View Full Version : Several Malware/Virus Problems
Got this virus yesterday evening. It installed several fake virus protections and, at first, restricted me from using task manage and using Malwarebytes Anti-Malware.
I ran Spyware Doctor, Avast! and RegRun and have gained control of task manage and have the ability to make Registry changes back. However, I still have several fake spyware "protectors" and am running really sluggish.
If you can help, it is greatly appreciated.
-------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSX64
Run by User 1 at 15:33:02.49 on Tue 04/27/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.979 [GMT -4:00]
AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1296 [VPS 081226-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1296 [VPS 081226-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Greatis\RegRunSuite\watchdog.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\User 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe
C:\program files (x86)\whatpulse\whatpulse .exe
C:\program files (x86)\java\jre6\bin\jusched .exe
C:\program files (x86)\itunes\ituneshelper .exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files (x86)\internet explorer\wmpscfgs.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User 1\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\systemnative\userinit.exe,
uWinlogon: Shell=c:\users\user 1\appdata\roaming\ccommander\ccmain.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: adHlpr Object: {0c21698b-11a0-4202-96fe-198d01082753} - c:\windows\syswow64\yebkdlmo.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: adShotHlpr Object: {b57d74ae-d437-4412-a5a7-7a3971e8a1e8} - c:\windows\syswow64\omjjxlpq.dll
BHO: hotrevenue browser enhancer: {c0745218-b667-f3f7-89ad-8848b9927739} - c:\windows\syswow64\pxdbmdsqgpfnqf.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {e623ff84-bca2-469e-aa59-730c17858d4b} - c:\windows\syswow64\JIDEWOJO.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WhatPulse] c:\program files (x86)\whatpulse\WhatPulse.exe
uRun: [Octoshape Streaming Services] "c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe" -inv:bootrun
uRun: [Aim] "c:\program files (x86)\aim\aim .exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [sysmon64x.exe] c:\users\user1~1\appdata\local\temp\SYSMON64X.EXE
uRun: [apmanager.exe] c:\users\user 1\appdata\roaming\apmanager\apmanager.exe silent
uRun: [hsf87sdhfush87fsufhuie3fddf] c:\users\user1~1\appdata\local\temp\eo9p667jp.exe
uRun: [Digital Protection] "c:\program files (x86)\digital protection\digprot.exe" -noscan
uRun: [RTHDBPL] c:\users\user 1\appdata\roaming\systemproc\lsass.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ewrgetuj] c:\users\user1~1\appdata\local\temp\geurge.exe
mRun: [lsdefrag] c:\users\user1~1\appdata\local\temp\cmnaexwosr.exe
mRun: [ezLife] rundll32 "omjjxlpq.dll",,Run
mRun: [RegRun WinBait] c:\windows\winbait.exe
mRun: [@RegRunOnSecure] c:\progra~2\greatis\regrun~1\OnSecure.exe
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mRun: [nujuzugide] Rundll32.exe "jidewojo.dll",s
mRun: [vsvoczrnnqhsbpb] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\pxdbmdsqgpfnqf.dll"
mExplorerRun: [9xsl] c:\users\user1~1\appdata\local\temp\77wi.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files (x86)\stardock\impulse\now\ImpulseNow.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: hiwazedo.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\progra~2\greatis\regrun~1\RRSHELL.DLL
LSA: Notification Packages = scecli hiwazedo.dll
IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe
IFEO: msseces.exe - c:\windows\system32\svchost.exe
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\user1~1\appdata\roaming\mozilla\firefox\profiles\kuky3h7i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files (x86)\mozilla firefox\components\ffxShot.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\user 1\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\user 1\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\user 1\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-4-26 218056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 89680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-26 64592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-4-26 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 399360]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athrxu6.sys [2007-7-5 1041920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-27 27648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 40464]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-12-27 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
=============== Created Last 30 ================
2010-04-27 00:24:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 00:24:40 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-27 00:24:40 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-27 00:24:40 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 00:24:40 131 ----a-w- c:\windows\IDB.zip
2010-04-27 00:24:40 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 00:24:39 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 00:24:39 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 00:24:39 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-04-27 00:18:07 7357 ----a-w- c:\windows\system32\drivers\pctgntdi64.cat
2010-04-27 00:18:07 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-04-27 00:18:07 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-04-27 00:18:04 7353 ----a-w- c:\windows\system32\drivers\pctcore64.cat
2010-04-27 00:18:04 218056 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2010-04-27 00:17:59 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2010-04-27 00:17:59 7353 ----a-w- c:\windows\system32\drivers\pctplsg64.cat
2010-04-27 00:17:52 0 d-----w- c:\users\user1~1\appdata\roaming\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\programdata\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-04-26 23:31:52 0 d-----w- c:\windows\RestoreSafeDeleted
2010-04-26 23:30:15 535 ----a-w- c:\windows\syswow64\Partizan.RRI
2010-04-26 23:27:00 0 d-sh--r- C:\desktop.ini
2010-04-26 23:27:00 0 d-sh--r- C:\comment.htt
2010-04-26 23:27:00 0 d-sh--r- C:\autorun.inf
2010-04-26 23:26:42 2 --shatr- c:\windows\winstart.bat
2010-04-26 23:26:42 2 --shatr- c:\windows\syswow64\AUTOEXEC.NT
2010-04-26 23:26:22 37600 ----a-w- c:\windows\syswow64\Partizan.exe
2010-04-26 23:25:20 57556 ----a-w- c:\windows\guard.bmp
2010-04-26 23:25:20 36864 ----a-w- c:\windows\winbait.exe
2010-04-26 23:25:20 20192 ----a-w- c:\windows\WinBait.org
2010-04-26 23:25:20 20192 ----a-w- c:\windows\winbait .exe
2010-04-26 23:25:20 1385184 ----a-w- c:\windows\RunGuard.exe
2010-04-26 23:25:12 0 d-----w- c:\program files (x86)\Greatis
2010-04-26 23:19:26 0 d-----w- c:\users\user1~1\appdata\roaming\CCommander
2010-04-26 23:19:24 0 d-sh--w- c:\users\user1~1\appdata\roaming\SystemProc
2010-04-26 23:17:18 0 d-----w- c:\program files (x86)\Digital Protection
2010-04-26 23:16:16 317440 ----a-w- c:\windows\syswow64\cooper.mine
2010-04-26 23:14:34 36864 ----a-w- c:\windows\syswow64\READER_S.del
2010-04-26 23:14:07 0 d-----w- c:\users\user1~1\appdata\roaming\APManager
2010-04-26 23:14:04 50990 ----a-w- c:\windows\syswow64\eqpcpcyydhhaueen.exe
2010-04-26 23:14:01 0 d-----w- c:\program files (x86)\ezLife
2010-04-26 23:13:50 162304 ----a-w- c:\windows\Dgynoa.exe
2010-04-26 23:13:48 0 d-----w- c:\users\user1~1\appdata\roaming\57FEB2771E017424312E3F6F5A51A206
