - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\texpertension@texperts.com.xpi
FF Extension: aios - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{22119944-ED35-4ab1-910B-E619EA06A115}.xpi
FF Extension: No Name - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{35687ec3-1d00-11e3-8277-b8ac6f996f26}.xpi
FF Extension: gmanager - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: sage - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}.xpi
FF Extension: user - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}.xpi
FF Extension: greasemonkey - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: prefs.jsUT  - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: No Name - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - H:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - H:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - H:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{57319509-7821-41B0-9FDF-3B58F146AE33}] - h:\program files\copernic desktop search - home\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - h:\program files\copernic desktop search - home\firefoxconnector

========================== Services (Whitelisted) =================

S4 !SASCORE; H:\Program Files\SUPERAntiSpyware\SASCORE.EXE [113664 2013-11-20] (SUPERAntiSpyware.com)
R2 6to4; H:\Windows\System32\6to4svc.dll [100352 2007-11-30] (Microsoft Corporation)
R2 Ad-Aware Service; H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1782784 2013-11-20] (Lavasoft Limited)
S3 ccEvtMgr; H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [864256 2013-11-07] (Symantec Corporation)
S3 ccPwdSvc; H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [618496 2013-11-07] (Symantec Corporation)
S4 Creative Service for CDROM Access; H:\WINDOWS\system32\CTsvcCDA.exe [596992 2013-11-07] (Creative Technology Ltd)
R2 MySQL; H:\Program Files\MySQL\MySQL Server 5.0\my.ini [9248 2008-01-23] ()
S3 navapsvc; H:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [116336 2002-11-14] (Symantec Corporation)
S4 RemoteAccess; H:\Windows\system32\svchost.exe [567296 2013-12-04] (Microsoft Corporation)
R2 SBAMSvc; H:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [4200960 2013-11-20] (GFI Software)
S2 SBService; H:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe [54408 2001-08-13] (Symantec Corporation)
R2 SymWSC; H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [864256 2013-11-26] (Symantec Corporation)
R2 UMVPFSrv; H:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [974848 2013-12-01] (Logitech Inc.)
R2 WMDM PMSP Service; H:\WINDOWS\system32\MsPMSPSv.exe [610304 2013-11-27] (Microsoft Corporation)
R2 JavaQuickStarterService; "H:\Program Files\Java\jre6\bin\jqs.exe" -service -config "H:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
S2 PersFw; "H:\Program Files\Kerio\Personal Firewall\persfw.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 cbfs3; H:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 CCDECODE; H:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
S3 COMMONFX; H:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
R3 COMMONFX.SYS; H:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
S3 CTAUDFX; H:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
R3 CTAUDFX.SYS; H:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
S3 ctdvda2k; H:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX; H:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX.SYS; H:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
R3 ctgame; H:\Windows\System32\DRIVERS\ctgame.sys [18904 2010-03-18] (Creative Technology Ltd.)
S3 CTSBLFX; H:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 CTSBLFX.SYS; H:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
S3 dtscsi; H:\Windows\System32\Drivers\dtscsi.sys [223128 2009-04-20] (DT Soft Ltd.)
R2 ElbyCDIO; H:\Windows\System32\Drivers\ElbyCDIO.sys [9856 2004-07-28] (Elaborate Bytes AG)
R3 ElbyDelay; H:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-06-08] (Elaborate Bytes AG)
R0 gfibto; H:\Windows\System32\drivers\gfibto.sys [13560 2013-09-15] (GFI Software)
R3 ha10kx2k; H:\Windows\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
R3 hap16v2k; H:\Windows\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
S3 hap17v2k; H:\Windows\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
S3 HPZid412; H:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-03-21] (HP)
S3 HPZipr12; H:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-03-21] (HP)
S3 HPZius12; H:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-03-21] (HP)
S3 MBAMSwissArmy; H:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-12-11] (Malwarebytes Corporation)
S3 NAVENG; H:\Program Files\Common Files\Symantec Shared\VirusDefs\20080123.023\NAVENG.SYS [82256 2008-01-23] (Symantec Corporation)
S3 NAVEX15; H:\Program Files\Common Files\Symantec Shared\VirusDefs\20080123.023\NAVEX15.SYS [895312 2008-01-23] (Symantec Corporation)
S3 NdisIP; H:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
R2 PfModNT; H:\WINDOWS\system32\drivers\PfModNT.sys [15960 2010-03-18] (Creative Technology Ltd.)
S3 rtl8139; H:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2007-11-30] (Realtek Semiconductor Corporation)
R1 SASDIFSV; H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SAVRT; H:\WINDOWS\system32\Drivers\SAVRT.SYS [235744 2003-09-18] (Symantec Corporation)
R2 SAVRTPEL; H:\WINDOWS\system32\Drivers\SAVRTPEL.SYS [35552 2003-09-18] (Symantec Corporation)
S4 sptd; H:\Windows\System32\Drivers\sptd.sys [642560 2009-04-20] (Duplex Secure Ltd.)
S3 SymEvent; H:\Program Files\Symantec\SYMEVENT.SYS [73224 2002-09-13] (Symantec Corporation)
S3 SYMREDRV; H:\WINDOWS\system32\Drivers\SYMREDRV.SYS [15640 2002-08-15] (Symantec Corporation)
R2 SYMTDI; H:\WINDOWS\system32\Drivers\SYMTDI.SYS [181400 2002-08-15] (Symantec Corporation)
R1 Tcpip6; H:\Windows\System32\DRIVERS\tcpip6.sys [225664 2007-11-30] (Microsoft Corporation)
S4 xmasbus; H:\Windows\System32\DRIVERS\xmasbus.sys [140800 2003-12-21] ( )
R0 xmasscsi; H:\Windows\System32\Drivers\xmasscsi.sys [5248 2003-12-23] ( )
S3 catchme; \??\H:\DOCUME~1\Garren\LOCALS~1\Temp\catchme.sys [x]
S1 fwdrv; system32\Drivers\fwdrv.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
U5 P3; H:\Windows\System32\Drivers\P3.sys [42752 2007-12-29] (Microsoft Corporation)
S3 PCAMPR5; \??\H:\WINDOWS\system32\PCAMPR5.SYS [x]
U5 PCTCore; H:\Windows\System32\Drivers\PCTCore.sys [207792 2009-11-09] (PC Tools)
S2 rmqwvoqal; \??\H:\WINDOWS\system32\drivers\megapknsoizvbqk.sys [x]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-12 09:07 - 2013-12-12 09:08 - 00037223 _____ H:\Documents and Settings\Garren\Desktop\FRST.txt
2013-12-12 09:07 - 2013-12-12 09:07 - 00000000 ____D H:\FRST
2013-12-12 09:06 - 2013-12-12 09:07 - 01060373 _____ (Farbar) H:\Documents and Settings\Garren\Desktop\FRST.exe
2013-12-12 00:15 - 2013-12-12 00:25 - 00000000 ___SD H:\ComboFix
2013-12-11 11:13 - 2013-12-11 11:13 - 00688992 ____R (Swearware) H:\Documents and Settings\Garren\Desktop\dds.exe
2013-12-11 11:08 - 2013-12-11 11:11 - 00000000 ____D H:\Documents and Settings\Garren\Local Settings\Application Data\adawarebp
2013-12-11 10:27 - 2013-12-11 10:27 - 00005722 _____ H:\Documents and Settings\Garren\Desktop\JRT.txt
2013-12-11 10:18 - 2013-12-11 10:18 - 00000000 ____D H:\WINDOWS\ERUNT
2013-12-11 09:27 - 2013-12-11 09:30 - 00000000 ____D H:\AdwCleaner
2013-12-11 09:27 - 2013-12-11 09:27 - 00001508 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_S_12112013_092710.txt
2013-12-11 09:27 - 2013-12-11 09:27 - 00001374 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_D_12112013_092731.txt
2013-12-11 09:16 - 2013-12-11 09:16 - 00004309 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_D_12112013_091654.txt
2013-12-11 09:10 - 2013-12-11 09:10 - 00002848 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_S_12112013_091048.txt
2013-12-11 09:05 - 2013-12-11 09:23 - 00000000 ____D H:\Documents and Settings\Garren\Desktop\RK_Quarantine
2013-12-11 09:04 - 2013-12-11 09:04 - 01226802 _____ H:\Documents and Settings\Garren\Desktop\adwcleaner.exe
2013-12-11 09:04 - 2013-12-11 09:04 - 01034531 _____ (Thisisu) H:\Documents and Settings\Garren\Desktop\JRT.exe
2013-12-11 09:04 - 2013-12-11 09:04 - 00688992 ____R (Swearware) H:\Documents and Settings\Garren\Desktop\dds.scr
2013-12-11 09:03 - 2013-12-11 09:04 - 04133376 _____ H:\Documents and Settings\Garren\Desktop\RogueKiller.exe
2013-12-10 13:47 - 2013-12-11 04:11 - 00040776 _____ (Malwarebytes Corporation) H:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-12-07 18:36 - 2013-12-08 20:30 - 00000003 _____ H:\r30.nls
2013-12-07 01:17 - 2013-12-07 01:17 - 01402880 _____ H:\Documents and Settings\Garren\Desktop\HiJackThis.msi
2013-12-05 15:09 - 2013-12-07 01:22 - 00000000 ____D H:\Program Files\Recuva
2013-12-05 15:09 - 2013-12-05 15:09 - 00001512 _____ H:\Documents and Settings\All Users\Desktop\Recuva.lnk
2013-12-05 14:32 - 2013-12-05 14:32 - 03992416 _____ (Piriform Ltd) H:\Documents and Settings\Garren\Desktop\rcsetup149.exe
2013-12-05 14:23 - 2013-12-05 14:23 - 00000734 _____ H:\Documents and Settings\Garren\Desktop\DllTool.lnk
2013-12-05 14:23 - 2013-12-05 14:23 - 00000000 ____D H:\Documents and Settings\Garren\Start Menu\Programs\DllTool
2013-12-05 14:23 - 2013-12-05 14:23 - 00000000 ____D H:\Documents and Settings\Garren\Application Data\KSafe
2013-12-05 14:23 - 2013-12-05 14:23 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\KSafe
2013-12-05 14:22 - 2013-12-05 14:22 - 08254064 _____ (                                                            ) H:\Documents and Settings\Garren\Desktop\DllTool.exe
2013-12-05 14:22 - 2013-12-05 14:22 - 00000000 ____D H:\Program Files\DllTool
2013-12-05 00:02 - 2013-12-11 11:13 - 00688992 ____R (Swearware) H:\Documents and Settings\Garren\Desktop\dds.com
2013-12-04 20:20 - 2013-12-04 22:31 - 00000003 _____ H:\DDE30.nls
2013-12-02 16:19 - 2013-12-02 16:19 - 00000000 ____D H:\Documents and Settings\Garren\My Documents\Splashtop Whiteboard
2013-12-02 16:19 - 2013-12-02 16:19 - 00000000 ____D H:\Documents and Settings\Garren\My Documents\Splashtop Presenter
2013-12-02 00:47 - 2013-12-02 15:19 - 00000000 ____D H:\ComboFix(2)
2013-12-01 00:36 - 2013-12-01 00:36 - 00000000 ____D H:\TDSSKiller_Quarantine
2013-11-29 21:10 - 2013-11-29 21:10 - 00000003 _____ H:\s Driver Foundation - User-mode Driver Framework30.nls
2013-11-28 08:23 - 2013-12-01 18:05 - 00000003 _____ H:\H30.nls
2013-11-27 04:15 - 2013-11-27 22:36 - 00000003 _____ H:\top® FileFly Service30.nls
2013-11-27 03:27 - 2013-12-02 15:18 - 00000003 _____ H:\e30.nls
2013-11-25 16:24 - 2013-12-04 18:25 - 00000003 _____ H:\30.nls
2013-11-21 20:39 - 2013-11-22 13:07 - 00000003 _____ H:\ce30.nls
2013-11-20 18:52 - 2013-11-21 20:27 - 00000003 _____ H:\ewall30.nls

