Justin The Terrible
2010-06-30, 20:08
It randomly kicks me off of IRC and logs me out of forums. One of my emails sent a spam link to all my contacts advertising Viagrow?... Most sites time out while trying to connect to them, but they work fine on my mom's pc...I scanned with spybot and avast and both turned up nothing. I downloaded Kaspersky(trial) and I am scanning currently. I would really not like having to reinstall windows 7. I have a lot of games installed and reinstalling would be a lot of time.
Specs:
Intel core 2 quad 2.66ghz
2048gb RAM corsair 1033mhz
evga 780I Mother board
Nvidia 8400gs
creative audio sound card
1tb hitachi Hard-disk -windows 7 on it
160gb westgate - linux on it
Asus dual function optical drive.
Windows 7 64bit
DDS Log:
DDS (Ver_10-03-17.01) - NTFSX64
Run by Justin at 11:54:57.46 on Wed 06/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2047.814 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\PlatinumHideIP\PlatinumHideIP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe
C:\Users\Justin\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
uRun: [CreativeTaskScheduler] "c:\program files (x86)\creative\shared files\CTSched.exe" /logon
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Platinum Hide IP] c:\program files (x86)\platinumhideip\PlatinumHideIP.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [NBAgent] "c:\program files (x86)\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RivaTunerStartupDaemon] "c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\pc7e241n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2578255&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - T-W Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2578255&q=
FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 27736]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-5-7 344736]
R2 NAUpdate;Nero Update;c:\program files (x86)\nero\update\NASvc.exe [2010-3-25 490280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-4-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 22544]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-5-7 460888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 OpinionSquare;OpinionSquare;c:\program files (x86)\opinionsquare\opservice.exe /service --> c:\program files (x86)\opinionsquare\opservice.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-4-3 79360]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-4-30 51776]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-3 1255736]
=============== Created Last 30 ================
2010-06-29 06:05:00 125680 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-06-29 03:46:28 149773 ----a-w- c:\windows\system32\drivers\klin.dat
2010-06-29 03:46:28 106765 ----a-w- c:\windows\system32\drivers\klick.dat
2010-06-29 03:45:27 0 d-----w- c:\programdata\Kaspersky Lab
2010-06-29 03:45:27 0 d-----w- c:\program files (x86)\Kaspersky Lab
2010-06-29 03:38:31 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-06-27 15:41:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-27 15:41:06 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-06-27 15:41:05 0 d-----w- c:\users\justin\appdata\roaming\SUPERAntiSpyware.com
2010-06-23 08:01:13 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 08:01:13 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-23 08:01:12 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-23 08:01:12 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 08:01:12 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 08:01:12 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 08:01:12 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-23 08:01:12 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 08:01:12 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-23 08:01:12 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 03:43:27 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 03:43:26 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-06-23 03:43:26 552960 ----a-w- c:\windows\system32\msdri.dll
2010-06-23 03:43:26 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 03:43:26 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-06-23 03:43:25 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 03:43:25 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-06-23 03:43:21 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 03:43:21 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-06-22 20:58:06 0 d-----w- c:\program files\iPod
2010-06-22 20:58:05 0 d-----w- c:\program files\iTunes
2010-06-22 20:56:00 0 d-----w- c:\program files\Bonjour
2010-06-22 20:56:00 0 d-----w- c:\program files (x86)\Bonjour
2010-06-16 20:02:26 0 d-----w- c:\program files (x86)\RAR Password Cracker
2010-06-15 23:18:07 0 d-----w- c:\programdata\Creative Labs
2010-06-15 21:42:19 0 d-----w- c:\users\justin\Rob's stuff
2010-06-15 21:02:15 0 d-----w- c:\program files (x86)\StarCraft
2010-06-15 21:02:15 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment
2010-06-15 12:32:43 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-06-15 12:32:13 0 d-----w- c:\programdata\NVIDIA Corporation