2010-04-25 06:30:22 0 d-----w- c:\programdata\DivX
2010-04-21 11:55:32 299008 ----a-w- c:\windows\syswow64\yebkdlmo.dll
2010-04-21 11:55:04 319488 ----a-w- c:\windows\syswow64\omjjxlpq.dll
2010-04-15 10:58:44 384512 ----a-w- c:\windows\syswow64\_pxdbmdsqgpfnqf.dll
2010-04-15 10:58:44 381952 ----a-w- c:\windows\syswow64\pxdbmdsqgpfnqf.dll
2010-04-15 07:03:15 1427336 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 07:03:13 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 07:03:13 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 07:03:01 273920 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 07:03:01 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 07:03:00 106496 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 07:02:57 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 07:02:37 602624 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 07:02:37 430080 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-15 07:02:36 72192 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-15 07:02:36 62464 ----a-w- c:\windows\syswow64\l3codeca.acm
2010-04-15 07:02:36 220672 ----a-w- c:\windows\syswow64\l3codecp.acm
2010-04-15 07:02:36 181760 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 16:41:10 218624 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:41:10 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-14 16:41:09 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 16:41:09 104960 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 17:50:09 0 d-----w- c:\program files\iPod
2010-04-05 17:50:08 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-04-05 17:50:08 0 d-----w- c:\program files\iTunes
2010-04-05 17:50:08 0 d-----w- c:\program files (x86)\iTunes
2010-04-05 17:45:44 0 d-----w- c:\program files\Bonjour
2010-03-31 01:58:24 353592 ----a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl
==================== Find3M ====================
2010-04-27 19:01:37 66702 ----a-w- c:\programdata\nvModes.dat
2010-04-05 17:46:12 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-05 17:46:12 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-05 17:46:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-11 21:36:51 133712 ----a-w- c:\windows\War3Unin.dat
2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-03-09 16:07:05 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-03-09 15:42:08 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-03-09 15:40:29 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-03-09 15:40:29 3601920 ----a-w- c:\windows\syswow64\mshtml.dll
2010-03-09 15:39:49 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-03-09 15:39:49 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-03-09 15:39:49 180736 ----a-w- c:\windows\syswow64\ieui.dll
2010-03-09 15:39:47 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:15:56 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:14:20 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-02-12 16:01:24 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:01:24 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-11-17 09:14:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-27 06:40:49 174 --sha-w- c:\program files\desktop.ini
2008-12-27 06:40:49 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-27 11:19:49 1970157 --sha-w- c:\windows\syswow64\dukotova.exe
2010-01-27 11:19:49 0 --sha-w- c:\windows\syswow64\fogiguzu.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\hiwazedo.dll
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\jidewojo.dll
2010-01-26 23:19:21 1970157 --sha-w- c:\windows\syswow64\jumaruri.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\korapulu.dll
2010-01-27 11:19:49 110592 --sha-w- c:\windows\syswow64\zudujogi.exe
2008-01-09 00:30:43 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 15:35:03.74 ===============
Also have Attach.txt saved - will be zipped and posted upon request.
Hi,
Your system is very severely infected. If this was my system I'd do a reformat. Do you have resources to reformat?
I have a disk that says Vista Ultimatex64 Recovery.
If this is not it I'm not sure that I have the resources - I bought this computer off craigslist about a year ago and he gave me a few disc - this is the only one that might be it.
If this is the right disc can you explain how to use it?
Hi,
Do you remember the exact date when the system got infected?
Could you reboot using the disk you have there and let me know what options it gives to you?
I believe the exact date that I got a noticeable infection was the April 27th.
Ill try booting from the disc and see what happens.
Unfortunately wont let me boot from disc, I set boot from cd drive in BIOS but it still wont.
There is an .exe file inside tho that gives me the option to install windows vista
Hi,
Did you have cd/dvd drive selected as 1. booting device? It has to be that or operating system on hard drive will be loaded earlier. What is the exe file name on that disk?
Yes I had my cd/dvd drive set as the #1 device for booting priority.
The .exe file is just setup.exe
Hi,
If you run that setup what options are offered there? Is there "Repair your computer" -option present?
There is..
Check Compatibility Online
Install Now
What to know before installing windows
Transfer files and settings from another computer
Hi,
If you have other system available you could test booting from that recovery disk to see if problem is with the dvd drive of infected system or with the disk itself.
I don't feel very comfortable trying Vista installation from Windows instead of rebooting with disk and doing complete reinstall there. If we have to take a cleaning attempt I can't guarantee anything since most tools won't work with 64-bit system.
I tried booting from disc on my other computer. It seemed to boot from it but had an error because it is a 32 bit system so I guess that means something wrong with this computer's dvd drive.
Where do we go from here?
As I told you, we can attempt cleaning but I can't guarantee successful end results.
Download Vipre rescue (http://live.sunbeltsoftware.com/Download/) and save it to c:\Vipretemp folder. Then download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
1. Boot the computer in "Safe Mode with Command Prompt" (press F8 when the computer starts to boot. When the boot screen appears, use the down arrow to highlight the selection).
2. When the command line appears, navigate to the directory that contains the VIPRE Rescue Program (c:\VipreTemp if you followed my instructions about destination location) by typing following commands (press enter after each one):
c:
cd\VipreTemp
3. Type VIPRERescue6245.exe (without double quotes) at the command prompt.
4. At the prompt, "Do you wish to extract the VIPRE Rescue Scanner to your computer?" click Yes.
5. You will be prompted for a destination folder to unzip to. Keep the default (C:\VIPRERESCUE), make sure the checkbox for "When done unzipping open: .\deep_scan.bat" is NOT checked, and then click Unzip.
6. Go to c:\VIPRERESCUE folder by typing following commands:
c:
cd\VIPRERESCUE
7. Type following command and wait for scanner to complete its run:
viprerescuescanner /deep /log
That will generate results log file in xml format into Vipre folder (c:\VIPRERESCUE). Type exit to exit from command prompt and reboot system back into normal mode.
Archive Vipre log (xml file with datetime corresponding the time of Vipre run should be in c:\VIPRERESCUE) into a zip file and attach the file to your post.