==================== One Month Modified Files and Folders =======

2013-12-12 09:08 - 2013-12-12 09:07 - 00037223 _____ H:\Documents and Settings\Garren\Desktop\FRST.txt
2013-12-12 09:07 - 2013-12-12 09:07 - 00000000 ____D H:\FRST
2013-12-12 09:07 - 2013-12-12 09:06 - 01060373 _____ (Farbar) H:\Documents and Settings\Garren\Desktop\FRST.exe
2013-12-12 09:06 - 2008-12-25 14:06 - 00000414 _____ H:\WINDOWS\Tasks\Symantec NetDetect.job
2013-12-12 09:04 - 2013-09-15 02:08 - 00001615 _____ H:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2013-12-12 09:03 - 2012-03-29 21:08 - 00000157 _____ H:\WINDOWS\wiadebug.log
2013-12-12 09:03 - 2012-03-29 21:08 - 00000050 _____ H:\WINDOWS\wiaservc.log
2013-12-12 09:02 - 2008-01-23 10:01 - 00000006 ____H H:\WINDOWS\Tasks\SA.DAT
2013-12-12 00:25 - 2013-12-12 00:15 - 00000000 ___SD H:\ComboFix
2013-12-11 13:43 - 2012-03-29 21:07 - 00032476 _____ H:\WINDOWS\SchedLgU.Txt
2013-12-11 13:41 - 2012-12-26 15:56 - 00000000 ____D H:\Documents and Settings\Garren\Application Data\Ad-Aware Antivirus
2013-12-11 13:37 - 2013-09-03 14:12 - 00000830 _____ H:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-11 13:33 - 2013-05-12 02:57 - 00064042 _____ H:\WINDOWS\WindowsUpdate.log
2013-12-11 13:32 - 2013-05-14 12:10 - 05153140 ____R (Swearware) H:\Documents and Settings\Garren\Desktop\ComboFix.exe
2013-12-11 13:11 - 2010-09-03 11:46 - 00000982 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1547161642-1177238915-1003UA.job
2013-12-11 11:13 - 2013-12-11 11:13 - 00688992 ____R (Swearware) H:\Documents and Settings\Garren\Desktop\dds.exe
2013-12-11 11:13 - 2013-12-05 00:02 - 00688992 ____R (Swearware) H:\Documents and Settings\Garren\Desktop\dds.com
2013-12-11 11:11 - 2013-12-11 11:08 - 00000000 ____D H:\Documents and Settings\Garren\Local Settings\Application Data\adawarebp
2013-12-11 10:27 - 2013-12-11 10:27 - 00005722 _____ H:\Documents and Settings\Garren\Desktop\JRT.txt
2013-12-11 10:18 - 2013-12-11 10:18 - 00000000 ____D H:\WINDOWS\ERUNT
2013-12-11 09:30 - 2013-12-11 09:27 - 00000000 ____D H:\AdwCleaner
2013-12-11 09:27 - 2013-12-11 09:27 - 00001508 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_S_12112013_092710.txt
2013-12-11 09:27 - 2013-12-11 09:27 - 00001374 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_D_12112013_092731.txt
2013-12-11 09:23 - 2013-12-11 09:05 - 00000000 ____D H:\Documents and Settings\Garren\Desktop\RK_Quarantine
2013-12-11 09:17 - 2013-11-07 19:22 - 00119517 _____ H:\Documents and Settings\Garren\Local Settings\Application Data\dfl30z32.dll
2013-12-11 09:16 - 2013-12-11 09:16 - 00004309 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_D_12112013_091654.txt
2013-12-11 09:10 - 2013-12-11 09:10 - 00002848 _____ H:\Documents and Settings\Garren\Desktop\RKreport[0]_S_12112013_091048.txt
2013-12-11 09:05 - 2013-11-07 19:24 - 00000003 _____ H:\Documents and Settings\Garren\Local Settings\Application Data\debaihec30.nls
2013-12-11 09:04 - 2013-12-11 09:04 - 01226802 _____ H:\Documents and Settings\Garren\Desktop\adwcleaner.exe
2013-12-11 09:04 - 2013-12-11 09:04 - 01034531 _____ (Thisisu) H:\Documents and Settings\Garren\Desktop\JRT.exe
2013-12-11 09:04 - 2013-12-11 09:04 - 00688992 ____R (Swearware) H:\Documents and Settings\Garren\Desktop\dds.scr
2013-12-11 09:04 - 2013-12-11 09:03 - 04133376 _____ H:\Documents and Settings\Garren\Desktop\RogueKiller.exe
2013-12-11 04:11 - 2013-12-10 13:47 - 00040776 _____ (Malwarebytes Corporation) H:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-12-11 00:37 - 2012-10-12 02:22 - 00692616 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 00:37 - 2011-07-08 19:48 - 00071048 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 23:05 - 2012-03-29 19:28 - 00000000 ____D H:\Program Files\SUPERAntiSpyware
2013-12-10 22:46 - 2008-01-23 10:02 - 00000278 ___SH H:\Documents and Settings\Garren\ntuser.ini
2013-12-10 17:11 - 2010-09-03 11:46 - 00000930 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1547161642-1177238915-1003Core.job
2013-12-10 14:55 - 2004-08-04 05:00 - 00000812 _____ H:\WINDOWS\win.ini
2013-12-10 14:55 - 2004-08-04 05:00 - 00000227 _____ H:\WINDOWS\system.ini
2013-12-10 13:55 - 2004-08-04 05:00 - 00002206 _____ H:\WINDOWS\system32\wpa.dbl
2013-12-10 13:23 - 2008-01-23 13:19 - 00000000 ____D H:\Documents and Settings\Garren\Application Data\Skype
2013-12-08 20:30 - 2013-12-07 18:36 - 00000003 _____ H:\r30.nls
2013-12-08 08:00 - 2012-12-26 16:28 - 00000946 _____ H:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-12-07 01:22 - 2013-12-05 15:09 - 00000000 ____D H:\Program Files\Recuva
2013-12-07 01:18 - 2013-05-16 12:28 - 00002789 _____ H:\Documents and Settings\Garren\Desktop\HiJackThis.lnk
2013-12-07 01:18 - 2013-05-16 12:28 - 00000000 ____D H:\Documents and Settings\Garren\Start Menu\Programs\HiJackThis
2013-12-07 01:17 - 2013-12-07 01:17 - 01402880 _____ H:\Documents and Settings\Garren\Desktop\HiJackThis.msi
2013-12-07 01:10 - 2009-04-13 13:33 - 00000049 _____ H:\WINDOWS\NeroDigital.ini
2013-12-06 00:25 - 2012-05-20 23:54 - 00120320 _____ H:\Documents and Settings\Garren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-05 15:09 - 2013-12-05 15:09 - 00001512 _____ H:\Documents and Settings\All Users\Desktop\Recuva.lnk
2013-12-05 14:52 - 2013-11-07 19:34 - 00001520 _____ H:\Documents and Settings\All Users\Application Data\i30debaihec.dat
2013-12-05 14:32 - 2013-12-05 14:32 - 03992416 _____ (Piriform Ltd) H:\Documents and Settings\Garren\Desktop\rcsetup149.exe
2013-12-05 14:23 - 2013-12-05 14:23 - 00000734 _____ H:\Documents and Settings\Garren\Desktop\DllTool.lnk
2013-12-05 14:23 - 2013-12-05 14:23 - 00000000 ____D H:\Documents and Settings\Garren\Start Menu\Programs\DllTool
2013-12-05 14:23 - 2013-12-05 14:23 - 00000000 ____D H:\Documents and Settings\Garren\Application Data\KSafe
2013-12-05 14:23 - 2013-12-05 14:23 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\KSafe
2013-12-05 14:22 - 2013-12-05 14:22 - 08254064 _____ (                                                            ) H:\Documents and Settings\Garren\Desktop\DllTool.exe
2013-12-05 14:22 - 2013-12-05 14:22 - 00000000 ____D H:\Program Files\DllTool
2013-12-04 23:45 - 2008-01-23 09:56 - 00000000 __SHD H:\Documents and Settings\All Users\DRM
2013-12-04 22:31 - 2013-12-04 20:20 - 00000003 _____ H:\DDE30.nls
2013-12-04 18:27 - 2007-11-30 17:26 - 00567296 _____ (Microsoft Corporation) H:\WINDOWS\system32\svchost.exe
2013-12-04 18:25 - 2013-11-25 16:24 - 00000003 _____ H:\30.nls
2013-12-02 16:25 - 2008-01-23 10:08 - 00000000 ___HD H:\Program Files\InstallShield Installation Information
2013-12-02 16:19 - 2013-12-02 16:19 - 00000000 ____D H:\Documents and Settings\Garren\My Documents\Splashtop Whiteboard
2013-12-02 16:19 - 2013-12-02 16:19 - 00000000 ____D H:\Documents and Settings\Garren\My Documents\Splashtop Presenter
2013-12-02 15:40 - 2013-04-26 22:37 - 00000000 ____D H:\Documents and Settings\All Users\FileFly
2013-12-02 15:40 - 2013-03-06 02:12 - 00714808 _____ H:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-02 15:21 - 2008-11-25 01:05 - 00000000 ____D H:\Documents and Settings\Administrator
2013-12-02 15:21 - 2008-01-23 10:01 - 00000000 __SHD H:\Documents and Settings\NetworkService
2013-12-02 15:21 - 2008-01-23 10:01 - 00000000 __SHD H:\Documents and Settings\LocalService
2013-12-02 15:20 - 2008-01-23 09:53 - 00000000 ____D H:\WINDOWS\Registration
2013-12-02 15:19 - 2013-12-02 00:47 - 00000000 ____D H:\ComboFix(2)
2013-12-02 15:18 - 2013-11-27 03:27 - 00000003 _____ H:\e30.nls
2013-12-01 18:05 - 2013-11-28 08:23 - 00000003 _____ H:\H30.nls
2013-12-01 16:23 - 2012-01-12 12:14 - 00000000 __SHD H:\WINDOWS\CSC
2013-12-01 00:36 - 2013-12-01 00:36 - 00000000 ____D H:\TDSSKiller_Quarantine
2013-12-01 00:28 - 2011-01-07 19:56 - 00702976 _____ (NVIDIA Corporation) H:\WINDOWS\system32\nvsvc32.exe
2013-12-01 00:28 - 2007-11-30 17:26 - 00610816 _____ (Microsoft Corporation) H:\WINDOWS\system32\spoolsv.exe
2013-12-01 00:07 - 2012-04-05 03:10 - 00000000 ____D H:\Documents and Settings\Garren\Application Data\Simple Adblock
2013-11-29 21:18 - 2009-05-31 00:05 - 00000000 ____D H:\Qoobox
2013-11-29 21:10 - 2013-11-29 21:10 - 00000003 _____ H:\s Driver Foundation - User-mode Driver Framework30.nls
2013-11-28 00:09 - 2007-11-30 17:26 - 01586688 _____ (Microsoft Corporation) H:\WINDOWS\explorer.exe
2013-11-27 22:41 - 2000-06-26 07:44 - 00610304 _____ (Microsoft Corporation) H:\WINDOWS\system32\MsPMSPSv.exe
2013-11-27 22:36 - 2013-11-27 04:15 - 00000003 _____ H:\top® FileFly Service30.nls
2013-11-25 16:12 - 2012-05-02 02:17 - 00000000 ____D H:\Program Files\Bonjour
2013-11-22 13:07 - 2013-11-21 20:39 - 00000003 _____ H:\ce30.nls
2013-11-21 20:27 - 2013-11-20 18:52 - 00000003 _____ H:\ewall30.nls
2013-11-20 18:40 - 2012-12-26 16:08 - 00000000 ____D H:\Program Files\Ad-Aware Antivirus
2013-11-17 18:03 - 2008-01-23 10:43 - 00000000 ____D H:\Documents and Settings\Garren\Application Data\Adobe