2010-06-15 08:34:04 0 d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-06-14 23:59:44 0 d-----w- c:\programdata\Hewlett-Packard
2010-06-14 01:09:13 0 d-----w- c:\program files (x86)\PFPortChecker
2010-06-13 19:39:22 25 ----a-w- c:\windows\cdplayer.ini
2010-06-13 19:38:43 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-06-13 19:38:37 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-06-13 19:38:37 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-06-13 19:38:21 0 d-----w- c:\program files (x86)\common files\xing shared
2010-06-13 19:38:05 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2010-06-13 19:38:03 0 d-----w- c:\programdata\Real
2010-06-13 19:38:03 0 d-----w- c:\program files (x86)\common files\Real
2010-06-13 19:21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2010-06-13 09:30:24 0 d-----w- c:\program files (x86)\VentSrv
2010-06-12 21:58:17 0 d-----w- c:\program files\Ventrilo
2010-06-12 21:58:13 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2010-06-12 16:59:27 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-06-12 16:59:27 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-06-12 06:56:43 0 d-----w- c:\programdata\Nexon
2010-06-12 06:15:51 0 d-----w- C:\Nexon
2010-06-12 06:15:50 0 d-----w- c:\programdata\NexonUS
2010-06-12 05:44:26 0 d-----w- c:\programdata\PMB Files
2010-06-12 05:44:19 0 d-----w- c:\program files (x86)\Pando Networks
2010-06-11 18:51:40 743126 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-06-11 18:51:16 0 d-----w- c:\windows\syswow64\URTTEMP
2010-06-11 18:40:48 0 d-----w- c:\program files (x86)\SEGA
2010-06-11 18:39:01 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-06-11 18:23:05 0 d-----w- c:\program files (x86)\Microsoft Games
2010-06-11 18:05:35 0 d-----w- c:\program files (x86)\Sierra
2010-06-11 17:16:05 0 d-----w- c:\program files (x86)\Unreal Tournament 3
2010-06-11 17:15:25 0 d-----w- c:\windows\syswow64\AGEIA
2010-06-11 17:15:17 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-06-11 04:48:10 0 d-----w- c:\users\justin\appdata\roaming\PlatinumHideIP
2010-06-11 04:48:10 0 d-----w- c:\programdata\PlatinumHideIP
2010-06-11 04:47:24 0 d-----w- c:\program files (x86)\PlatinumHideIP
2010-06-11 00:29:06 0 d-----w- c:\users\justin\.VirtualBox
2010-06-11 00:28:20 202576 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-11 00:28:10 53520 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-11 00:28:03 0 d-----w- c:\program files\Oracle
2010-06-11 00:16:55 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-11 00:16:55 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-06-11 00:16:55 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-06-11 00:16:55 145184 ----a-w- c:\windows\syswow64\java.exe
2010-06-08 18:24:58 164176 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-08 18:24:58 144656 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-08 18:24:54 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-06-07 22:21:00 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 22:21:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 22:20:58 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 22:20:58 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2010-06-05 19:54:00 0 d-----w- c:\users\justin\appdata\roaming\mIRC
2010-06-05 19:54:00 0 d-----w- c:\program files (x86)\mIRC
2010-06-05 17:50:14 543 ----a-w- c:\windows\NGO.cer
2010-06-04 04:48:43 2072 ----a-w- c:\users\justin\.recently-used.xbel
2010-06-04 00:56:59 0 d-----w- c:\program files (x86)\CyberTweak
2010-06-03 17:33:19 0 ---ha-w- c:\windows\SwSys2.bmp
2010-06-03 17:33:19 0 ---ha-w- c:\windows\SwSys1.bmp
2010-06-03 16:33:48 0 d-----w- c:\program files (x86)\Midway Home Entertainment
2010-06-02 23:39:53 419 ----a-w- c:\windows\BRWMARK.INI
2010-06-02 23:39:53 27 ----a-w- c:\windows\BRPP2KA.INI
2010-06-02 20:06:48 0 d-----w- c:\programdata\FLEXnet
2010-06-02 20:05:26 0 d-----w- c:\programdata\Rosetta Stone
2010-06-02 20:05:26 0 d-----w- c:\program files (x86)\Rosetta Stone
2010-06-02 20:02:27 0 d-----w- c:\programdata\DAEMON Tools Lite
==================== Find3M ====================
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 19:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 01:47:33 34308 ----a-w- c:\windows\syswow64\bassmod.dll
2010-05-18 21:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 21:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-07 17:39:28 233656 ----a-w- c:\windows\system32\klogon.dll
2010-05-07 05:19:14 460888 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-05-07 05:19:10 460888 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-03 21:27:03 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-03 21:27:03 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-04-03 21:27:03 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-03 21:27:03 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 11:55:56.37 ===============
Specs:
Intel core 2 quad 2.66ghz
2048gb RAM corsair 1033mhz
evga 780I Mother board
Nvidia 8400gs
creative audio sound card
1tb hitachi Hard-disk -windows 7 on it
160gb westgate - linux on it
Asus dual function optical drive.