---
Then do the following:
Double click on OTL icon on the desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
OTL logfile created on: 5/1/2010 11:17:33 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\User 1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 175.91 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVENG
Current User Name: User 1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\User 1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Greatis\RegRunSuite\watchdog.exe (Greatis Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\User 1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (athrusb6) -- C:\Windows\SysNative\DRIVERS\athrxu6.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (RegGuard) -- C:\Windows\SysWOW64\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\Windows\system32\drivers\Partizan.sys (Greatis Software)
DRV - (CSC) -- C:\Windows\CSC [2008/12/26 23:51:04 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: {8a39fe10-f553-11dd-87af-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/26 19:14:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/25 04:12:05 | 000,000,000 | ---D | M]
[2008/12/30 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Extensions
[2010/05/01 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions
[2009/10/16 03:34:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/15 13:27:52 | 000,000,000 | ---D | M] (zblack) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2008/12/26 21:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/04 16:05:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/08 13:18:23 | 000,000,000 | ---D | M] (Proto_Dust) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}
[2009/07/15 13:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/15 13:27:52 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/04/04 16:04:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/04 16:05:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/01/19 22:16:39 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\moveplayer@movenetworks.com
[2009/04/29 16:39:29 | 000,001,739 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\aim-search-1.xml
[2008/12/31 21:40:04 | 000,001,739 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\aim-search.xml
[2009/03/30 13:47:24 | 000,000,655 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\yahoo-search.xml
[2010/05/01 16:09:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/26 19:19:23 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2010/04/26 19:15:19 | 000,000,792 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (hotrevenue browser enhancer) - {C0745218-B667-F3F7-89AD-8848B9927739} - C:\Windows\SysWOW64\pxdbmdsqgpfnqf.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ezLife] File not found
O4 - HKLM..\Run: [vsvoczrnnqhsbpb] C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9xsl = C:\Users\USER1~1\AppData\Local\Temp\77wi.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (hiwazedo.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\systemnative\userinit.exe) - c:\windows\systemnative\userinit.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files (x86)\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/04/26 19:27:00 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 01:00:00 | 000,000,122 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f0896b3-d3c9-11dd-acc0-ec17fc053c83}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{4f0896b3-d3c9-11dd-acc0-ec17fc053c83}\Shell\phone\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\SysWow64\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/12/27 02:31:58 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/12/27 02:32:13 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/05/01 21:09:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/05/01 18:58:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2010/05/01 18:57:40 | 000,000,000 | ---D | C] -- C:\Vipretemp
[2010/04/28 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Apple
[2010/04/28 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Apple Computer
[2010/04/28 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Adobe
[2010/04/27 20:29:49 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\AIM
[2010/04/27 20:29:44 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\AOL
[2010/04/27 15:52:36 | 000,000,000 | ---D | C] -- C:\Users\User 1\Desktop\dds
[2010/04/26 20:28:57 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Threat Expert
[2010/04/26 20:24:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/26 20:24:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/26 20:24:39 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/04/26 20:24:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/26 20:18:07 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/04/26 20:18:07 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/04/26 20:18:04 | 000,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/04/26 20:17:59 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\PC Tools
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/04/26 19:31:52 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/04/26 19:28:23 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\desktop.ini
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\comment.htt
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/26 19:26:22 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2010/04/26 19:26:22 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2010/04/26 19:26:16 | 000,000,000 | ---D | C] -- C:\Users\User 1\Documents\RegRun2
[2010/04/26 19:25:20 | 001,385,184 | ---- | C] (Greatis Software) -- C:\Windows\RunGuard.exe
[2010/04/26 19:25:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/04/26 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2010/04/26 19:19:24 | 000,000,000 | -HSD | C] -- C:\Users\User 1\AppData\Roaming\SystemProc
[2010/04/26 19:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ezLife
[2010/04/26 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\57FEB2771E017424312E3F6F5A51A206
[2010/04/25 02:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/15 03:02:57 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/15 03:02:37 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/15 03:02:37 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/15 03:02:36 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010/04/15 03:02:36 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010/04/15 03:02:36 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010/04/15 03:02:36 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/14 12:41:10 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 12:41:10 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 12:41:09 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 12:41:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/05 13:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/05 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/05 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/01 23:21:09 | 003,670,016 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT
[2010/05/01 23:14:15 | 000,695,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/01 23:14:15 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/01 23:14:15 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/01 23:10:13 | 000,066,702 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/01 23:10:13 | 000,066,702 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/01 23:09:55 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 23:09:55 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/05/01 23:09:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/05/01 23:09:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/01 23:09:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/01 23:08:53 | 000,524,288 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT{d2ff25c6-24f5-11df-b51f-001bfc43aaeb}.TMContainer00000000000000000001.regtrans-ms
[2010/05/01 23:08:53 | 000,065,536 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT{d2ff25c6-24f5-11df-b51f-001bfc43aaeb}.TM.blf
[2010/05/01 21:04:23 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2010/05/01 19:05:56 | 003,928,622 | -H-- | M] () -- C:\Users\User 1\AppData\Local\IconCache.db
[2010/05/01 19:05:49 | 000,000,004 | ---- | M] () -- C:\Program Files (x86)\187560.dat
[2010/05/01 18:58:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2010/05/01 17:13:16 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/01 17:13:16 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/30 16:24:42 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 15:47:57 | 000,001,118 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2010/04/28 10:24:22 | 003,308,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/27 16:25:20 | 000,004,100 | -H-- | M] () -- C:\Windows\SysWow64\mesideke
[2010/04/27 04:16:28 | 000,050,990 | ---- | M] () -- C:\Windows\SysWow64\eqpcpcyydhhaueen.exe
[2010/04/26 20:18:02 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/26 20:14:55 | 000,016,488 | -HS- | M] () -- C:\Users\User 1\AppData\Local\Do6pd
[2010/04/26 20:14:55 | 000,016,488 | -HS- | M] () -- C:\ProgramData\Do6pd
[2010/04/26 19:26:42 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/04/26 19:26:42 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/26 19:26:22 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2010/04/26 19:26:22 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2010/04/26 19:25:20 | 000,000,879 | ---- | M] () -- C:\Users\User 1\Desktop\RegRun Control Center.lnk