Files to move or delete:
====================
H:\Documents and Settings\Garren\JFK Reloaded v1.0.1 patch.exe
H:\Documents and Settings\Garren\renderJob0.bat
H:\Documents and Settings\Garren\server_nogui.bat
H:\Documents and Settings\Garren\settings.dat

Some content of TEMP:
====================
H:\Documents and Settings\Garren\Local Settings\temp\1365656061.exe
H:\Documents and Settings\Garren\Local Settings\temp\1365883788.exe
H:\Documents and Settings\Garren\Local Settings\temp\2SKKKKKKK.exe
H:\Documents and Settings\Garren\Local Settings\temp\36a4b250-ecf6-4909-99ba-d3a3777ab934.exe
H:\Documents and Settings\Garren\Local Settings\temp\8D.exe
H:\Documents and Settings\Garren\Local Settings\temp\8F.exe
H:\Documents and Settings\Garren\Local Settings\temp\928abfe1-8eed-4a06-9b83-2313c0d26e46.exe
H:\Documents and Settings\Garren\Local Settings\temp\nscB.exe
H:\Documents and Settings\Garren\Local Settings\temp\ntdll_dump.dll
H:\Documents and Settings\Garren\Local Settings\temp\SkypeSetup.exe
H:\Documents and Settings\Garren\Local Settings\temp\{7D97B34F-BA40-46E8-A52E-4133DC9BE955}.exe

==================== Bamital & volsnap Check =================

H:\Windows\explorer.exe
[2007-11-30 17:26] - [2013-11-28 00:09] - 1586688 ____A (Microsoft Corporation) 7ad7d0298251b555e292696b53f95d60

H:\Windows\System32\winlogon.exe
[2007-11-30 17:26] - [2007-11-30 17:26] - 0507904 ____N (Microsoft Corporation) 45ffe966290b9c4ba659325561de4830

H:\Windows\System32\svchost.exe
[2007-11-30 17:26] - [2013-12-04 18:27] - 0567296 ____A (Microsoft Corporation) c7fff882361a70c0b62b5db089afc441

H:\Windows\System32\services.exe
[2007-11-30 17:26] - [2007-11-30 17:26] - 0108544 ____A (Microsoft Corporation) 76727219614a50b2db29bd0cda4260d5

H:\Windows\System32\User32.dll
[2007-11-30 17:26] - [2007-11-30 17:26] - 0578560 ____N (Microsoft Corporation) 6c74c62ecdc3981a7f1f8f1656b27871

H:\Windows\System32\userinit.exe
[2007-11-30 17:26] - [2007-11-30 17:26] - 0026112 ____N (Microsoft Corporation) 813b2e9c4caea05fba51a442fab7a95d

H:\Windows\System32\Drivers\volsnap.sys
[2007-11-30 10:25] - [2007-11-30 10:25] - 0052352 ____A (Microsoft Corporation) 2abf037f9d447424b58d73706b55b762

==================== End Of Log ============================

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 12 December 2013 - 11:58 AM

First please reset your Winsock.

Go to this Microsoft page.
http://support.microsoft.com/kb/299357

Use the Fix It button option.
Restart the computer normally.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Policies\Explorer: []
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: bw+0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw+0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw-0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw-0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw00 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw00s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw10s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw20 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw20s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw30 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw30s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw40 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw40s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw50 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw50s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw60 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw60s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw70 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw70s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw80 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw80s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw90 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw90s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwa0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwa0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwb0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwb0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwc0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwc0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwd0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwd0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwe0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwe0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwf0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwf0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwg0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwg0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwh0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwh0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwi0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwi0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwj0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwj0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwk0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwk0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwl0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwl0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwm0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwm0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwn0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwn0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwo0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwo0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwp0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwp0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwq0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwr0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwr0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bws0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bws0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwt0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwt0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwu0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwu0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwv0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwv0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bww0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bww0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwx0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwx0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwy0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwy0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwz0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwz0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: offline-8876480 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @viewpoint.com/VMP - H:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
FF Extension: Lavasoft Search Plugin - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: . - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{511d7F73-c935-cf2d-ca36-541e7a751a36}
FF Extension: . - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{546c7A76-c932-cc33-cf2d-52617e770133}
S3 catchme; \??\H:\DOCUME~1\Garren\LOCALS~1\Temp\catchme.sys [x]
S2 rmqwvoqal; \??\H:\WINDOWS\system32\drivers\megapknsoizvbqk.sys [x][/B]
H:\Documents and Settings\Garren\Local Settings\temp\1365656061.exe
H:\Documents and Settings\Garren\Local Settings\temp\1365883788.exe
H:\Documents and Settings\Garren\Local Settings\temp\2SKKKKKKK.exe
H:\Documents and Settings\Garren\Local Settings\temp\36a4b250-ecf6-4909-99ba-d3a3777ab934.exe
H:\Documents and Settings\Garren\Local Settings\temp\8D.exe
H:\Documents and Settings\Garren\Local Settings\temp\8F.exe
H:\Documents and Settings\Garren\Local Settings\temp\928abfe1-8eed-4a06-9b83-2313c0d26e46.exe
H:\Documents and Settings\Garren\Local Settings\temp\nscB.exe
H:\Documents and Settings\Garren\Local Settings\temp\ntdll_dump.dll
H:\Documents and Settings\Garren\Local Settings\temp\SkypeSetup.exe
H:\Documents and Settings\Garren\Local Settings\temp\{7D97B34F-BA40-46E8-A52E-4133DC9BE955}.exe

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists.

#11 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 December 2013 - 12:36 PM

I ran the Fix It wizard and FRST with no problems.  However, explorer.exe continues to use an abnormally large amount of RAM and CPU usage - it infact tied up my computer so much that I had to end the process via Task Manager and then start it again.  I would also assume that the problems that caused DSS and ComboFix to not run are still present, but I have not comfirmed that.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-12-2013
Ran by Garren at 2013-12-12 11:29:10 Run:1
Running from H:\Documents and Settings\Garren\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

HKLM\...\Policies\Explorer: []
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: bw+0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw+0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw-0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw-0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw00 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw00s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw10s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw20 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw20s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw30 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw30s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw40 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw40s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw50 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw50s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw60 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw60s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw70 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw70s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw80 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw80s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw90 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bw90s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwa0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwa0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwb0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwb0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwc0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwc0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwd0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwd0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwe0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwe0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwf0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwf0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwg0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwg0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwh0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwh0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwi0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwi0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwj0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwj0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwk0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwk0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwl0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwl0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwm0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwm0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwn0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwn0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwo0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwo0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwp0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwp0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwq0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwr0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwr0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bws0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bws0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwt0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwt0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwu0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwu0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwv0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwv0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bww0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bww0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwx0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwx0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwy0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwy0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwz0 - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: bwz0s - {a2795d17-8003-4c5a-b95b-0bab55cf44da} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
Handler: offline-8876480 - {A2795D17-8003-4C5A-B95B-0BAB55CF44DA} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @viewpoint.com/VMP - H:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
FF Extension: Lavasoft Search Plugin - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: . - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{511d7F73-c935-cf2d-ca36-541e7a751a36}
FF Extension: . - H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{546c7A76-c932-cc33-cf2d-52617e770133}
S3 catchme; \??\H:\DOCUME~1\Garren\LOCALS~1\Temp\catchme.sys [x]
S2 rmqwvoqal; \??\H:\WINDOWS\system32\drivers\megapknsoizvbqk.sys [x][/B]
H:\Documents and Settings\Garren\Local Settings\temp\1365656061.exe
H:\Documents and Settings\Garren\Local Settings\temp\1365883788.exe
H:\Documents and Settings\Garren\Local Settings\temp\2SKKKKKKK.exe
H:\Documents and Settings\Garren\Local Settings\temp\36a4b250-ecf6-4909-99ba-d3a3777ab934.exe
H:\Documents and Settings\Garren\Local Settings\temp\8D.exe
H:\Documents and Settings\Garren\Local Settings\temp\8F.exe
H:\Documents and Settings\Garren\Local Settings\temp\928abfe1-8eed-4a06-9b83-2313c0d26e46.exe
H:\Documents and Settings\Garren\Local Settings\temp\nscB.exe
H:\Documents and Settings\Garren\Local Settings\temp\ntdll_dump.dll
H:\Documents and Settings\Garren\Local Settings\temp\SkypeSetup.exe
H:\Documents and Settings\Garren\Local Settings\temp\{7D97B34F-BA40-46E8-A52E-4133DC9BE955}.exe

end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\bw+0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\bw+0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw-0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw-0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw00 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw00s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw10s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw20 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw20s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw30 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw30s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw40 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw40s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw50 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw50s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw60 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw60s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw70 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw70s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw80 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw80s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw90 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bw90s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwa0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwa0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwb0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwb0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwc0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwc0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwd0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwd0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwe0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwe0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwf0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwf0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwfile-8876480 => Key deleted successfully.
HKCR\CLSID\{9462A756-7B47-47BC-8C80-C34B9B80B32B} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\bwg0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwg0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwh0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwh0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwi0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwi0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwj0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwj0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwk0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwk0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwl0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwl0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwm0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwm0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwn0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwn0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwo0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwo0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwp0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwp0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwq0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwr0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwr0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bws0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bws0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwt0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwt0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwu0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwu0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwv0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwv0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bww0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bww0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwx0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwx0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwy0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwy0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwz0 => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\bwz0s => Key deleted successfully.
HKCR\CLSID\{a2795d17-8003-4c5a-b95b-0bab55cf44da} => Key not found.
HKCR\PROTOCOLS\Handler\offline-8876480 => Key deleted successfully.
HKCR\CLSID\{A2795D17-8003-4C5A-B95B-0BAB55CF44DA} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @viewpoint.com/VMP - H:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File => Key not found.
FF Plugin: @viewpoint.com/VMP - H:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File not found.
H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack => Moved successfully.
H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{511d7F73-c935-cf2d-ca36-541e7a751a36} => Moved successfully.
H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\Extensions\{546c7A76-c932-cc33-cf2d-52617e770133} => Moved successfully.
catchme => Service deleted successfully.
rmqwvoqal => Service deleted successfully.
H:\Documents and Settings\Garren\Local Settings\temp\1365656061.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\1365883788.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\2SKKKKKKK.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\36a4b250-ecf6-4909-99ba-d3a3777ab934.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\8D.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\8F.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\928abfe1-8eed-4a06-9b83-2313c0d26e46.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\nscB.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\ntdll_dump.dll => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\SkypeSetup.exe => Moved successfully.
H:\Documents and Settings\Garren\Local Settings\temp\{7D97B34F-BA40-46E8-A52E-4133DC9BE955}.exe => Moved successfully.