Windows 7 64bit
DDS Log:
DDS (Ver_10-03-17.01) - NTFSX64
Run by Justin at 11:54:57.46 on Wed 06/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2047.814 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\PlatinumHideIP\PlatinumHideIP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe
C:\Users\Justin\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
uRun: [CreativeTaskScheduler] "c:\program files (x86)\creative\shared files\CTSched.exe" /logon
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Platinum Hide IP] c:\program files (x86)\platinumhideip\PlatinumHideIP.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [NBAgent] "c:\program files (x86)\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RivaTunerStartupDaemon] "c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\pc7e241n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2578255&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - T-W Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2578255&q=
FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 27736]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-5-7 344736]
R2 NAUpdate;Nero Update;c:\program files (x86)\nero\update\NASvc.exe [2010-3-25 490280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-4-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 22544]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-5-7 460888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 OpinionSquare;OpinionSquare;c:\program files (x86)\opinionsquare\opservice.exe /service --> c:\program files (x86)\opinionsquare\opservice.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-4-3 79360]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-4-30 51776]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-3 1255736]
=============== Created Last 30 ================
2010-06-29 06:05:00 125680 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-06-29 03:46:28 149773 ----a-w- c:\windows\system32\drivers\klin.dat
2010-06-29 03:46:28 106765 ----a-w- c:\windows\system32\drivers\klick.dat
2010-06-29 03:45:27 0 d-----w- c:\programdata\Kaspersky Lab
2010-06-29 03:45:27 0 d-----w- c:\program files (x86)\Kaspersky Lab
2010-06-29 03:38:31 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-06-27 15:41:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-27 15:41:06 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-06-27 15:41:05 0 d-----w- c:\users\justin\appdata\roaming\SUPERAntiSpyware.com
2010-06-23 08:01:13 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 08:01:13 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-23 08:01:12 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-23 08:01:12 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 08:01:12 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 08:01:12 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 08:01:12 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-23 08:01:12 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 08:01:12 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-23 08:01:12 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 03:43:27 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 03:43:26 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-06-23 03:43:26 552960 ----a-w- c:\windows\system32\msdri.dll
2010-06-23 03:43:26 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 03:43:26 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-06-23 03:43:25 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 03:43:25 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-06-23 03:43:21 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 03:43:21 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-06-22 20:58:06 0 d-----w- c:\program files\iPod
2010-06-22 20:58:05 0 d-----w- c:\program files\iTunes
2010-06-22 20:56:00 0 d-----w- c:\program files\Bonjour
2010-06-22 20:56:00 0 d-----w- c:\program files (x86)\Bonjour
2010-06-16 20:02:26 0 d-----w- c:\program files (x86)\RAR Password Cracker
2010-06-15 23:18:07 0 d-----w- c:\programdata\Creative Labs
2010-06-15 21:42:19 0 d-----w- c:\users\justin\Rob's stuff
2010-06-15 21:02:15 0 d-----w- c:\program files (x86)\StarCraft
2010-06-15 21:02:15 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment
2010-06-15 12:32:43 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-06-15 12:32:13 0 d-----w- c:\programdata\NVIDIA Corporation
2010-06-15 08:34:04 0 d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-06-14 23:59:44 0 d-----w- c:\programdata\Hewlett-Packard
2010-06-14 01:09:13 0 d-----w- c:\program files (x86)\PFPortChecker
2010-06-13 19:39:22 25 ----a-w- c:\windows\cdplayer.ini