[2010/04/26 19:16:22 | 000,017,076 | -HS- | M] () -- C:\Users\User 1\AppData\Local\KLry0l
[2010/04/26 19:16:22 | 000,017,076 | -HS- | M] () -- C:\ProgramData\KLry0l
[2010/04/25 19:57:21 | 000,000,680 | ---- | M] () -- C:\Users\User 1\AppData\Local\d3d9caps.dat
[2010/04/25 04:12:07 | 000,001,419 | ---- | M] () -- C:\Users\User 1\Desktop\DivX Movies.lnk
[2010/04/25 00:39:20 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/04/23 08:06:42 | 000,381,952 | ---- | M] () -- C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll
[2010/04/22 15:05:59 | 000,010,852 | ---- | M] () -- C:\Users\User 1\Documents\planning.docx
[2010/04/21 23:54:52 | 000,024,576 | ---- | M] () -- C:\Users\User 1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/01 19:05:49 | 000,000,004 | ---- | C] () -- C:\Program Files (x86)\187560.dat
[2010/04/30 19:25:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/04/30 19:25:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/04/30 15:50:42 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/30 15:50:42 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/30 15:50:41 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/30 15:50:40 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/30 15:50:40 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/30 15:50:39 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/30 15:50:38 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/30 15:50:38 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/30 15:50:37 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/30 15:50:37 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/30 15:50:35 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/30 15:50:35 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/30 15:50:34 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/30 15:50:33 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/30 15:50:32 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/30 15:50:32 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/30 15:50:31 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/30 15:50:31 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/30 15:50:30 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/30 15:50:30 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/30 15:50:29 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/30 15:50:26 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/30 15:50:26 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/30 15:50:26 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/26 20:24:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/26 20:24:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/26 20:24:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/26 20:24:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/26 20:24:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/26 20:18:07 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/04/26 20:18:04 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/04/26 20:18:02 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/26 20:17:59 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/04/26 20:17:54 | 000,369,248 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistMSI083B.txt
[2010/04/26 20:17:54 | 000,011,246 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistUI083B.txt
[2010/04/26 20:17:54 | 000,010,578 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistUI083C.txt
[2010/04/26 20:08:06 | 000,016,488 | -HS- | C] () -- C:\Users\User 1\AppData\Local\Do6pd
[2010/04/26 20:08:06 | 000,016,488 | -HS- | C] () -- C:\ProgramData\Do6pd
[2010/04/26 19:30:15 | 000,001,118 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2010/04/26 19:26:42 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/04/26 19:26:42 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/26 19:25:20 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2010/04/26 19:25:20 | 000,020,192 | ---- | C] () -- C:\Windows\WinBait.org
[2010/04/26 19:25:20 | 000,020,192 | ---- | C] () -- C:\Windows\winbait .exe
[2010/04/26 19:25:20 | 000,000,879 | ---- | C] () -- C:\Users\User 1\Desktop\RegRun Control Center.lnk
[2010/04/26 19:14:04 | 000,050,990 | ---- | C] () -- C:\Windows\SysWow64\eqpcpcyydhhaueen.exe
[2010/04/26 19:13:48 | 000,017,076 | -HS- | C] () -- C:\Users\User 1\AppData\Local\KLry0l
[2010/04/26 19:13:48 | 000,017,076 | -HS- | C] () -- C:\ProgramData\KLry0l
[2010/04/22 14:31:21 | 000,010,852 | ---- | C] () -- C:\Users\User 1\Documents\planning.docx
[2010/04/15 06:58:44 | 000,381,952 | ---- | C] () -- C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll
[2010/04/05 13:50:32 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/02 21:19:09 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/09/25 18:21:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/09/23 18:58:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 18:58:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/10 00:02:01 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2009/01/04 16:42:25 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/27 02:49:22 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/12/27 02:49:22 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/12/27 02:49:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/12/27 02:49:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/12/27 02:49:22 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/12/27 02:49:22 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/12/27 01:20:22 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/12/26 23:37:06 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000071.DLL
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/12/26 23:48:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/05/01 14:16:29 | 000,000,079 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/03/17 06:41:22 | 000,171,136 | RHS- | M] () -- C:\grldr
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/11/15 15:20:05 | 000,001,105 | -H-- | M] () -- C:\IPH.PH
[2010/05/01 23:09:47 | 3802,460,160 | -HS- | M] () -- C:\pagefile.sys
[2010/04/26 20:07:09 | 000,001,724 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_26.04.2010_20.07.09_log.txt
[2010/04/26 20:07:19 | 000,001,724 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_26.04.2010_20.07.19_log.txt
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/26 19:26:22 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWOW64\drivers\Partizan.sys
[2010/05/01 21:04:23 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWOW64\drivers\regguard.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
OTL Extras logfile created on: 5/1/2010 11:17:33 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\User 1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 175.91 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVENG
Current User Name: User 1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = EF 08 F8 D7 ED 67 C9 01 [binary data]
"VistaSp2" = 80 4D 73 1F 19 4C CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3676554984-1807389713-3211740643-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D1DA13-2828-4E2B-84BE-9F7071DA6EEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{166799D3-A635-4562-AF82-A49ABF6B3526}" = lport=6117 | protocol=17 | dir=in | name=wc3-u6117 |
"{1CAE8886-FF44-4BD6-8F10-F647651F110A}" = lport=6112 | protocol=17 | dir=in | name=wc3-u6112 |
"{242C38EB-4266-43E2-B021-52D78ED4F944}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2A7ACCA6-38BA-44E5-BF18-08D18FCB6427}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{318073B5-0A9F-4B2D-AAAC-05AECD1D739D}" = lport=6118 | protocol=17 | dir=in | name=wc3-u6118 |
"{32393AC4-8D4B-4884-8DFF-813C9FE24810}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{326561E1-172C-457C-8453-87D83377C021}" = lport=80 | protocol=17 | dir=in | name=udp port 80 |
"{33065736-9F89-4615-8A7C-0EB494027367}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35D7DA92-F1C2-4F47-A54C-5FA068AFB3A8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3B6A3575-E975-41AB-A98C-CA7E59E4D6DE}" = lport=6119 | protocol=17 | dir=in | name=wc3- u6119 |
"{4768847C-158A-45B5-9DAA-A9F82620BA6D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4A91A663-4147-4B3A-86DA-A4FA598279CE}" = lport=6114 | protocol=17 | dir=in | name=wc3-u6114 |
"{4AFEE968-324B-46C0-89B1-9AB435988D69}" = lport=6116 | protocol=6 | dir=in | name=wc3-6116 |
"{4E7E8A45-EB02-4C6F-9FB7-75CDD19FE56D}" = rport=445 | protocol=6 | dir=out | app=system |
"{568581F6-982C-4EF2-9F93-244B0CC26C48}" = lport=6112 | protocol=6 | dir=in | name=wc3-6112 |
"{57792218-0923-496E-B721-B4D4F9856995}" = lport=6667 | protocol=6 | dir=in | name=mirc |
"{5B0F1DC0-A4FA-401F-A0A6-4567A5B0F9C9}" = lport=3724 | protocol=6 | dir=in | name=wowserver- 3724 |
"{67C3D02F-26F3-4938-93D0-D69393EAE5E9}" = lport=6113 | protocol=6 | dir=in | name=wc3-6113 |
"{73283694-3A69-4EE0-AD09-CE00B080683E}" = lport=3074 | protocol=17 | dir=in | name=udp port 3074 |
"{86535AC1-6EEB-4113-A3A1-31B7FCBF071A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D546349-5C7F-41F5-84D9-BBE37E149A4B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A2828E97-4120-41FA-AA8D-B90EA37816A8}" = lport=6117 | protocol=6 | dir=in | name=wc3-6117 |
"{A5BEC5A2-8E46-4319-8FBB-376AA8E00957}" = lport=138 | protocol=17 | dir=in | app=system |
"{A677F672-DAED-44DA-9AE7-A9D5616DAB95}" = lport=6116 | protocol=17 | dir=in | name=wc3-u6116 |