==== End of Fixlog ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 12 December 2013 - 01:43 PM

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.

#13 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 December 2013 - 04:00 PM

Ran OTL, the logs are below.  I now notice that everytime I have to open Internet Explorer is when my explorer.exe starts using all of my CPU and forces me to restart it (although this isn't the only time explorer.exe acts like this, but it is consistently a specific time it does)....   so for whatever that's worth, don't know if it mean anything.

 

 

 

OTL log:

 

OTL logfile created on: 12/12/2013 2:04:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\Documents and Settings\Garren\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.90% Memory free
5.85 Gb Paging File | 5.39 Gb Available in Paging File | 92.03% Paging File free
Paging file location(s): H:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 149.04 Gb Total Space | 20.35 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
 
Computer Name: G | User Name: Garren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/12 13:56:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Garren\Desktop\OTL.exe
PRC - [2013/12/01 00:28:59 | 000,974,848 | ---- | M] (Logitech Inc.) -- H:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2013/11/28 00:09:02 | 001,586,688 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2013/11/26 15:57:21 | 000,864,256 | ---- | M] (Symantec Corporation) -- H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2013/11/20 18:40:23 | 004,200,960 | ---- | M] (GFI Software) -- H:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2013/11/20 18:39:22 | 001,782,784 | ---- | M] (Lavasoft Limited) -- H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/07/15 15:09:24 | 000,554,384 | ---- | M] (Lavasoft) -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/06/13 01:27:36 | 018,834,784 | ---- | M] (Lavasoft Limited) -- H:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2007/05/04 10:00:12 | 005,701,632 | ---- | M] () -- H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/01 14:16:26 | 000,178,464 | ---- | M] () -- H:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2013/10/01 14:16:25 | 000,190,752 | ---- | M] () -- H:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/11/04 08:51:42 | 002,502,248 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2008/05/20 03:18:10 | 000,094,720 | ---- | M] () -- H:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2007/05/04 10:00:12 | 005,701,632 | ---- | M] () -- H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
MOD - [2002/11/14 19:32:34 | 000,063,168 | ---- | M] () -- H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVERROR.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- H:\Program Files\Kerio\Personal Firewall\persfw.exe -- (PersFw)
SRV - [2013/12/11 01:53:34 | 000,803,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/01 00:28:59 | 000,974,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- H:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2013/11/26 15:57:21 | 000,864,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2013/11/20 18:40:23 | 004,200,960 | ---- | M] (GFI Software) [Auto | Running] -- H:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2013/11/20 18:39:22 | 001,782,784 | ---- | M] (Lavasoft Limited) [Auto | Running] -- H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/11/20 18:38:53 | 000,113,664 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- H:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/11/07 18:54:14 | 000,618,496 | ---- | M] (HP) [On_Demand | Stopped] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2013/11/07 18:54:11 | 000,663,040 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/07 18:54:04 | 001,207,808 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/11/07 18:54:02 | 000,839,680 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- H:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2013/11/07 18:53:43 | 000,864,256 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2013/11/07 18:53:43 | 000,618,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2013/06/21 09:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- H:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2007/05/04 10:00:12 | 005,701,632 | ---- | M] () [Auto | Running] -- H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2002/11/14 19:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE -- (navapsvc)
SRV - [2001/08/13 23:18:36 | 000,054,408 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- H:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- H:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- system32\Drivers\fwdrv.sys -- (fwdrv)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/12/11 04:11:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/09/15 02:01:55 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/31 23:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/03/31 23:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/03/18 19:50:20 | 000,015,960 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2010/03/18 19:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 19:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 19:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 19:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 19:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 19:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 19:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 19:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 19:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 19:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 19:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/04/20 15:37:39 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/04/20 15:35:17 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- H:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/03/25 14:29:52 | 000,130,432 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/23 03:00:00 | 000,895,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\VirusDefs\20080123.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/01/23 03:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\VirusDefs\20080123.023\NAVENG.SYS -- (NAVENG)
DRV - [2007/11/30 10:54:46 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/11/30 09:16:46 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2007/08/06 18:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/01/20 18:03:24 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/01/20 18:02:50 | 000,055,552 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/06/08 16:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2003/12/23 01:15:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\xmasscsi.sys -- (xmasscsi)
DRV - [2003/12/21 16:24:22 | 000,140,800 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- H:\WINDOWS\system32\drivers\xmasbus.sys -- (xmasbus)
DRV - [2003/09/18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003/09/18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)
DRV - [2002/09/13 08:43:34 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/08/15 17:45:42 | 000,181,400 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2002/08/15 17:45:36 | 000,015,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\SearchScopes,DefaultScope = {42003372-45FB-452F-BE57-0AA54F4B8B0E}
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\SearchScopes\{42003372-45FB-452F-BE57-0AA54F4B8B0E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: H:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: H:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: H:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: H:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: H:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: H:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: H:\Documents and Settings\Garren\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: H:\Documents and Settings\Garren\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ActiveGS: H:\Program Files\ActiveGS\npActiveGS.dll (Free Tools Association)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: H:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2013/08/29 00:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2013/10/13 17:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: H:\Program Files\Mozilla Thunderbird\components [2012/05/02 02:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: H:\Program Files\Mozilla Thunderbird\plugins [2013/10/13 17:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: H:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57319509-7821-41B0-9FDF-3B58F146AE33}: h:\program files\copernic desktop search - home\firefoxconnector [2013/05/14 01:59:30 | 000,000,000 | ---D | M]
 
