|
-
July 20th, 2010, 11:26 PM
#1
 I have encountered a malware of some kind, please help.
I have obtained a malware or a trojan from something on my computer. I get all kinds of errors when I log into my account using Windows 7, mainly .dll errors. There appears to be many temporary internet files that could have pertained to my problems, I just don't know. Here are my logs of Malwarebytes and DDS:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4333
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/20/2010 10:09:42 PM
mbam-log-2010-07-20 (22-09-42).txt
Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 595321
Time elapsed: 1 hour(s), 11 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 56
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\50e90ec4ec063d44bb935a0d02415732 (Rogue.MalwareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{980a182f-e0a2-4a40-94c1-ae0c1235902e} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CscrptXt.CscrptXt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{109875e2-9109-429a-8675-ea9141337cf6} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{109875e2-9109-429a-8675-ea9141337cf6} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d933e210-f661-4b36-aca8-e7a5fb4d113f} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d933e210-f661-4b36-aca8-e7a5fb4d113f} (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpeiskbf (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gpatetasoyu (Trojan.Agent.U) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjatamiroluqo (Trojan.Agent.U) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\Harry\AppData\Roaming\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Roaming\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Roaming\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Program Files\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Verizon\FiOS\ihs\pkgs\Verizon_HST_stub.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Verizon Stub Installer\Verizon_HST_stub.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CF4XVRA\1279660741[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHOH2EY8\iip[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHOH2EY8\kksaupwr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXWCWJ22\gxbjd[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVY82IF0\iip[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZD7A7L5K\1112[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZD7A7L5K\kksahc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZD7A7L5K\PPI[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Temp\qtse.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Temp\Verizon_Installer\Setup\EndProcess.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Temp\Verizon_Installer\Setup\UninstallOldClient.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BC788TI\PPI[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Local\Mozilla\Firefox\Profiles\4n9x5d7o.default\Cache\0D1036A2d01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Local\Temp\2DF5.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Local\Temp\Verizon_Installer\Setup\EndProcess.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Local\Temp\Verizon_Installer\Setup\UninstallOldClient.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Harry\Downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\System32\kfk.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\upin.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\kfk.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\upin.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Roaming\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Roaming\MalwareRemovalBot\Log\2010 Jul 20 - 08_21_29 PM_560.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Roaming\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Program Files\MalwareRemovalBot\DataBase.ref (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.url (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Program Files\MalwareRemovalBot\vistaCPtasks.xml (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareRemovalBot\MalwareRemovalBot on the Web.lnk (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareRemovalBot\MalwareRemovalBot.lnk (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\MalwareRemovalBot.lnk (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\MalwareRemovalBot Scheduled Scan.job (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Harry\AppData\Local\xsmdnyvtn\gqplucjtssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.
C:\Users\Greg\AppData\Local\WCfwdWMe.dll (Trojan.Agent.U) -> Delete on reboot.
C:\Users\Greg\AppData\Local\onajegig.dll (Trojan.Agent.U) -> Delete on reboot.
C:\Windows\System32\skdup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\bkdup.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\fkdup.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
-
July 20th, 2010, 11:27 PM
#2
Here is the DDS log:
DDS (Ver_10-03-17.01) - NTFSX64
Run by Harry at 23:15:58.07 on Tue 07/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2589 [GMT -4:00]
SP: MalwareRemovalBot *disabled* (Updated) {9B2CFD23-5F1A-4A33-89C8-BF13C16CE9A3}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AGI\core\4.0\AGCoreService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files (x86)\Autodesk\3DS Max 2010 32bit\mentalray\satellite\raysat_3dsmax2010_32server.exe
D:\Program Files (x86)\Autodesk\3DS Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
E:\Games\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\lssa.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BC788TI\dds[1].scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Gpatetasoyu] rundll32.exe "c:\users\greg\appdata\local\WCfwdWMe.dll",Startup