"{A6D3ED70-CD7C-42C1-90A3-DDB585C15EA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B36887B9-D588-4886-820F-A7CB2229A236}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7725877-8D6F-46BC-99A2-8EA89DC87424}" = rport=138 | protocol=17 | dir=out | app=system |
"{C800C88B-FAB5-4921-BBBA-794D52DEE214}" = lport=3306 | protocol=17 | dir=in | name=wowserver -3306 |
"{C9004D37-C869-492C-A824-31C724561426}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3C38C22-B27E-4DC3-A4C9-89AAE3F2A547}" = lport=6115 | protocol=6 | dir=in | name=wc3-6115 |
"{D762C389-CCBE-4AB9-94DE-D40EDE2F3825}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9484782-A500-4ECF-B4EE-4CA2BFC83A3B}" = lport=6119 | protocol=6 | dir=in | name=wc3-6119 |
"{DAB35803-0BB4-44E7-8B72-9316AA84253A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC263145-D952-47E4-B54A-3E90CB773FFD}" = lport=6113 | protocol=17 | dir=in | name=wc3-u6113 |
"{E64FAE7C-CDBE-4B29-A70B-3634C8FEAE85}" = lport=6118 | protocol=6 | dir=in | name=wc3-6118 |
"{E7DFE641-E283-4284-B5EC-CA07BB3B769C}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9BFAA49-D00E-4660-B005-C972209E4265}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB618777-0BAF-4D7F-A3A5-F721FFD93BF1}" = lport=3724 | protocol=17 | dir=in | name=wowserver -3724 |
"{F26A695A-1F7D-48B2-B7F3-DAAF68D882F5}" = lport=6114 | protocol=6 | dir=in | name=wc3-6114 |
"{F6B8B70A-911C-4F82-9694-3686D41369A7}" = lport=3306 | protocol=6 | dir=in | name=wowserver -3306 |
"{F7648077-1E3E-44F8-99CC-3964EDECB36C}" = lport=6667 | protocol=17 | dir=in | name=mirc |
"{F879CE17-B4D2-4F54-BC23-01A245C6BB4A}" = lport=6115 | protocol=17 | dir=in | name=wc3-u6115 |
"{FFB3F800-C793-4A8C-BEA9-CAE20266A4DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0108B6A5-405B-448E-89A7-7F5D372DDC00}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{041D5E75-9C89-4E36-BFA0-6D7F3A5896E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{05E5F4D8-8047-4037-A6E0-355BC3F2AA74}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{07CD643A-C6C9-465F-B21D-6D89A4335352}" = protocol=17 | dir=in | app=c:\users\user 1\appdata\roaming\mjusbsp\magicjack.exe |
"{07FB4D73-0669-4077-B6B3-006DF8F89666}" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{0C544971-683F-4288-AD4E-382DD2F0B062}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{18B52118-059E-46B7-B3FA-5C12984E6DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |
"{1CA73980-F81D-42C2-B32B-0F27C62E8A26}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1E185594-48CD-4D02-9623-A2DC807A1C13}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{20F4F68A-5BAF-4022-91BE-CBBFE0B381F7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{2B481661-458D-45F8-9E1D-A3164968A615}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{2E3B73D6-AC53-4904-97A0-02BB6AF8AD1A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3C19DED6-46F3-4238-A54F-B4C3720F369B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F5CE00A-A68C-48F3-8344-CB2A6F360024}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{4649413E-94BD-4D12-B1B1-0E25082F31E0}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow.exe |
"{4899C267-E411-4DF7-A149-915EFC158B32}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{4954450C-AB34-4AC6-B7A3-DB693E843425}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C436BFE-501A-4968-8C70-D0C314E4CC1D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{50118E49-F479-4BB4-AA07-861007CE981C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{54896F8D-8194-4DD4-9AD9-F6F9E79596C1}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{55B657ED-4634-4238-AFE7-DE83CC5F84E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{575E9073-31F2-435D-A011-7AB6A8CF03D0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58009181-1CAE-4D34-9E1E-D6525D906280}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{58504A4E-7EB8-47DF-9E0E-C49CAF72FE8F}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{5C1BEA9C-3698-4886-A82C-9355C9205D7B}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{5D55D7DB-5EA0-4CA3-82A6-371697D5C877}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{66B054D4-26D3-4A0E-AEA3-8233830F84D1}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{676B3DCA-FD32-4362-BEAA-BDB453AA5462}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe |
"{68924335-F39D-4BA2-BD90-D443B5DFB186}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{69C410C7-B470-4BC5-8632-A1D448342E44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{6B1E6848-10FC-40A8-B740-B3C91F984398}" = protocol=17 | dir=in | app=c:\users\user 1\downloads\utorrent.exe |
"{6CB5E5F0-BF7F-49D2-97F4-46D6126CEE2C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{6CBD3052-7169-46F3-A67D-19A5CE29EF6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D08E1B6-04BA-4A29-8342-4D29A951B5C7}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{6E8D354A-FFC8-4517-A3B3-F729C1E89486}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{6F1A7A04-AA86-4233-82A4-50925658472D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow.exe |
"{6FE96DB0-9718-4326-B214-4F582B828225}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe |
"{78EE0B2B-D862-49C6-BB0C-4A7A0B110E2E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{796CB195-2C01-4525-B276-CA63BDCD2886}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C1E5EF8-715D-4B16-A7AD-489D4DA6A4FA}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{7E470E9B-43C5-476B-BDFC-9EFCC86629F3}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{7E9C0FA9-A3FA-4317-A9FA-7A146731AC25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{819CE24F-8DCE-42A2-B73C-7BCD98C272AE}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{83507550-9EBB-4827-88C1-3C8C4B3C82D2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{84655CEC-338C-4EEC-8347-3A9AFC60B68D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe |
"{8E94345C-8B7E-48C0-8E34-B6E37AB01340}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{914B99CF-34A6-4552-BD4D-9F7B692E18CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9695534F-AEB6-4F0F-BF26-BE24BAA7B020}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{975B4F74-A0E7-45C1-BCF7-268EC901B842}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{99E0B211-12B0-4966-AE08-D28BAFFC04FE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{A62D8F54-98B3-4C97-909B-D717876AE2B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{A6304B87-A84B-40E3-B907-AAEEAB05DB56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A71E9940-D481-45CD-BBD1-29D5A9ABA38C}" = protocol=6 | dir=in | app=c:\users\user 1\downloads\utorrent.exe |
"{A7D2A1A6-BAB4-4331-9F3D-469DF0D13CE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AB59D384-352F-4E7D-B150-B57E78F902A5}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{AE47AF00-3293-4E22-9949-40F98ABD4AC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B129538B-10EA-4433-9219-7B9A44E95556}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC41FE39-DA3C-4FDE-9786-D69E49D1AAC6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{C2B836CF-24D7-4074-9980-5EBE5500738D}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{C428D2DC-8065-492F-B2AD-F2286B9888F5}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C4CFDBC4-52FC-45BB-99C1-B9689369705E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{CE6C7BFB-D922-4126-9071-C36042A457BD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{CF113C36-5A50-4236-BB9E-B5636EC5CE28}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{CFC420E1-C3D2-43CF-8212-9475A5F373C8}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D398DBD0-5C83-4B73-B263-6AAE9AAF8EBA}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashserv.exe |
"{D61168D8-1000-4E4A-874C-62FB24CED83F}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{D6433413-8243-4EED-A31A-3CD8D531701D}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{DA5A6671-6334-4021-9082-F254EEC13C4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DAAB6932-FA53-4DC9-93B0-A2A30B966534}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe |
"{DC0FA12C-8440-4A7D-9B2D-3E69B3A48E89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DE83C026-77EA-45EF-9EBC-A41810E2EBF6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E0BA9B43-9120-42A1-8294-1ADD24BFA934}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{E1F4064D-17FD-4F5D-A0D1-5423FF50A4B2}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashdisp.exe |
"{E3E5E284-38C3-4752-8229-7ACA0D69A2AA}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{E4A28655-522C-4504-9E4C-77F2692B7BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{E4FE2AB9-7450-40AE-A65F-5659C52A3D77}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{E7687FE5-4E26-485C-932C-C217A663AE27}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |
"{EE971B15-4135-431E-9B63-43F705660766}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F71D0D21-AF06-4172-8E57-81DD0EBBD6DD}" = protocol=6 | dir=in | app=c:\users\user 1\appdata\roaming\mjusbsp\magicjack.exe |
"{F8207626-6BF6-4AAA-BBDE-903F6D447CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{FAB8237A-0F73-4FD8-8392-4D8DFAE94D86}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{FBD0BE0F-A924-4211-9491-B09EC1FF3A93}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\ituneshelper .exe |