[2008/07/08 17:26:19 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Extensions
[2013/12/12 11:29:14 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions
[2009/07/17 22:33:37 | 000,000,000 | ---D | M] ("Gmail Space") -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2008/07/09 19:27:37 | 000,000,000 | ---D | M] ("Better GCal") -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\bettergcal@ginatrapani.org
[2011/05/20 00:57:42 | 000,043,132 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\betterflickr@ginatrapani.org.xpi
[2011/05/20 00:57:42 | 000,276,952 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\bettergmail2@ginatrapani.org.xpi
[2011/05/20 00:57:42 | 000,071,383 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\bettergreader@ginatrapani.org.xpi
[2011/05/20 00:57:42 | 000,052,154 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\gmailthis@lazyrussian.com.xpi
[2012/12/18 23:53:00 | 000,012,881 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\rtmgmail@rememberthemilk.com.xpi
[2011/05/20 00:57:43 | 000,002,645 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\texpertension@texperts.com.xpi
[2013/09/04 10:24:23 | 000,475,365 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2011/05/20 00:57:54 | 000,169,583 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}.xpi
[2013/10/27 21:02:50 | 000,004,231 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{35687ec3-1d00-11e3-8277-b8ac6f996f26}.xpi
[2011/05/20 00:57:55 | 000,242,709 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/09/03 14:14:39 | 000,188,418 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}.xpi
[2012/04/19 22:06:34 | 000,850,063 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}.xpi
[2013/10/03 21:50:20 | 000,282,570 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/10/04 21:51:08 | 000,044,991 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2013/08/29 00:25:59 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2013/08/29 00:27:02 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/29 00:27:02 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/29 00:26:16 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\updated(2)\extensions(2)
[2013/08/29 00:26:16 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\updated(2)\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\{511D7F73-C935-CF2D-CA36-541E7A751A36}
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\{546C7A76-C932-CC33-CF2D-52617E770133}
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\QUDOBMXFTG@QUDOBMXFTG.ORG.XPI
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\TWZAMTRTVD@TWZAMTRTVD.ORG.XPI
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- H:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/12/07 18:50:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2013/05/14 17:43:02 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - H:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [Ad-Aware Antivirus] H:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\.DEFAULT..\Run: [RoboForm] H:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] H:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2335C6C5-F0DF-415D-AF50-F3D3C7986EB4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bw10 - No CLSID value found
O18 - Protocol\Handler\bwq0s - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - H:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - H:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/12 13:56:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Garren\Desktop\OTL.exe
[2013/12/12 09:07:29 | 000,000,000 | ---D | C] -- H:\FRST
[2013/12/12 09:06:59 | 001,060,373 | ---- | C] (Farbar) -- H:\Documents and Settings\Garren\Desktop\FRST.exe
[2013/12/12 00:15:51 | 000,000,000 | --SD | C] -- H:\ComboFix
[2013/12/11 11:13:19 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.exe
[2013/12/11 11:08:43 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Local Settings\Application Data\adawarebp
[2013/12/11 10:18:39 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERUNT
[2013/12/11 09:27:44 | 000,000,000 | ---D | C] -- H:\AdwCleaner
[2013/12/11 09:05:53 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Desktop\RK_Quarantine
[2013/12/11 09:04:50 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.scr
[2013/12/11 09:04:20 | 001,034,531 | ---- | C] (Thisisu) -- H:\Documents and Settings\Garren\Desktop\JRT.exe
[2013/12/10 13:47:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/12/05 15:09:35 | 000,000,000 | ---D | C] -- H:\Program Files\Recuva
[2013/12/05 14:32:03 | 003,992,416 | ---- | C] (Piriform Ltd) -- H:\Documents and Settings\Garren\Desktop\rcsetup149.exe
[2013/12/05 14:23:08 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Application Data\KSafe
[2013/12/05 14:23:07 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\KSafe
[2013/12/05 14:23:04 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Start Menu\Programs\DllTool
[2013/12/05 14:22:57 | 000,000,000 | ---D | C] -- H:\Program Files\DllTool
[2013/12/05 00:02:38 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.com
[2013/12/02 16:19:49 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\My Documents\Splashtop Whiteboard
[2013/12/02 16:19:49 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\My Documents\Splashtop Presenter
[2013/12/02 00:47:16 | 000,000,000 | ---D | C] -- H:\ComboFix(2)
[2013/12/01 00:36:26 | 000,000,000 | ---D | C] -- H:\TDSSKiller_Quarantine
[2009/10/14 07:01:18 | 000,024,576 | ---- | C] (Stirling) -- H:\Program Files\_ISREG32.DLL
[1 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/12 14:11:00 | 000,000,982 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1547161642-1177238915-1003UA.job
[2013/12/12 14:11:00 | 000,000,414 | ---- | M] () -- H:\WINDOWS\tasks\Symantec NetDetect.job
[2013/12/12 13:56:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Garren\Desktop\OTL.exe
[2013/12/12 13:37:01 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/12 11:28:21 | 000,001,615 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/12/12 11:25:30 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2013/12/12 11:24:47 | 000,031,056 | ---- | M] () -- H:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/12 11:24:47 | 000,031,056 | ---- | M] () -- H:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/12 11:24:47 | 000,030,528 | ---- | M] () -- H:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/12 11:24:47 | 000,030,528 | ---- | M] () -- H:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/12 11:24:47 | 000,011,564 | ---- | M] () -- H:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/12 11:17:58 | 000,521,896 | ---- | M] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\dfl30z32.dll
[2013/12/12 09:07:00 | 001,060,373 | ---- | M] (Farbar) -- H:\Documents and Settings\Garren\Desktop\FRST.exe
[2013/12/11 13:32:49 | 005,153,140 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\ComboFix.exe
[2013/12/11 11:13:49 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.com
[2013/12/11 11:13:20 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.exe
[2013/12/11 09:04:51 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.scr
[2013/12/11 09:04:38 | 004,133,376 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\RogueKiller.exe
[2013/12/11 09:04:21 | 001,034,531 | ---- | M] (Thisisu) -- H:\Documents and Settings\Garren\Desktop\JRT.exe
[2013/12/11 09:04:12 | 001,226,802 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\adwcleaner.exe
[2013/12/11 04:11:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/12/11 00:37:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 00:37:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/10 17:11:00 | 000,000,930 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1547161642-1177238915-1003Core.job
[2013/12/10 13:55:32 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2013/12/08 08:00:00 | 000,000,946 | ---- | M] () -- H:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/12/07 01:18:38 | 000,002,789 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\HiJackThis.lnk
[2013/12/07 01:17:59 | 001,402,880 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\HiJackThis.msi
[2013/12/07 01:10:50 | 000,000,049 | ---- | M] () -- H:\WINDOWS\NeroDigital.ini
[2013/12/06 00:25:47 | 000,120,320 | ---- | M] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/05 15:09:36 | 000,001,512 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2013/12/05 14:52:21 | 000,001,520 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\i30debaihec.dat
[2013/12/05 14:32:07 | 003,992,416 | ---- | M] (Piriform Ltd) -- H:\Documents and Settings\Garren\Desktop\rcsetup149.exe
[2013/12/05 14:23:03 | 000,000,734 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\DllTool.lnk
[2013/12/05 14:22:07 | 008,254,064 | ---- | M] (                                                            ) -- H:\Documents and Settings\Garren\Desktop\DllTool.exe
[2013/11/28 00:09:02 | 001,586,688 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
[1 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/11 09:04:09 | 001,226,802 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\adwcleaner.exe
[2013/12/11 09:03:41 | 004,133,376 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\RogueKiller.exe
[2013/12/07 01:17:55 | 001,402,880 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\HiJackThis.msi
[2013/12/05 15:09:36 | 000,001,512 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2013/12/05 14:23:03 | 000,000,734 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\DllTool.lnk
[2013/12/05 14:22:00 | 008,254,064 | ---- | C] (                                                            ) -- H:\Documents and Settings\Garren\Desktop\DllTool.exe
[2013/11/07 19:34:17 | 000,001,520 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\i30debaihec.dat
[2013/11/07 19:22:29 | 000,521,896 | ---- | C] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\dfl30z32.dll
[2013/11/07 18:59:11 | 000,000,198 | ---- | C] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\wsr30zt32.dll
[2013/05/12 03:54:18 | 000,000,288 | ---- | C] () -- H:\Documents and Settings\Garren\Application Data\.backup.dm
[2013/05/08 05:52:48 | 000,000,000 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat
[2013/03/26 21:03:15 | 001,264,202 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/20 23:54:51 | 000,120,320 | ---- | C] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/02 02:28:16 | 000,395,512 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat
[2012/05/01 10:00:57 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012/05/01 10:00:57 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012/05/01 10:00:56 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012/05/01 10:00:56 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012/05/01 10:00:56 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012/02/16 04:26:39 | 000,000,380 | ---- | C] () -- H:\Documents and Settings\Garren\renderJob0.bat
[2012/02/16 04:26:39 | 000,000,107 | ---- | C] () -- H:\Documents and Settings\Garren\settings.dat
[2011/02/03 23:30:24 | 000,260,999 | ---- | C] () -- H:\Documents and Settings\Garren\Minecraft_Mod.jar
[2011/02/03 23:29:28 | 000,000,071 | ---- | C] () -- H:\Documents and Settings\Garren\server_nogui.bat
[2011/02/03 14:52:21 | 000,389,477 | ---- | C] () -- H:\Documents and Settings\Garren\minecraft_server.jar
[2011/02/03 05:15:00 | 000,000,227 | ---- | C] () -- H:\Documents and Settings\Garren\server.properties
[2010/12/05 18:49:01 | 002,870,904 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/24 05:51:15 | 000,012,032 | -HS- | C] () -- H:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
[2009/10/14 07:52:29 | 000,008,628 | -H-- | C] () -- H:\Program Files\GMouse.GID
[2009/10/14 07:01:17 | 000,246,272 | ---- | C] () -- H:\Program Files\Gmouse.exe
[2009/10/14 07:01:17 | 000,001,685 | ---- | C] () -- H:\Program Files\DeIsL1.isu
[2009/05/21 15:35:35 | 000,000,218 | ---- | C] () -- H:\Documents and Settings\Garren\.recently-used.xbel
[2009/05/16 04:11:28 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Garren\JFK Reloaded v1.0.1 patch.exe
[2009/01/09 20:11:27 | 000,015,478 | ---- | C] () -- H:\Documents and Settings\Garren\GRSSWaitingInvite.xml
[2009/01/09 20:11:25 | 000,043,009 | ---- | C] () -- H:\Documents and Settings\Garren\GuildRaidSnapShot.xml
[2009/01/09 20:11:24 | 000,073,420 | ---- | C] () -- H:\Documents and Settings\Garren\GuildRaidSnapShot.lua
[2009/01/09 20:11:24 | 000,000,561 | ---- | C] () -- H:\Documents and Settings\Garren\GuildRaidSnapShot.toc
[2009/01/09 20:10:27 | 000,000,301 | ---- | C] () -- H:\Documents and Settings\Garren\GRSS_Data.lua
[2008/03/06 16:29:48 | 000,000,032 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/23 13:14:09 | 000,011,031 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
========== ZeroAccess Check ==========
 
[2008/03/28 00:05:21 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/11/30 17:25:54 | 001,498,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2007/11/30 17:25:36 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2007/11/30 17:26:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/04/21 17:08:02 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/09/15 02:04:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2010/09/29 03:36:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AIM
[2012/10/27 11:41:38 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG
[2012/10/27 20:14:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG2013
[2012/05/23 18:06:21 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/09/05 11:58:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/10/27 11:40:06 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/15 02:04:22 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/02/07 00:52:08 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\IObit
[2008/03/28 00:10:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2013/12/05 14:23:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\KSafe
[2013/05/14 04:11:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Licenses
[2012/10/27 20:14:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/10 18:37:40 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/21 07:39:02 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/04/12 15:56:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/07/14 13:09:32 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\RoboForm
[2010/03/10 17:16:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Video2Webcam
[2013/05/16 11:55:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Vizzed
[2012/05/02 02:20:45 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/27 11:40:06 | 000,000,000 | -HSD | M] -- H:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2008/01/23 12:08:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\G\Application Data\SecondLife
[2012/10/18 21:26:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\.minecraft
[2012/02/16 04:35:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\.minecraft_xray
[2011/06/27 00:26:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\.purple
[2012/03/25 05:43:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\acccore
[2013/10/23 17:11:46 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Acreon
[2013/12/11 13:41:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Ad-Aware Antivirus
[2012/05/08 01:55:16 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Amazon
[2012/05/23 18:16:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Applian FLV and Media Player
[2012/10/27 11:41:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\AVG
[2012/05/21 00:14:51 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Bigasoft iPad Video Converter
[2010/03/10 22:47:35 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Camfrog
[2008/03/06 16:16:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Copy of Skype
[2012/11/08 09:37:42 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\DiskAid
[2009/02/23 17:58:39 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\DNA
[2013/06/11 00:06:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Dropbox
[2013/04/26 22:38:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\FileFly
[2011/10/19 01:19:41 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\FLV.com FLV Converter
[2013/11/07 19:20:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Folding@home-x86
[2012/10/10 23:47:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\GetRightToGo
[2009/05/21 12:49:59 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\gtk-2.0
[2011/10/31 05:44:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\HU2011
[2011/02/07 01:06:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\IObit
[2013/05/08 18:48:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\JAM Software
[2013/12/05 14:23:08 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\KSafe
[2011/08/18 19:36:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Leadertech
[2011/02/03 18:45:46 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Minetographer
[2008/03/06 16:18:10 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\New Folder
[2008/04/28 13:25:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Poser 7
[2013/05/14 15:34:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SanDisk
[2013/05/12 03:55:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SanDisk SecureAccess
[2011/12/04 06:07:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SecondLife
[2011/07/22 21:13:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SerpentOfIsis
[2013/12/12 09:45:30 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Simple Adblock
[2012/03/29 19:31:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\TestApp
[2009/06/03 04:20:51 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\The Creative Assembly
[2008/04/18 12:58:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Thunderbird
[2010/03/10 17:16:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Video2Webcam
[2013/08/28 22:44:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Wargaming.net
[2008/12/09 10:21:47 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\webex
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2013/11/07 18:53:39 | 000,597,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2007/11/30 17:26:10 | 000,006,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- H:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2007/11/30 17:25:52 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2007/11/30 17:25:30 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- H:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2007/11/30 17:25:32 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2007/11/30 17:25:34 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2007/11/30 17:25:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2007/11/30 17:26:48 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2007/11/30 17:25:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2007/11/30 17:25:56 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2007/11/30 17:26:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2007/12/01 00:25:38 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2013/11/07 18:54:07 | 000,703,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2007/11/30 17:26:34 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2007/11/30 17:25:34 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- H:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2013/11/07 18:54:03 | 000,777,728 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- H:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2007/11/30 17:26:22 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2007/11/30 17:26:34 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2007/11/30 17:25:48 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2007/11/30 17:25:48 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2007/11/30 17:26:48 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2013/12/01 00:28:50 | 000,610,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2007/11/30 17:26:34 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2007/11/30 17:25:52 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2007/11/30 17:25:52 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2007/11/30 17:25:52 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2007/11/30 17:25:48 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2007/11/30 17:25:54 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2007/11/30 17:26:34 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2007/11/30 17:26:08 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- H:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2007/11/30 17:26:04 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2007/11/30 17:25:56 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2007/11/30 17:26:04 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2007/11/30 17:25:52 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2007/11/30 17:25:40 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2007/11/30 17:26:06 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2007/11/30 17:26:06 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2007/11/30 17:25:56 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2013/11/07 18:54:16 | 000,842,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2007/11/30 17:25:30 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2007/11/30 17:25:40 | 000,331,264 | ---- | M] (Microsoft Corporation) [Unavailable | Unknown] -- H:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2007/11/30 17:26:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2013/11/07 18:54:13 | 000,631,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2007/11/30 17:26:08 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2007/11/30 17:25:28 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2007/11/30 17:25:34 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2007/12/29 08:43:21 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2007/11/30 17:26:08 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2008/06/10 19:50:29 | 016,441,522 | ---- | M] () -- H:\DS 1.18 Updater.exe
[2008/06/10 19:53:45 | 013,697,059 | ---- | M] () -- H:\DS 1.exe
[2008/06/10 19:59:07 | 025,109,856 | ---- | M] () -- H:\DS 2 + Bonus.exe
[2008/06/10 20:01:30 | 011,375,424 | ---- | M] () -- H:\DS Gel.exe
 