2010-06-13 19:38:43 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-06-13 19:38:37 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-06-13 19:38:37 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-06-13 19:38:21 0 d-----w- c:\program files (x86)\common files\xing shared
2010-06-13 19:38:05 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2010-06-13 19:38:03 0 d-----w- c:\programdata\Real
2010-06-13 19:38:03 0 d-----w- c:\program files (x86)\common files\Real
2010-06-13 19:21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2010-06-13 09:30:24 0 d-----w- c:\program files (x86)\VentSrv
2010-06-12 21:58:17 0 d-----w- c:\program files\Ventrilo
2010-06-12 21:58:13 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2010-06-12 16:59:27 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-06-12 16:59:27 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-06-12 06:56:43 0 d-----w- c:\programdata\Nexon
2010-06-12 06:15:51 0 d-----w- C:\Nexon
2010-06-12 06:15:50 0 d-----w- c:\programdata\NexonUS
2010-06-12 05:44:26 0 d-----w- c:\programdata\PMB Files
2010-06-12 05:44:19 0 d-----w- c:\program files (x86)\Pando Networks
2010-06-11 18:51:40 743126 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-06-11 18:51:16 0 d-----w- c:\windows\syswow64\URTTEMP
2010-06-11 18:40:48 0 d-----w- c:\program files (x86)\SEGA
2010-06-11 18:39:01 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-06-11 18:23:05 0 d-----w- c:\program files (x86)\Microsoft Games
2010-06-11 18:05:35 0 d-----w- c:\program files (x86)\Sierra
2010-06-11 17:16:05 0 d-----w- c:\program files (x86)\Unreal Tournament 3
2010-06-11 17:15:25 0 d-----w- c:\windows\syswow64\AGEIA
2010-06-11 17:15:17 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-06-11 04:48:10 0 d-----w- c:\users\justin\appdata\roaming\PlatinumHideIP
2010-06-11 04:48:10 0 d-----w- c:\programdata\PlatinumHideIP
2010-06-11 04:47:24 0 d-----w- c:\program files (x86)\PlatinumHideIP
2010-06-11 00:29:06 0 d-----w- c:\users\justin\.VirtualBox
2010-06-11 00:28:20 202576 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-11 00:28:10 53520 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-11 00:28:03 0 d-----w- c:\program files\Oracle
2010-06-11 00:16:55 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-11 00:16:55 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-06-11 00:16:55 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-06-11 00:16:55 145184 ----a-w- c:\windows\syswow64\java.exe
2010-06-08 18:24:58 164176 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-08 18:24:58 144656 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-08 18:24:54 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-06-07 22:21:00 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 22:21:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 22:20:58 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 22:20:58 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2010-06-05 19:54:00 0 d-----w- c:\users\justin\appdata\roaming\mIRC
2010-06-05 19:54:00 0 d-----w- c:\program files (x86)\mIRC
2010-06-05 17:50:14 543 ----a-w- c:\windows\NGO.cer
2010-06-04 04:48:43 2072 ----a-w- c:\users\justin\.recently-used.xbel
2010-06-04 00:56:59 0 d-----w- c:\program files (x86)\CyberTweak
2010-06-03 17:33:19 0 ---ha-w- c:\windows\SwSys2.bmp
2010-06-03 17:33:19 0 ---ha-w- c:\windows\SwSys1.bmp
2010-06-03 16:33:48 0 d-----w- c:\program files (x86)\Midway Home Entertainment
2010-06-02 23:39:53 419 ----a-w- c:\windows\BRWMARK.INI
2010-06-02 23:39:53 27 ----a-w- c:\windows\BRPP2KA.INI
2010-06-02 20:06:48 0 d-----w- c:\programdata\FLEXnet
2010-06-02 20:05:26 0 d-----w- c:\programdata\Rosetta Stone
2010-06-02 20:05:26 0 d-----w- c:\program files (x86)\Rosetta Stone
2010-06-02 20:02:27 0 d-----w- c:\programdata\DAEMON Tools Lite
==================== Find3M ====================
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 19:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 01:47:33 34308 ----a-w- c:\windows\syswow64\bassmod.dll
2010-05-18 21:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 21:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-07 17:39:28 233656 ----a-w- c:\windows\system32\klogon.dll
2010-05-07 05:19:14 460888 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-05-07 05:19:10 460888 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-03 21:27:03 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-03 21:27:03 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-04-03 21:27:03 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-03 21:27:03 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 11:55:56.37 ===============