mRun: [LGODDFU] "c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun: [googletalk] c:\program files (x86)\google\google talk\googletalk.exe /autostart
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [VerizonServicepoint.exe] "c:\program files (x86)\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "d:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "d:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [MSN] c:\windows\lssa.exe
mRun: [sta] rundll32 "fkdup.dll",,Run
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - d:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\office\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\office\office12\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun-x64: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun-x64: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\harry\appdata\roaming\mozilla\firefox\profiles\4n9x5d7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF - plugin: c:\program files (x86)\common files\motive\npMotive.dll
FF - plugin: c:\program files (x86)\gamespy\comrade\npcomrade.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\program files (x86)\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\harry\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: d:\program files (x86)\videolan\vlc\npvlc.dll
FF - HiddenExtension: XULRunner: {36EC2FB5-AC4F-47CE-B3D6-44CC1B7C417D} - c:\users\greg\appdata\local\{36ec2fb5-ac4f-47ce-b3d6-44cc1b7c417d}\
FF - HiddenExtension: XULRunner: {D8935CF7-B59F-4258-85BB-40955496F16A} - c:\users\harry\appdata\local\{d8935cf7-b59f-4258-85bb-40955496f16a}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
-
July 20th, 2010, 11:28 PM
#3
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 AGCoreService;AG Core Services;c:\program files (x86)\agi\core\4.0\AGCoreService.exe [2009-11-3 20480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-10-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-10-31 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-31 74880]
R2 McciCMService64;McciCMService64;c:\program files\common files\motive\McciCMService.exe [2010-4-26 517632]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;d:\program files (x86)\autodesk\3ds max 2010 32bit\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;d:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
R2 ServicepointService;ServicepointService;c:\program files (x86)\verizon\vsp\ServicepointService.exe [2010-4-26 668912]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2010-2-9 12744]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-2-20 1315592]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
============== File Associations ===============
.txt=
=============== Created Last 30 ================
2010-07-21 00:29:00 0 d-----w- c:\users\harry\appdata\roaming\Malwarebytes
2010-07-21 00:28:48 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 00:28:48 0 d-----w- c:\programdata\Malwarebytes
2010-07-21 00:28:48 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-21 00:26:03 0 d-----w- c:\program files (x86)\Trend Micro
2010-07-20 21:21:08 150 ----a-w- C:\zrpt.xml
2010-07-20 03:55:01 9 ----a-w- c:\windows\syswow64\DROPPEDFILEOK1.tmp
2010-07-20 03:54:42 292864 --sh--r- c:\windows\lssa.exe
2010-07-19 16:13:25 0 d-----w- c:\programdata\Futuremark
2010-07-19 16:04:09 0 d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-07-19 16:04:09 0 d-----w- c:\program files (x86)\Futuremark
2010-07-13 02:05:50 547840 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2010-07-13 02:05:49 758272 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-07-03 02:38:07 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-06-28 17:28:16 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-28 17:28:16 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-28 17:28:16 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-28 17:28:16 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-28 17:28:16 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-28 17:28:16 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-28 17:28:16 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-28 17:28:16 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-28 17:28:16 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-28 17:28:16 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-28 17:22:49 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-06-28 17:22:49 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-27 00:51:58 0 d-----w- c:\program files\iPod
2010-06-27 00:51:57 0 d-----w- c:\program files\iTunes
2010-06-27 00:51:57 0 d-----w- c:\program files (x86)\iTunes
2010-06-27 00:49:44 0 d-----w- c:\program files\Bonjour
2010-06-23 04:40:14 0 d-----w- c:\program files (x86)\OnLive
==================== Find3M ====================
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 06:04:49 124744 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-15 03:48:07 674280 ----a-w- c:\windows\system32\Rockstar Neon.scr
2010-05-15 03:48:07 674280 ------w- c:\windows\syswow64\Rockstar Neon.scr
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe
2010-04-27 18:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-15 03:15:24 5719400 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-05-15 03:15:24 4397928 ----a-w- c:\program files\common files\adlmint.dll
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-09 21:44:25 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 23:16:30.55 ===============
-
July 20th, 2010, 11:54 PM
#4
Attach.txt part of DDS log is missing.
Please, post it and when you're done....
Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
-
July 21st, 2010, 11:14 AM
#5
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/21/2010 at 02:57 AM
Application Version : 4.40.1002
Core Rules Database Version : 5238
Trace Rules Database Version: 3050
Scan type : Complete Scan
Total Scan Time : 02:30:37
Memory items scanned : 327
Memory threats detected : 0
Registry items scanned : 14607
Registry threats detected : 17
File items scanned : 445828
File threats detected : 925
Adware.Agent/Gen-EZLife[AdShot]
(x86) HKLM\Software\Classes\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}#AppID
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}\InprocServer32
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}\ProgID
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}\Programmable
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}\TypeLib
(x86) HKCR\CLSID\{E0EC6FBA-F009-3535-95D6-B6390DB27DA1}\VersionIndependentProgID
(x86) HKCR\CscrptXt.CscrptXt.1.0
(x86) HKCR\CscrptXt.CscrptXt.1.0\CLSID
(x86) HKCR\CscrptXt.CscrptXt
(x86) HKCR\TypeLib\{F9D9C9E7-BF1D-4D81-BEBB-351AB72CEE52}
C:\WINDOWS\SYSWOW64\FKDUP.DLL
Malware.Trace
(x86) HKLM\SOFTWARE\AVSolution
(x86) HKU\S-1-5-21-285773680-2745105470-3411630219-1003\SOFTWARE\AVSUITE
(x86) HKLM\SOFTWARE\AVSUITE
Rogue.Agent/Gen-FraudTool
C:\USERS\GREG\APPDATA\LOCAL\ESDFBUFGR\WTBUYMKTSSD.EXE
Trojan.Agent/Gen
C:\USERS\GREG\APPDATA\LOCAL\TEMP\WOOTALYZER\25.GIF
C:\USERS\HARRY\APPDATA\LOCAL\TEMP\QTSE.EXE
Adware.Tracking Cookie
a.ads2.msads.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
ads2.msads.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
b.ads2.msads.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
cdn.insights.gravity.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
cdn4.specificclick.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
content.oddcast.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
convoad.technoratimedia.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
core.insightexpressai.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
crackle.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
ds.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
****edhard18.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
galleries.pornpros.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
ia.media-imdb.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
m1.2mdn.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
macromedia.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media-glam.pictela.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media-macys.pictela.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media-ti.pictela.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media-ut.pictela.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.cnbc.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.giantbomb.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.ign.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.kelbymediagroup.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.mtvnservices.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.nbcchicago.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.nintendo.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.podaddies.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.rockstargames.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media.scanscout.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media1.break.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media1.gameinformer.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
media5.wgt.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
mediaforgews.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
msnbcmedia.msn.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
msntest.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
naiadsystems.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
objects.tremormedia.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
promo.youngerpornstars.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
s0.2mdn.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
secure-us.imrworldwide.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
static.2mdn.net [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
video.redorbit.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
video.unrulymedia.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
widgets.cracked.com [ C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\64JYHT84 ]
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@2o7[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@2o7[3].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@adbrite[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@advertising[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@apmebf[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@atdmt[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@atdmt[3].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@atwola[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@atwola[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@atwola[3].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@burstnet[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@casalemedia[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@clickyourhappy[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@collective-media[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@doubleclick[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@fastclick[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@hitbox[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@imrworldwide[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@insightexpressai[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@interclick[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@invitemedia[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@legolas-media[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@mediafire[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@mediaplex[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@pointroll[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@realmedia[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@revsci[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@ru4[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@serving-sys[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@specificclick[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@tacoda[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@tacoda[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@tacoda[4].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@trafficmp[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@tribalfusion[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@yieldmanager[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\greg@zedo[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\Low\greg@atdmt[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\Low\greg@fastclick[1].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\Low\greg@interclick[2].txt
C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
.doubleclick.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.advertising.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.chitika.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.advertising.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.advertising.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.revsci.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.revsci.net [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\a3hz1j5t.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\
-
July 21st, 2010, 11:16 AM
#6
Trojan.Agent/Gen-Krpytik
G:\DOWNLOADS\PS_TOOLS_PART_2\PLUGIN-INS\AETHERIZE\WKTAETHERIZE-KG.EXE
[i removed the rest of the tracking cookies.]
-
July 21st, 2010, 11:17 AM
#7
Here is a fresh HJT log, I don't know what happened to DDS. I couldn't find it.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:18 AM, on 7/21/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\lssa.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [MSN] C:\Windows\lssa.exe
O4 - HKLM\..\Run: [sta] rundll32 "fkdup.dll",,Run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gpatetasoyu] rundll32.exe "C:\Users\Greg\AppData\Local\WCfwdWMe.dll",Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...0Installer.cab
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab...i_4.1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files (x86)\AGI\core\4.0\AGCoreService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - D:\Program Files (x86)\Autodesk\3DS Max 2010 32bit\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - D:\Program Files (x86)\Autodesk\3DS Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\Games\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
--
End of file - 14367 bytes
-
July 21st, 2010, 09:12 PM
#8
We don't use HJT around here anymore.
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html
- Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
- This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, select Complete scan.
- Click the green arrow
 at the right, and the scan will start. - Click Yes to all if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click File and choose Save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
-
July 23rd, 2010, 12:07 PM
#9
OK, that was one of the longest scans ever to complete. It took well over 20 hours. The log file is 285 MB big!! I don't think that should be right.
Also, the log didn't save on my desktop, it saved in the user folder and as a Text document, not a .CVS file.
Last edited by Knucklepuck_1; July 23rd, 2010 at 12:14 PM.
-
July 23rd, 2010, 12:21 PM
#10
Well, hopefully, it removed whatever it found.
How is computer doing at the moment?