< MD5 for: EXPLORER.EXE  >
[2013/11/28 00:09:02 | 001,586,688 | ---- | M] (Microsoft Corporation) MD5=7AD7D0298251B555E292696B53F95D60 -- H:\WINDOWS\explorer.exe
[2007/11/30 17:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- H:\WINDOWS\ERDNT\cache\explorer.exe
[2007/11/30 17:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- H:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: SERVICES  >
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- H:\WINDOWS\system32\drivers\etc\services
[2007/10/02 10:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- H:\Documents and Settings\Garren\D-Fend Reloaded\VirtualHD\FREEDOS\SERVICES
[2007/10/02 10:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- H:\Program Files\D-Fend Reloaded\NewUserData\FREEDOS\SERVICES
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- H:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 08:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- H:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.CNF  >
[2004/03/16 23:00:00 | 000,000,011 | ---- | M] () MD5=5EBC53C2F546FC6340A4C39F52C77C51 -- H:\`~~ PICTURES ~~`\My DVD\Pictures and Stuff\My Webs\_vti_pvt\services.cnf
[2004/03/16 23:00:00 | 000,000,011 | ---- | M] () MD5=5EBC53C2F546FC6340A4C39F52C77C51 -- H:\Documents and Settings\Garren\My Documents\My Webs\_vti_pvt\services.cnf
[2004/03/16 23:00:00 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- H:\`~~ PICTURES ~~`\My DVD\Pictures and Stuff\My Webs\myweb\_vti_pvt\services.cnf
[2002/01/17 23:00:00 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- H:\`~~ PICTURES ~~`\My DVD\Pictures and Stuff\Web Site\_vti_pvt\services.cnf
[2004/03/16 23:00:00 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- H:\Documents and Settings\Garren\My Documents\My Webs\myweb\_vti_pvt\services.cnf
[2002/01/17 23:00:00 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- H:\Documents and Settings\Garren\My Documents\Web Site\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.DAT  >
[2013/11/05 16:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- H:\Documents and Settings\Garren\Local Settings\temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2007/11/30 17:26:48 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=76727219614A50B2DB29BD0CDA4260D5 -- H:\WINDOWS\ERDNT\cache\services.exe
[2007/11/30 17:26:48 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=76727219614A50B2DB29BD0CDA4260D5 -- H:\WINDOWS\system32\dllcache\services.exe
[2007/11/30 17:26:48 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=76727219614A50B2DB29BD0CDA4260D5 -- H:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.LNK  >
[2008/11/25 01:03:41 | 000,001,602 | ---- | M] () MD5=6F70D8B8FE24F56820FDD274116FC05C -- H:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2013/05/09 20:50:23 | 000,000,551 | ---- | M] () MD5=0D14711C5B973D432E1DFD358A77B095 -- H:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\EY5P5668\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- H:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 01:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- H:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: SVCHOST.EXE  >
[2007/11/30 17:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- H:\WINDOWS\ERDNT\cache\svchost.exe
[2007/11/30 17:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- H:\WINDOWS\system32\dllcache\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- H:\Program Files\Malwarebytes' Anti-Malware2\Chameleon\svchost.exe
[2013/12/04 18:27:15 | 000,567,296 | ---- | M] (Microsoft Corporation) MD5=C7FFF882361A70C0B62B5DB089AFC441 -- H:\WINDOWS\system32\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2007/11/30 17:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- H:\WINDOWS\ERDNT\cache\userinit.exe
[2007/11/30 17:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- H:\WINDOWS\system32\dllcache\userinit.exe
[2007/11/30 17:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- H:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2007/11/30 17:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- H:\WINDOWS\ERDNT\cache\winlogon.exe
[2007/11/30 17:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- H:\WINDOWS\system32\dllcache\winlogon.exe
[2007/11/30 17:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- H:\WINDOWS\system32\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- H:\Program Files\Malwarebytes' Anti-Malware2\Chameleon\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- H:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- H:\WINDOWS\system32\winsock.dll
 
========== Files - Unicode (All) ==========
[2008/02/23 02:22:21 | 000,000,333 | ---- | M] ()(H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo?.url) -- H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo‏.url
[2008/02/23 02:22:21 | 000,000,333 | ---- | C] ()(H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo?.url) -- H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo‏.url

< End of report >

 

 

 

 

 

 

 

 

 

 

Extras log:

 

OTL Extras logfile created on: 12/12/2013 2:04:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\Documents and Settings\Garren\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.90% Memory free
5.85 Gb Paging File | 5.39 Gb Available in Paging File | 92.03% Paging File free
Paging file location(s): H:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 149.04 Gb Total Space | 20.35 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
 
Computer Name: G | User Name: Garren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "H:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "H:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1691
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}" = Adobe Setup
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C830C70-16E8-4FDA-BDF2-3CE38518AF25}" = MySQL Server 5.0
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48D45C32-DEB7-4CD7-8373-D669CF762AD8}_is1" = Bigasoft iPad Video Converter 3.6.18.4499
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51C8741C-4A91-42A6-B6A2-CB891F7398A1}" = Kerio Personal Firewall 2.1.5
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}" = 2600_Help
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.2.2
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C36FC6F-3576-447C-B15D-FF1504C91104}_is1" = DllTool 1.0
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{944167EA-7F89-4705-8DCD-1D63B53141B0}" = Ad-Aware Antivirus
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}" = 2600Trb
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A45C5EC7-F13E-4414-99BE-47373935C0FE}" = Eraser 6.0.10.2620
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% (Trial Version)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F25BDABF-5489-43fb-AF7A-F67F0566A51A}" = 2700
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F576BBE9-11D0-4F02-B8F0-7CCA9C159937}" = ActiveGS
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FC7DA8F9-9AF6-4D55-B42D-B72CF88153E6}" = Election Day
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Ace Image Resizer V1.8 (Trial Version)" = Ace Image Resizer V1.8 (Trial Version)
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_71c180716438072ebd356ce2549df41" = Adobe Premiere Pro CS3 Third Party Content
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AI RoboForm" = AI RoboForm (All Users)
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AudioCS" = Creative Audio Console
"Axis and Allies" = Axis and Allies
"Blender" = Blender
"BPFTP Server" = BPFTP Server (remove only)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"D-Fend Reloaded" = D-Fend Reloaded 1.3.1 (deinstall)
"DiskAid_is1" = DiskAid 5.42
"DivX Setup.divx.com" = DivX Setup
"DreamSuite" = DreamSuite
"DreamSuite Series2" = DreamSuite Series2
"Express" = Express Dictate
"FileZilla Client" = FileZilla Client 3.0.10
"FLV.com FLV Converter_is1" = FLV.com FLV Converter V 2.92
"Game Booster_is1" = Game Booster
"GhostMouse 2.0" = GhostMouse 2.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 1.99.1
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"JFK Reloaded" = JFK Reloaded 1.1
"JVA Multi-Purpose Bot_is1" = JVA Bot 1.14.9
"JVA Second Life Bot_is1" = JVA Bot 1.12.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Music Organizer 2.5.2_is1" = Music Organizer 2.5.2 version 2.5.2
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"pidgin-guifications" = Guifications Plugin (remove only)
"PikkuBot" = PikkuBot (remove only)
"Plants vs. Zombies" = Plants vs. Zombies
"PowerISO" = PowerISO
"RealXtend" = RealXtend
"Recuva" = Recuva
"SAM3" = SAM Broadcaster (remove only)
"SCDNAS" = SHOUTcast DNAS (remove only)
"Scribe" = Express Scribe
"SecondLife" = SecondLife (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Snood_is1" = Snood for Windows version 3.01-W
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 5.0
"The Rosetta Stone" = The Rosetta Stone
"TreeSize Free_is1" = TreeSize Free V2.7
"Unlocker" = Unlocker 1.8.5
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vista System Properties" = Vista System Properties
"VLC media player" = VLC media player 2.0.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xchat" = XChat 2 (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
"Inquisit 3 Web Edition" = Inquisit 3 Web Edition
"Precision Sculptor v2.0" = Precision Sculptor v2.0
"QuickCet" = QuickCet
"Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/7/2013 2:56:23 AM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
 module ad2mpegin.dll, version 1.4.0.13715, fault address 0x00017ad9.
 
Error - 12/7/2013 2:56:43 AM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
 module ad2mpegin.dll, version 1.4.0.13715, fault address 0x00017ad9.
 
Error - 12/7/2013 2:57:05 AM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
 module ad2mpegin.dll, version 1.4.0.13715, fault address 0x000175fc.
 
Error - 12/7/2013 2:57:55 AM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
 module ad2mpegin.dll, version 1.4.0.13715, fault address 0x000175fc.
 
Error - 12/7/2013 3:02:46 AM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
 module ad2mpegin.dll, version 1.4.0.13715, fault address 0x000175fc.
 
Error - 12/10/2013 7:37:42 PM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.9.900.117,
 faulting module unknown, version 0.0.0.0, fault address 0x00000000.
 
Error - 12/10/2013 8:37:56 PM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.9.900.117,
 faulting module unknown, version 0.0.0.0, fault address 0x00000000.
 
Error - 12/11/2013 3:40:54 AM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.75.0.1, faulting module version.dll,
 version 5.1.2600.3264, fault address 0x00001ddc.
 
Error - 12/11/2013 8:57:51 AM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.75.0.1, faulting module version.dll,
 version 5.1.2600.3264, fault address 0x00001ddc.
 
Error - 12/11/2013 12:19:45 PM | Computer Name = G | Source = Application Error | ID = 1000
Description = Faulting application notepad.exe, version 5.1.2600.3264, faulting
module unknown, version 0.0.0.0, fault address 0x009e5940.
 
[ System Events ]
Error - 12/12/2013 3:32:34 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 3:32:36 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 3:54:37 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 3:54:40 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 3:59:44 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 3:59:46 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 4:02:27 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 4:02:29 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 4:08:47 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 12/12/2013 4:08:49 PM | Computer Name = G | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
 
< End of report >
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 13 December 2013 - 08:44 AM

It looks like you Winsock has not been fixed.