"{FD7F56AC-A984-4BEF-818C-8CF700AD741E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FF1CDC77-2DCF-445F-9FEE-03F98896BB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"TCP Query User{0501A21E-0321-4EFD-9537-FFEB1D23BC92}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"TCP Query User{0FC6C907-68DB-4960-AF58-9808D57E9EE3}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"TCP Query User{147C1228-107E-4C3D-AC7C-0850F7F39B0F}C:\arcemu\database\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\arcemu\database\bin\mysqld-nt.exe |
"TCP Query User{19C2D545-924B-416D-845D-D9DC89191503}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{20AAD504-C4BB-4540-9BB2-958ADCFA90CC}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{376BCFCE-5F2E-4586-AB71-40319062233B}C:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{43B0DE91-8805-4B6A-A17B-2CA71003E904}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{45249871-3C06-40BB-99BF-840B5CBFF3A7}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"TCP Query User{49FF4ACA-4820-43FA-B128-5D0FC3894546}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{54ABEC19-6FD5-485E-921B-FC601656AEBB}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{675AAC1B-D814-4F05-B619-279B4DB50673}C:\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\arcemu\arcemu-logonserver.exe |
"TCP Query User{84A01C05-E6A7-46C9-9728-D847919469E0}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{8AFDC63D-E395-4C10-8515-266C6032A0A1}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{8BDF7249-F4B6-4EF4-B2EB-575B747FF314}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{978B7816-BD98-4F56-92D4-5CC385CC6CF0}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"TCP Query User{A6E3BE5D-AB42-4311-BCA9-906008A0006A}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{BA6E1E25-8621-4775-911B-D6153A128F95}C:\program files (x86)\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"TCP Query User{BCF87D14-E611-49F0-8A18-596B9EFA8F0D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{BF625C2D-8C51-423D-B478-4307C3204DA4}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{C09A775D-35C8-4A71-ACE7-03284B43FB76}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{CE7C99B3-2022-442E-9F07-D02BA2E1201F}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{D94A3C73-BE4E-4BD2-A4D0-9C156BFAE9F0}C:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe |
"TCP Query User{F5615160-D567-4E67-AD6A-8E7A53D9E2CA}C:\3.0.3 server\emu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\3.0.3 server\emu\arcemu-world.exe |
"TCP Query User{F7560A03-873B-4159-926B-30072C8AC39C}C:\3.0.3 server\emu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\3.0.3 server\emu\arcemu-logonserver.exe |
"TCP Query User{FB3EAD38-FD18-475C-AD3A-8E9CCE7CFFEA}C:\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\arcemu\arcemu-world.exe |
"UDP Query User{0CD2DD1F-71CE-4DDF-AEA9-48C01588370B}C:\program files (x86)\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"UDP Query User{0CEF974C-82F8-4007-816B-075053BCFF00}C:\3.0.3 server\emu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\3.0.3 server\emu\arcemu-world.exe |
"UDP Query User{170E6C4E-90F7-4D82-A22C-A5545A1C7FE1}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{19D46B13-9A09-4A8B-BEEC-2A148A29F3F0}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{2B213CB0-B581-4F3C-B1FA-792E66EDF511}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{34B287E1-DB97-4D99-B115-BAB5EC3F280C}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{4A22DA1E-99F5-4422-BA1A-282100CFAAB3}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{4E3FA7C9-86A8-4F36-953B-02099F2040E9}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{4F9A46E0-29D0-4D4A-99D7-7B749E1A21EA}C:\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\arcemu\arcemu-world.exe |
"UDP Query User{77E5A5A1-2646-4D53-A8DD-875A24E83019}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{79123890-A21D-4A5E-B81C-B80E5CB3111E}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{7A6F07AB-8F35-4178-B62D-970945B45282}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{8C4F9592-7993-4A56-9295-392F311821B9}C:\3.0.3 server\emu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\3.0.3 server\emu\arcemu-logonserver.exe |
"UDP Query User{9C68DDD3-18A4-4473-B3DC-2BF8486803E2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A46F9ED7-FFFF-47E4-8739-97824A457D5A}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"UDP Query User{AD25A759-E0B2-4A55-9B33-988A17689F67}C:\arcemu\database\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\arcemu\database\bin\mysqld-nt.exe |
"UDP Query User{ADE7F007-D4FA-4629-95E9-B2CBB0413038}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"UDP Query User{C1ACC2AE-0B44-4511-B380-241EDAB0FA06}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{CB7DA737-8732-4B2B-ABEE-A1B6D98548E9}C:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{CC5C8479-928D-4DB2-AEB5-2269194BB01F}C:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\downloads\mircb_lacn\mirc\mirc.exe |
"UDP Query User{CCDA7340-452A-415D-B608-E2988DF7170A}C:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\desktop\koc\mircb_lacn\mirc\mirc.exe |
"UDP Query User{D5ED75BD-6D94-4560-BDDF-448400D68B4F}C:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user 1\desktop\mircb_lacn\mirc\mirc.exe |
"UDP Query User{E228C3C2-3C46-449C-B017-BF59FCBE880B}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{EAADF40D-733D-4A90-88BC-3FF6339C382B}C:\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\arcemu\arcemu-logonserver.exe |
"UDP Query User{EDC109CB-2865-4D06-9289-772A77E13975}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2E24D722-06C0-4315-BC57-7C9CD2F6179E}" = Vista Manager
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
"{01D76D8E-A496-4870-8357-87C6D2B5E807}" = MySQL Server 5.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AIM_7" = AIM 7
"ALSee_is1" = ALSee
"ALUpdate_is1" = ALTools Update
"ASIO4ALL" = ASIO4ALL
"avast!" = avast! Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Collab" = Collab
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DC-Bass Source" = DC-Bass Source 1.1.1
"Demigod" = Demigod
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eqpcpcyydhhaueen" = Performance Solution Hotrevenue
"ezLife" = ezLife browser enhancer
"FL Studio 8" = FL Studio 8
"HaaliMkx" = Haali Media Splitter
"hon" = Heroes of Newerth
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PremiumSoft Navicat 8.0 Lite for MySQL_is1" = PremiumSoft Navicat 8.0 Lite for MySQL
"RealMedia" = RealMedia (remove only)
"RegRun Security Suite_is1" = RegRun Security Suite Standard
"Runic Games Torchlight" = Torchlight
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 10150" = Prototype
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WhatPulse" = WhatPulse 1.6.2.1
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 10/17/2009 3:24:02 AM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\riched20.dll failed, 00000005.
Error - 11/3/2009 4:32:49 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User 1\AppData\Local\Adobe\Updater5\Install\versioncueclient3\VC_client_310_1.exe
failed, 00000005.
Error - 12/8/2009 11:41:31 AM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\AIM\plds4.dll failed, 00000005.
Error - 1/27/2010 12:57:56 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\WriteMiniDump.exe failed, 00000005.
Error - 3/3/2010 4:58:55 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\dbghelp.dll failed, 00000005.
Error - 3/17/2010 2:12:33 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
failed, 00000005.
Error - 3/17/2010 2:12:41 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SysWOW64\mfc42u.dll failed, 00000005.
Error - 4/7/2010 11:09:34 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User 1\AppData\Roaming\Microsoft\Office\Recent\seminar.LNK failed, 00000026.
Error - 4/24/2010 12:48:11 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\SteamApps\common\dawn of war 2\WorldBuilder.exe failed,
00000005.
Error - 4/25/2010 1:31:43 PM | Computer Name = StevenG | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files (x86)\Steam\SteamApps\common\dawn of war 2\ChaosRisingGDF.dll
failed, 00000005.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Hi again,
It seems your Adobe product isn't legit one. That's why I have to request you to uninstall Adobe CS3 and CS4 related programs.
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O4 - HKLM..\Run: [vsvoczrnnqhsbpb] C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O20 - AppInit_DLLs: (hiwazedo.dll) - File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{50118E49-F479-4BB4-AA07-861007CE981C}"=-
"{68924335-F39D-4BA2-BD90-D443B5DFB186}"=-
"{6B1E6848-10FC-40A8-B740-B3C91F984398}"=-
"{A71E9940-D481-45CD-BBD1-29D5A9ABA38C}"=-
:Files
C:\Users\User 1\AppData\Roaming\57FEB2771E017424312E3F6F5A51A206
C:\Windows\tasks\At9.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At1.job
C:\Program Files (x86)\187560.dat
C:\Windows\SysWow64\mesideke
C:\Windows\SysWow64\eqpcpcyydhhaueen.exe
C:\Users\User 1\AppData\Local\Do6pd
C:\ProgramData\Do6pd
C:\Users\User 1\AppData\Local\KLry0l
C:\ProgramData\KLry0l
C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll
c:\program files (x86)\utorrent
c:\users\user 1\downloads\utorrent.exe
:Commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 20 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the downloaded Java setup file to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report.
Fixed with OTL, Updated Java and Ran ATF
Waiting on Kaspersky Scanner to finish...
Just wondering, do you want me to do another OTL scan and post the logs or just post the log from the fix?