Return to the Micosoft page
http://support.microsoft.com/kb/299357

Execute the command under this section for Windows XP

Use a manual method to reset TCP/IP for Windows XP

Important to restart the computer to reset the registry.
===

Lets check the validity of the explorer.exe file.

>>> Run Jotti's malware scan: Please copy this line (in bold):
H:\WINDOWS\explorer.exe
  • Go to Jotti's malware scan
  • and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Capture.JPG
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

====

Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: H:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\{511D7F73-C935-CF2D-CA36-541E7A751A36}
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\{546C7A76-C932-CC33-CF2D-52617E770133}
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\QUDOBMXFTG@QUDOBMXFTG.ORG.XPI
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\TWZAMTRTVD@TWZAMTRTVD.ORG.XPI
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O18 - Protocol\Handler\bw10 - No CLSID value found
O18 - Protocol\Handler\bwq0s - No CLSID value found
O20 - HKLM Winlogon: UIHost - (logonui.exe) -  File not found

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Please post also the result from the Jotti's scan.

#15 Cujo17

Cujo17
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 December 2013 - 02:17 PM

Well it looks like I wasn't imagining things with explorer.exe....

 

 

 

Jotti Scan:

 

http://virusscan.jotti.org/en/scanresult/688b437bd0e0a0a07339752bbf34c2a52089b422

 

 

 

Winsock reset:

 

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2335C6C5-F0DF-415D-AF50-F3D3C7986EB4}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2335C6C5-F0DF-415D-AF50-F3D3C7986EB4}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2335C6C5-F0DF-415D-AF50-F3D3C7986EB4}\IpAutoconfigurationSeed
<completed>

 

 

 

OTL Fix:

 

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw10\ deleted successfully.
File Protocol\Handler\bw10 - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwq0s\ deleted successfully.
File Protocol\Handler\bwq0s - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:logonui.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
 
OTL by OldTimer - Version 3.2.69.0 log created on 12132013_123705
 

 

 

OTL Quick Scan:

 

OTL logfile created on: 12/13/2013 12:44:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = H:\Documents and Settings\Garren\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.72% Memory free
5.85 Gb Paging File | 5.39 Gb Available in Paging File | 92.11% Paging File free
Paging file location(s): H:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 149.04 Gb Total Space | 20.30 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
 
Computer Name: G | User Name: Garren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/13 12:12:24 | 001,155,072 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Garren\Desktop\OTL.exe
PRC - [2013/12/01 00:28:59 | 000,974,848 | ---- | M] (Logitech Inc.) -- H:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2013/11/28 00:09:02 | 001,586,688 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2013/11/26 15:57:21 | 000,864,256 | ---- | M] (Symantec Corporation) -- H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2013/11/20 18:40:23 | 004,200,960 | ---- | M] (GFI Software) -- H:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2013/11/20 18:39:22 | 001,782,784 | ---- | M] (Lavasoft Limited) -- H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/07/15 15:09:24 | 000,554,384 | ---- | M] (Lavasoft) -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/06/13 01:27:36 | 018,834,784 | ---- | M] (Lavasoft Limited) -- H:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2007/05/04 10:00:12 | 005,701,632 | ---- | M] () -- H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/01 14:16:26 | 000,178,464 | ---- | M] () -- H:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2013/10/01 14:16:25 | 000,190,752 | ---- | M] () -- H:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/11/04 08:51:42 | 002,502,248 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2008/05/20 03:18:10 | 000,094,720 | ---- | M] () -- H:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2007/05/04 10:00:12 | 005,701,632 | ---- | M] () -- H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
MOD - [2002/11/14 19:32:34 | 000,063,168 | ---- | M] () -- H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVERROR.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- H:\Program Files\Kerio\Personal Firewall\persfw.exe -- (PersFw)
SRV - [2013/12/11 01:53:34 | 000,803,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/01 00:28:59 | 000,974,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- H:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2013/11/26 15:57:21 | 000,864,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2013/11/20 18:40:23 | 004,200,960 | ---- | M] (GFI Software) [Auto | Running] -- H:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2013/11/20 18:39:22 | 001,782,784 | ---- | M] (Lavasoft Limited) [Auto | Running] -- H:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/11/20 18:38:53 | 000,113,664 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- H:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/11/07 18:54:14 | 000,618,496 | ---- | M] (HP) [On_Demand | Stopped] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2013/11/07 18:54:11 | 000,663,040 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/07 18:54:04 | 001,207,808 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/11/07 18:54:02 | 000,839,680 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- H:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2013/11/07 18:53:43 | 000,864,256 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2013/11/07 18:53:43 | 000,618,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2013/06/21 09:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- H:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2007/05/04 10:00:12 | 005,701,632 | ---- | M] () [Auto | Running] -- H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2002/11/14 19:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE -- (navapsvc)
SRV - [2001/08/13 23:18:36 | 000,054,408 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- H:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- H:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- system32\Drivers\fwdrv.sys -- (fwdrv)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/12/11 04:11:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/09/15 02:01:55 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/31 23:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/03/31 23:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/03/18 19:50:20 | 000,015,960 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2010/03/18 19:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 19:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 19:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 19:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 19:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 19:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 19:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 19:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 19:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 19:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 19:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/04/20 15:37:39 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/04/20 15:35:17 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- H:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/03/25 14:29:52 | 000,130,432 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/23 03:00:00 | 000,895,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\VirusDefs\20080123.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/01/23 03:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Symantec Shared\VirusDefs\20080123.023\NAVENG.SYS -- (NAVENG)
DRV - [2007/11/30 10:54:46 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/11/30 09:16:46 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2007/08/06 18:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/01/20 18:03:24 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/01/20 18:02:50 | 000,055,552 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/06/08 16:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2003/12/23 01:15:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\xmasscsi.sys -- (xmasscsi)
DRV - [2003/12/21 16:24:22 | 000,140,800 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- H:\WINDOWS\system32\drivers\xmasbus.sys -- (xmasbus)
DRV - [2003/09/18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003/09/18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)
DRV - [2002/09/13 08:43:34 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/08/15 17:45:42 | 000,181,400 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2002/08/15 17:45:36 | 000,015,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\SearchScopes,DefaultScope = {42003372-45FB-452F-BE57-0AA54F4B8B0E}
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\SearchScopes\{42003372-45FB-452F-BE57-0AA54F4B8B0E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: H:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: H:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: H:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: H:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: H:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: H:\Documents and Settings\Garren\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: H:\Documents and Settings\Garren\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Documents and Settings\Garren\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ActiveGS: H:\Program Files\ActiveGS\npActiveGS.dll (Free Tools Association)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: H:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2013/08/29 00:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2013/10/13 17:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: H:\Program Files\Mozilla Thunderbird\components [2012/05/02 02:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: H:\Program Files\Mozilla Thunderbird\plugins [2013/10/13 17:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: H:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57319509-7821-41B0-9FDF-3B58F146AE33}: h:\program files\copernic desktop search - home\firefoxconnector [2013/05/14 01:59:30 | 000,000,000 | ---D | M]
 
[2008/07/08 17:26:19 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Extensions
[2013/12/12 11:29:14 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions
[2009/07/17 22:33:37 | 000,000,000 | ---D | M] ("Gmail Space") -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2008/07/09 19:27:37 | 000,000,000 | ---D | M] ("Better GCal") -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\bettergcal@ginatrapani.org
[2011/05/20 00:57:42 | 000,043,132 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\betterflickr@ginatrapani.org.xpi
[2011/05/20 00:57:42 | 000,276,952 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\bettergmail2@ginatrapani.org.xpi
[2011/05/20 00:57:42 | 000,071,383 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\bettergreader@ginatrapani.org.xpi
[2011/05/20 00:57:42 | 000,052,154 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\gmailthis@lazyrussian.com.xpi
[2012/12/18 23:53:00 | 000,012,881 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\rtmgmail@rememberthemilk.com.xpi
[2011/05/20 00:57:43 | 000,002,645 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\texpertension@texperts.com.xpi
[2013/09/04 10:24:23 | 000,475,365 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2011/05/20 00:57:54 | 000,169,583 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}.xpi
[2013/10/27 21:02:50 | 000,004,231 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{35687ec3-1d00-11e3-8277-b8ac6f996f26}.xpi
[2011/05/20 00:57:55 | 000,242,709 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/09/03 14:14:39 | 000,188,418 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}.xpi
[2012/04/19 22:06:34 | 000,850,063 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}.xpi
[2013/10/03 21:50:20 | 000,282,570 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/10/04 21:51:08 | 000,044,991 | ---- | M] () (No name found) -- H:\Documents and Settings\Garren\Application Data\Mozilla\Firefox\Profiles\0yt21hag.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2013/08/29 00:25:59 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2013/08/29 00:27:02 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/29 00:27:02 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/29 00:26:16 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\updated(2)\extensions(2)
[2013/08/29 00:26:16 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\updated(2)\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\{511D7F73-C935-CF2D-CA36-541E7A751A36}
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\{546C7A76-C932-CC33-CF2D-52617E770133}
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\QUDOBMXFTG@QUDOBMXFTG.ORG.XPI
File not found (No name found) -- H:\DOCUMENTS AND SETTINGS\GARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0YT21HAG.DEFAULT\EXTENSIONS\TWZAMTRTVD@TWZAMTRTVD.ORG.XPI
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- H:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/12/07 18:50:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2013/05/14 17:43:02 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - H:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [Ad-Aware Antivirus] H:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\.DEFAULT..\Run: [RoboForm] H:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] H:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - H:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-854245398-1547161642-1177238915-1003\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2335C6C5-F0DF-415D-AF50-F3D3C7986EB4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - H:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - H:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/13 12:38:40 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2013/12/13 12:37:05 | 000,000,000 | ---D | C] -- H:\_OTL
[2013/12/12 13:56:29 | 001,155,072 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Garren\Desktop\OTL.exe
[2013/12/12 09:07:29 | 000,000,000 | ---D | C] -- H:\FRST
[2013/12/12 09:06:59 | 001,060,373 | ---- | C] (Farbar) -- H:\Documents and Settings\Garren\Desktop\FRST.exe
[2013/12/12 00:15:51 | 000,000,000 | --SD | C] -- H:\ComboFix
[2013/12/11 11:13:19 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.exe
[2013/12/11 11:08:43 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Local Settings\Application Data\adawarebp
[2013/12/11 10:18:39 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERUNT
[2013/12/11 09:27:44 | 000,000,000 | ---D | C] -- H:\AdwCleaner
[2013/12/11 09:05:53 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Desktop\RK_Quarantine
[2013/12/11 09:04:50 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.scr
[2013/12/11 09:04:20 | 001,034,531 | ---- | C] (Thisisu) -- H:\Documents and Settings\Garren\Desktop\JRT.exe
[2013/12/10 13:47:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/12/05 15:09:35 | 000,000,000 | ---D | C] -- H:\Program Files\Recuva
[2013/12/05 14:32:03 | 003,992,416 | ---- | C] (Piriform Ltd) -- H:\Documents and Settings\Garren\Desktop\rcsetup149.exe
[2013/12/05 14:23:08 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Application Data\KSafe
[2013/12/05 14:23:07 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\KSafe
[2013/12/05 14:23:04 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\Start Menu\Programs\DllTool
[2013/12/05 14:22:57 | 000,000,000 | ---D | C] -- H:\Program Files\DllTool
[2013/12/05 00:02:38 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.com
[2013/12/02 16:19:49 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\My Documents\Splashtop Whiteboard
[2013/12/02 16:19:49 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Garren\My Documents\Splashtop Presenter
[2013/12/02 00:47:16 | 000,000,000 | ---D | C] -- H:\ComboFix(2)
[2013/12/01 00:36:26 | 000,000,000 | ---D | C] -- H:\TDSSKiller_Quarantine
[2009/10/14 07:01:18 | 000,024,576 | ---- | C] (Stirling) -- H:\Program Files\_ISREG32.DLL
[1 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/13 12:56:00 | 000,000,414 | ---- | M] () -- H:\WINDOWS\tasks\Symantec NetDetect.job
[2013/12/13 12:43:06 | 000,001,615 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/12/13 12:40:02 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2013/12/13 12:39:17 | 000,031,056 | ---- | M] () -- H:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/13 12:39:17 | 000,031,056 | ---- | M] () -- H:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/13 12:39:17 | 000,030,528 | ---- | M] () -- H:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/13 12:39:17 | 000,030,528 | ---- | M] () -- H:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/13 12:39:17 | 000,011,564 | ---- | M] () -- H:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10021102}.rfx
[2013/12/13 12:37:02 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/13 12:33:58 | 000,522,603 | ---- | M] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\dfl30z32.dll
[2013/12/13 12:12:24 | 001,155,072 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Garren\Desktop\OTL.exe
[2013/12/13 12:11:00 | 000,000,982 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1547161642-1177238915-1003UA.job
[2013/12/13 12:08:36 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2013/12/12 17:11:00 | 000,000,930 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1547161642-1177238915-1003Core.job
[2013/12/12 09:07:00 | 001,060,373 | ---- | M] (Farbar) -- H:\Documents and Settings\Garren\Desktop\FRST.exe
[2013/12/11 13:32:49 | 005,153,140 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\ComboFix.exe
[2013/12/11 11:13:49 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.com
[2013/12/11 11:13:20 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.exe
[2013/12/11 09:04:51 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Garren\Desktop\dds.scr
[2013/12/11 09:04:38 | 004,133,376 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\RogueKiller.exe
[2013/12/11 09:04:21 | 001,034,531 | ---- | M] (Thisisu) -- H:\Documents and Settings\Garren\Desktop\JRT.exe
[2013/12/11 09:04:12 | 001,226,802 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\adwcleaner.exe
[2013/12/11 04:11:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/12/08 08:00:00 | 000,000,946 | ---- | M] () -- H:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/12/07 01:18:38 | 000,002,789 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\HiJackThis.lnk
[2013/12/07 01:17:59 | 001,402,880 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\HiJackThis.msi
[2013/12/07 01:10:50 | 000,000,049 | ---- | M] () -- H:\WINDOWS\NeroDigital.ini
[2013/12/06 00:25:47 | 000,120,320 | ---- | M] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/05 15:09:36 | 000,001,512 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2013/12/05 14:52:21 | 000,001,520 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\i30debaihec.dat
[2013/12/05 14:32:07 | 003,992,416 | ---- | M] (Piriform Ltd) -- H:\Documents and Settings\Garren\Desktop\rcsetup149.exe
[2013/12/05 14:23:03 | 000,000,734 | ---- | M] () -- H:\Documents and Settings\Garren\Desktop\DllTool.lnk
[2013/12/05 14:22:07 | 008,254,064 | ---- | M] (                                                            ) -- H:\Documents and Settings\Garren\Desktop\DllTool.exe
[1 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/11 09:04:09 | 001,226,802 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\adwcleaner.exe
[2013/12/11 09:03:41 | 004,133,376 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\RogueKiller.exe
[2013/12/07 01:17:55 | 001,402,880 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\HiJackThis.msi
[2013/12/05 15:09:36 | 000,001,512 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2013/12/05 14:23:03 | 000,000,734 | ---- | C] () -- H:\Documents and Settings\Garren\Desktop\DllTool.lnk
[2013/12/05 14:22:00 | 008,254,064 | ---- | C] (                                                            ) -- H:\Documents and Settings\Garren\Desktop\DllTool.exe
[2013/11/07 19:34:17 | 000,001,520 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\i30debaihec.dat
[2013/11/07 19:22:29 | 000,522,603 | ---- | C] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\dfl30z32.dll
[2013/11/07 18:59:11 | 000,000,198 | ---- | C] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\wsr30zt32.dll
[2013/05/12 03:54:18 | 000,000,288 | ---- | C] () -- H:\Documents and Settings\Garren\Application Data\.backup.dm
[2013/05/08 05:52:48 | 000,000,000 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat
[2013/03/26 21:03:15 | 001,264,202 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/20 23:54:51 | 000,120,320 | ---- | C] () -- H:\Documents and Settings\Garren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/02 02:28:16 | 000,395,512 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat
[2012/05/01 10:00:57 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012/05/01 10:00:57 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012/05/01 10:00:56 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012/05/01 10:00:56 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012/05/01 10:00:56 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012/02/16 04:26:39 | 000,000,380 | ---- | C] () -- H:\Documents and Settings\Garren\renderJob0.bat
[2012/02/16 04:26:39 | 000,000,107 | ---- | C] () -- H:\Documents and Settings\Garren\settings.dat
[2011/02/03 23:30:24 | 000,260,999 | ---- | C] () -- H:\Documents and Settings\Garren\Minecraft_Mod.jar
[2011/02/03 23:29:28 | 000,000,071 | ---- | C] () -- H:\Documents and Settings\Garren\server_nogui.bat
[2011/02/03 14:52:21 | 000,389,477 | ---- | C] () -- H:\Documents and Settings\Garren\minecraft_server.jar
[2011/02/03 05:15:00 | 000,000,227 | ---- | C] () -- H:\Documents and Settings\Garren\server.properties
[2010/12/05 18:49:01 | 002,870,904 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/24 05:51:15 | 000,012,032 | -HS- | C] () -- H:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
[2009/10/14 07:52:29 | 000,008,628 | -H-- | C] () -- H:\Program Files\GMouse.GID
[2009/10/14 07:01:17 | 000,246,272 | ---- | C] () -- H:\Program Files\Gmouse.exe
[2009/10/14 07:01:17 | 000,001,685 | ---- | C] () -- H:\Program Files\DeIsL1.isu
[2009/05/21 15:35:35 | 000,000,218 | ---- | C] () -- H:\Documents and Settings\Garren\.recently-used.xbel
[2009/05/16 04:11:28 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Garren\JFK Reloaded v1.0.1 patch.exe
[2009/01/09 20:11:27 | 000,015,478 | ---- | C] () -- H:\Documents and Settings\Garren\GRSSWaitingInvite.xml
[2009/01/09 20:11:25 | 000,043,009 | ---- | C] () -- H:\Documents and Settings\Garren\GuildRaidSnapShot.xml
[2009/01/09 20:11:24 | 000,073,420 | ---- | C] () -- H:\Documents and Settings\Garren\GuildRaidSnapShot.lua
[2009/01/09 20:11:24 | 000,000,561 | ---- | C] () -- H:\Documents and Settings\Garren\GuildRaidSnapShot.toc
[2009/01/09 20:10:27 | 000,000,301 | ---- | C] () -- H:\Documents and Settings\Garren\GRSS_Data.lua
[2008/03/06 16:29:48 | 000,000,032 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/23 13:14:09 | 000,011,031 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
========== ZeroAccess Check ==========
 
[2008/03/28 00:05:21 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/11/30 17:25:54 | 001,498,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2007/11/30 17:25:36 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2007/11/30 17:26:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/04/21 17:08:02 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/09/15 02:04:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2010/09/29 03:36:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AIM
[2012/10/27 11:41:38 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG
[2012/10/27 20:14:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG2013
[2012/05/23 18:06:21 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/09/05 11:58:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/10/27 11:40:06 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/15 02:04:22 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/02/07 00:52:08 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\IObit
[2008/03/28 00:10:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2013/12/05 14:23:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\KSafe
[2013/05/14 04:11:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Licenses
[2012/10/27 20:14:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/10 18:37:40 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/21 07:39:02 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/04/12 15:56:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/07/14 13:09:32 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\RoboForm
[2010/03/10 17:16:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Video2Webcam
[2013/05/16 11:55:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Vizzed
[2012/05/02 02:20:45 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/27 11:40:06 | 000,000,000 | -HSD | M] -- H:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2008/01/23 12:08:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\G\Application Data\SecondLife
[2012/10/18 21:26:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\.minecraft
[2012/02/16 04:35:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\.minecraft_xray
[2011/06/27 00:26:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\.purple
[2012/03/25 05:43:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\acccore
[2013/10/23 17:11:46 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Acreon
[2013/12/11 13:41:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Ad-Aware Antivirus
[2012/05/08 01:55:16 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Amazon
[2012/05/23 18:16:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Applian FLV and Media Player
[2012/10/27 11:41:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\AVG
[2012/05/21 00:14:51 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Bigasoft iPad Video Converter
[2010/03/10 22:47:35 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Camfrog
[2008/03/06 16:16:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Copy of Skype
[2012/11/08 09:37:42 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\DiskAid
[2009/02/23 17:58:39 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\DNA
[2013/06/11 00:06:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Dropbox
[2013/04/26 22:38:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\FileFly
[2011/10/19 01:19:41 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\FLV.com FLV Converter
[2013/11/07 19:20:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Folding@home-x86
[2012/10/10 23:47:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\GetRightToGo
[2009/05/21 12:49:59 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\gtk-2.0
[2011/10/31 05:44:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\HU2011
[2011/02/07 01:06:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\IObit
[2013/05/08 18:48:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\JAM Software
[2013/12/05 14:23:08 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\KSafe
[2011/08/18 19:36:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Leadertech
[2011/02/03 18:45:46 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Minetographer
[2008/03/06 16:18:10 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\New Folder
[2008/04/28 13:25:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Poser 7
[2013/05/14 15:34:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SanDisk
[2013/05/12 03:55:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SanDisk SecureAccess
[2011/12/04 06:07:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SecondLife
[2011/07/22 21:13:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\SerpentOfIsis
[2013/12/12 09:45:30 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Simple Adblock
[2012/03/29 19:31:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\TestApp
[2009/06/03 04:20:51 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\The Creative Assembly
[2008/04/18 12:58:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Thunderbird
[2010/03/10 17:16:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Video2Webcam
[2013/08/28 22:44:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\Wargaming.net
[2008/12/09 10:21:47 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Garren\Application Data\webex
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2008/02/23 02:22:21 | 000,000,333 | ---- | M] ()(H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo?.url) -- H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo‏.url
[2008/02/23 02:22:21 | 000,000,333 | ---- | C] ()(H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo?.url) -- H:\Documents and Settings\Garren\Application Data\Microsoft\Internet Explorer\Quick Launch\Second Life - Group notice- ceo‏.url

< End of report >






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users