I'll check this again tomorrow afternoon and post all the logs you need.
This is only the fix logs, hopefully it's what you needed.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vsvoczrnnqhsbpb deleted successfully.
C:\Windows\SysWOW64\pxdbmdsqgpfnqf.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:hiwazedo.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe\ deleted successfully.
File move failed. C:\Windows\SysWOW64\svchost.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\ deleted successfully.
File move failed. C:\Windows\SysWOW64\svchost.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50118E49-F479-4BB4-AA07-861007CE981C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50118E49-F479-4BB4-AA07-861007CE981C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68924335-F39D-4BA2-BD90-D443B5DFB186} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68924335-F39D-4BA2-BD90-D443B5DFB186}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B1E6848-10FC-40A8-B740-B3C91F984398} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B1E6848-10FC-40A8-B740-B3C91F984398}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A71E9940-D481-45CD-BBD1-29D5A9ABA38C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A71E9940-D481-45CD-BBD1-29D5A9ABA38C}\ not found.
========== FILES ==========
C:\Users\User 1\AppData\Roaming\57FEB2771E017424312E3F6F5A51A206 folder moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Program Files (x86)\187560.dat moved successfully.
C:\Windows\SysWow64\mesideke moved successfully.
C:\Windows\SysWow64\eqpcpcyydhhaueen.exe moved successfully.
C:\Users\User 1\AppData\Local\Do6pd moved successfully.
C:\ProgramData\Do6pd moved successfully.
C:\Users\User 1\AppData\Local\KLry0l moved successfully.
C:\ProgramData\KLry0l moved successfully.
File\Folder C:\Windows\SysWow64\pxdbmdsqgpfnqf.dll not found.
c:\program files (x86)\uTorrent folder moved successfully.
File\Folder c:\users\user 1\downloads\utorrent.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 33096 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3389016 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: User 1
->Temp folder emptied: 95361124 bytes
->Temporary Internet Files folder emptied: 64009471 bytes
->Java cache emptied: 85435350 bytes
->FireFox cache emptied: 39453621 bytes
->Google Chrome cache emptied: 6360256 bytes
->Flash cache emptied: 334240 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 52539 bytes
Total Files Cleaned = 281.00 mb
OTL by OldTimer - Version 3.2.4.0 log created on 05032010_160852
Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\svchost.exe scheduled to be moved on reboot.
C:\Users\User 1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8EDCKHM\4b9a814362279CAYVKRXL.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8EDCKHM\4b9a81cc7dc85CAB1G0PJ.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8EDCKHM\4bcf48bbcdc9b[10].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4V59SGI\4b9a8176e55b9CA0EJ5S5.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\4bd71e0978b46CAN0T2BE.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\4bdaed56e1297CA44EBZS.htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[3] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[4] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[5] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[6] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[7] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[8] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEF2KV8Z\st[9] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3T85N3O\101ktm[1].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3T85N3O\4bd7046747fd2[3].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3T85N3O\4bd9d59c13d44[5].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\4bd7046747fd2CATV5JMH.htm moved successfully.
File move failed. C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\CAUAS5F9CA1J270ACADPG4HQCADROMIMCAMFC4MOCA6ABX23CAC1NCUUCALX1OSDCAFM25ZXCA1Q9Q46CAMUC4KFCALF8LK2CAUUBL3CCAT1KP10CANNTFVZCAKD8R1OCA6SDRWGCA8CV43UCA8X84A4CABV0NNM scheduled to be moved on reboot.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\st moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\st[10] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A19HU3NX\st[11] moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PS1JO5R\4b9a81cc7dc85[8].htm moved successfully.
C:\Users\User 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PS1JO5R\4bd86ecfbc551CAR5OPVY.htm moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 3, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 03, 2010 16:59:46
Records in database: 4038720
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
E:\
F:\
Scan statistics:
Objects scanned: 234522
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:00:03
No threats found. Scanned area is clean.
Selected area has been scanned.
Hi,
Please post a fresh OTL log too. Also, update MBAM database and run a quick scan with it. Post back the report. How's the system running?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4066
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
5/4/2010 3:39:05 PM
mbam-log-2010-05-04 (15-39-05).txt
Scan type: Quick scan
Objects scanned: 132129
Time elapsed: 4 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0745218-b667-f3f7-89ad-8848b9927739} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c0745218-b667-f3f7-89ad-8848b9927739} (Adware.AdRotator) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\9xsl (Trojan.Downloader) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\User 1\AppData\Local\ave.exe" /START "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Program Files (x86)\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files (x86)\ezLife\ezLife (Adware.EzLife) -> No action taken.
C:\Program Files (x86)\ezLife\ezLife\1.5.2.0 (Adware.EzLife) -> No action taken.
C:\Users\User 1\AppData\Roaming\SystemProc (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> No action taken.
Files Infected:
C:\Program Files (x86)\ezLife\ezLife\1.5.2.0\uninstall.exe (Adware.EzLife) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> No action taken.
C:\Users\Administrator\Desktop\AP Manager.lnk (Rogue.APManager) -> No action taken.
C:\Users\User 1\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> No action taken.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> No action taken.
---------------------------------------------------------------------
I'm running a OTL scan right now and will post the reports. As far as how the system is running, a lot better. Its not sluggish anymore but there are some browser redirecting going on. It clearly still has some problems left but its at least usable now.
Hi,
While OTL is running I'd like to verify those MBAM findings were removed. That did happen, right?
Yes, I removed all the infected objects MBAM found.
--------------------------------------------------
OTL logfile created on: 5/4/2010 3:47:54 PM - Run 2
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\User 1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 174.84 Gb Free Space | 46.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVENG
Current User Name: User 1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\User 1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\User 1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (athrusb6) -- C:\Windows\SysNative\DRIVERS\athrxu6.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (RegGuard) -- C:\Windows\SysWOW64\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\Windows\system32\drivers\Partizan.sys (Greatis Software)
DRV - (CSC) -- C:\Windows\CSC [2008/12/26 23:51:04 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: {8a39fe10-f553-11dd-87af-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/04 15:39:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/03 16:24:02 | 000,000,000 | ---D | M]
[2008/12/30 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Extensions
[2010/05/04 15:30:13 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions
[2009/10/16 03:34:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/15 13:27:52 | 000,000,000 | ---D | M] (zblack) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2008/12/26 21:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/04 16:05:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/08 13:18:23 | 000,000,000 | ---D | M] (Proto_Dust) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}
[2009/07/15 13:27:52 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/04/04 16:04:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/04 16:05:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/01/19 22:16:39 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\kuky3h7i.default\extensions\moveplayer@movenetworks.com
[2009/04/29 16:39:29 | 000,001,739 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\aim-search-1.xml
[2008/12/31 21:40:04 | 000,001,739 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\aim-search.xml
[2009/03/30 13:47:24 | 000,000,655 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\Mozilla\FireFox\Profiles\kuky3h7i.default\searchplugins\yahoo-search.xml
[2010/05/04 15:42:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/03 16:24:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/03 16:23:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2010/04/26 19:15:19 | 000,000,792 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files (x86)\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/04/26 19:27:00 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 01:00:00 | 000,000,122 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f0896b3-d3c9-11dd-acc0-ec17fc053c83}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{4f0896b3-d3c9-11dd-acc0-ec17fc053c83}\Shell\phone\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\SysWow64\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/05/04 15:33:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/04 15:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/03 16:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/03 16:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/05/03 16:24:02 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/05/03 16:24:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/05/03 16:24:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/05/03 16:24:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/05/03 16:22:51 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\User 1\Desktop\ATF-Cleaner.exe
[2010/05/03 16:08:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/01 21:09:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/05/01 18:58:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2010/05/01 18:57:40 | 000,000,000 | ---D | C] -- C:\Vipretemp
[2010/04/27 15:52:36 | 000,000,000 | ---D | C] -- C:\Users\User 1\Desktop\dds
[2010/04/26 20:28:57 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Threat Expert
[2010/04/26 20:24:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/26 20:24:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/26 20:24:39 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/04/26 20:24:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/26 20:18:07 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/04/26 20:18:07 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/04/26 20:18:04 | 000,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/04/26 20:17:59 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\PC Tools
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/26 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/04/26 19:31:52 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/04/26 19:28:23 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\desktop.ini
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\comment.htt
[2010/04/26 19:27:00 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/26 19:26:22 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2010/04/26 19:26:22 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2010/04/26 19:26:16 | 000,000,000 | ---D | C] -- C:\Users\User 1\Documents\RegRun2
[2010/04/26 19:25:20 | 001,385,184 | ---- | C] (Greatis Software) -- C:\Windows\RunGuard.exe
[2010/04/26 19:25:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/04/26 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2010/04/25 02:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/15 03:02:57 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/15 03:02:37 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/15 03:02:37 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/15 03:02:36 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010/04/15 03:02:36 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010/04/15 03:02:36 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010/04/15 03:02:36 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/14 12:41:10 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 12:41:10 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 12:41:09 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 12:41:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/05 13:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/05 13:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/05 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/05 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
========== Files - Modified Within 30 Days ==========
[2010/05/04 15:48:01 | 003,670,016 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT
[2010/05/04 15:47:41 | 000,066,702 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/04 15:46:49 | 000,695,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/04 15:46:49 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/04 15:46:49 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/04 15:41:39 | 000,066,702 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/04 15:41:17 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 15:41:17 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 15:41:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 15:41:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 15:39:57 | 000,524,288 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT{d2ff25c6-24f5-11df-b51f-001bfc43aaeb}.TMContainer00000000000000000001.regtrans-ms
[2010/05/04 15:39:57 | 000,065,536 | -HS- | M] () -- C:\Users\User 1\NTUSER.DAT{d2ff25c6-24f5-11df-b51f-001bfc43aaeb}.TM.blf
[2010/05/04 15:39:56 | 004,026,621 | -H-- | M] () -- C:\Users\User 1\AppData\Local\IconCache.db
[2010/05/04 15:33:32 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 15:28:58 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2010/05/03 16:23:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/05/03 16:23:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/05/03 16:23:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/05/03 16:23:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/05/03 16:22:51 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\User 1\Desktop\ATF-Cleaner.exe
[2010/05/02 17:37:25 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/01 18:58:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2010/05/01 17:13:16 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/01 17:13:16 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/30 15:47:57 | 000,001,118 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 10:24:22 | 003,308,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/26 20:18:02 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/26 19:26:42 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/04/26 19:26:42 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/26 19:26:22 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2010/04/26 19:26:22 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2010/04/26 19:25:20 | 000,000,879 | ---- | M] () -- C:\Users\User 1\Desktop\RegRun Control Center.lnk
[2010/04/25 19:57:21 | 000,000,680 | ---- | M] () -- C:\Users\User 1\AppData\Local\d3d9caps.dat
[2010/04/25 04:12:07 | 000,001,419 | ---- | M] () -- C:\Users\User 1\Desktop\DivX Movies.lnk
[2010/04/25 00:39:20 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/04/22 15:05:59 | 000,010,852 | ---- | M] () -- C:\Users\User 1\Documents\planning.docx
[2010/04/21 23:54:52 | 000,024,576 | ---- | M] () -- C:\Users\User 1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2010/05/04 15:33:32 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 19:25:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/04/30 19:25:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/04/26 20:24:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/26 20:24:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/26 20:24:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/26 20:24:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/26 20:24:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/26 20:18:07 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/04/26 20:18:04 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/04/26 20:18:02 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/26 20:17:59 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/04/26 20:17:54 | 000,369,248 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistMSI083B.txt
[2010/04/26 20:17:54 | 000,011,246 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistUI083B.txt
[2010/04/26 20:17:54 | 000,010,578 | ---- | C] () -- C:\Users\User 1\AppData\Local\dd_vcredistUI083C.txt
[2010/04/26 19:30:15 | 000,001,118 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2010/04/26 19:26:42 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/04/26 19:26:42 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/26 19:25:20 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2010/04/26 19:25:20 | 000,020,192 | ---- | C] () -- C:\Windows\WinBait.org
[2010/04/26 19:25:20 | 000,020,192 | ---- | C] () -- C:\Windows\winbait .exe
[2010/04/26 19:25:20 | 000,000,879 | ---- | C] () -- C:\Users\User 1\Desktop\RegRun Control Center.lnk
[2010/04/22 14:31:21 | 000,010,852 | ---- | C] () -- C:\Users\User 1\Documents\planning.docx
[2010/04/05 13:50:32 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/02 21:19:09 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/09/25 18:21:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/09/23 18:58:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 18:58:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/10 00:02:01 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2009/01/04 16:42:25 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/27 02:49:22 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/12/27 02:49:22 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/12/27 02:49:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/12/27 02:49:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/12/27 02:49:22 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/12/27 02:49:22 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/12/27 01:20:22 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/12/26 23:37:06 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000071.DLL
========== Alternate Data Streams ==========
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Hi,
Is the redirection issue still present? If yes, please test with both Internet Explorer and Firefox to find out if the issue bothers those both.
Well I tried out a few searches and everything went well. I don't know if it is completely gone but I haven't had a problem today with it.
Great. Seems that we turned this case into victory after all then :)
Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
I'm having trouble resetting my system restore.
I follow them up to #5 where there is no system protection tab.
There is an Advanced tab though and there is an option for Startup and Recovery. But it's only about startup times and shutting down.
Hi,
Press window button+R to bring up run dialog and type systempropertiesprotection.exe in the field (and hit enter). Does it open system protection visible to you to you?
All that does is open system properties with the same options as before.
Please download the Registry Search tool by clicking on the
hard drive icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop. Right click the file and select 'run as administrator' to run it. If you get an alert from your antivirus about scripting, choose to allow the script to run.
Search for SystemRestore and click OK. Attach the logfile from the tool here for me.
Hi,
1. Click Start, type gpedit.msc and press ENTER
2. Go to the following branch:
Computer Configuration | Administrative Templates | System | System Restore
3. Double-click Turn off Configuration and set it to Not configured.
Note: If the above setting is already set to Not configured, set it to Enabled and click Apply. Then revert back the setting to Not configured, and click Apply, OK.
4. Exit the Group Policy Editor.
Is the system protection tab now visible?
Yes the options are available now. I have followed the instructions in your previous post. My system is almost back to normal but I do notice a bit of sluggishness and especially when a program is accessing the hard drive to save a file or open a file.
Hi,
Run a disk check (http://maximumpcguides.com/windows-vista/how-to-use-check-disk-in-windows-vista/) and defragment after that. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk (http://www.perfectdisk.com/home) and Diskeeper (http://www.diskeeper.com/diskeeper/home/diskeeper.aspx). Of free options I recommend MyDefrag (http://www.mydefrag.com/).
Did both of those, still SOME lag when I try to explore on the harddrive but not much. All noticeable symptoms are gone.
Thanks a lot for your help. I know you said you couldn't guarantee a clean system but it worked out.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.