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
July 23rd, 2010, 12:39 PM
#11
OTL logfile created on: 7/23/2010 12:29:46 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Harry\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 82.91 Gb Total Space | 32.90 Gb Free Space | 39.68% Space Free | Partition Type: NTFS
Drive D: | 100.59 Gb Total Space | 82.72 Gb Free Space | 82.24% Space Free | Partition Type: NTFS
Drive E: | 282.16 Gb Total Space | 68.21 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
Drive F: | 3.98 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 232.88 Gb Total Space | 15.00 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEELPEN2
Current User Name: Harry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/23 12:28:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
PRC - [2010/07/23 11:40:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/23 11:40:06 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/26 15:41:44 | 000,063,040 | ---- | M] () -- E:\Games\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/17 16:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
PRC - [2009/11/18 10:50:32 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2009/11/18 10:50:30 | 004,269,296 | ---- | M] (Verizon) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/10/30 02:20:24 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\AGI\core\4.0\AGCoreService.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- D:\Program Files (x86)\Autodesk\3DS Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
PRC - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () -- D:\Program Files (x86)\Autodesk\3DS Max 2010 32bit\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
========== Modules (SafeList) ==========
MOD - [2010/07/23 12:28:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\Nagasoft\vjocx.dll -- (vvdsvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/02/20 01:09:42 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/07 15:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 15:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/26 15:41:44 | 000,063,040 | ---- | M] () [Auto | Running] -- E:\Games\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/13 22:31:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files (x86)\AGI\core\4.0\AGCoreService.exe -- (AGCoreService)
SRV - [2009/09/23 22:59:24 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\SysWOW64\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Autodesk\3DS Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Autodesk\3DS Max 2010 32bit\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
-
July 23rd, 2010, 12:40 PM
#12
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/14 18:41:55 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/07 23:44:04 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/10/16 21:11:36 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/30 02:05:57 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 49 FF CE DB E3 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {36EC2FB5-AC4F-47CE-B3D6-44CC1B7C417D}:1.9.1
FF - prefs.js..extensions.enabledItems: {D8935CF7-B59F-4258-85BB-40955496F16A}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{36EC2FB5-AC4F-47CE-B3D6-44CC1B7C417D}: C:\Users\Greg\AppData\Local\{36EC2FB5-AC4F-47CE-B3D6-44CC1B7C417D}\ [2010/07/20 17:22:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D8935CF7-B59F-4258-85BB-40955496F16A}: C:\Users\Harry\AppData\Local\{D8935CF7-B59F-4258-85BB-40955496F16A}\ [2010/07/20 20:13:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 11:40:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 11:40:07 | 000,000,000 | ---D | M]
[2009/12/03 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Mozilla\Extensions
[2009/12/03 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\4n9x5d7o.default\extensions
[2010/07/23 12:29:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/24 19:45:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/04/13 23:15:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
O1 HOSTS File: ([2010/07/22 12:35:33 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [Gpatetasoyu] C:\Users\Greg\AppData\Local\WCfwdWMe.DLL File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/s...0Installer.cab (Support.com Configuration Class)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...i_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/24 18:51:36 | 000,000,030 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
-
July 23rd, 2010, 12:41 PM
#13
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/07/23 12:28:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2010/07/22 11:57:49 | 000,000,000 | ---D | C] -- C:\Users\Harry\DoctorWeb
[2010/07/21 00:11:21 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/21 00:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/21 00:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/21 00:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/20 21:09:46 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\xsmdnyvtn
[2010/07/20 20:29:00 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Malwarebytes
[2010/07/20 20:28:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/20 20:28:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/20 20:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/20 20:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/20 20:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/20 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{D8935CF7-B59F-4258-85BB-40955496F16A}
[2010/07/19 12:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark
[2010/07/19 12:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010/07/19 12:04:09 | 000,000,000 | ---D | C] -- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
[2010/07/10 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2010/07/02 23:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/06/26 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/26 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/26 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/26 20:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/23 00:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLive
[2010/06/18 18:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/06/18 15:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/06/18 15:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/06/16 20:18:26 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Microsoft Games
[2010/06/04 00:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2010/05/27 12:53:56 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\cache
[2010/05/26 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\Harry\Tracing
[2010/05/26 10:38:24 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Microsoft Help
[2010/05/23 20:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Live Labs Pivot
[2010/05/14 23:48:07 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Rockstar Neon.scr
[2010/05/14 23:48:07 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Rockstar Neon.scr
[2010/05/14 23:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2010/05/14 20:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/05/14 14:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2010/05/09 23:45:28 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/05/09 23:45:28 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/05/06 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/05/05 14:33:31 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\FullTiltPoker
[2010/05/05 14:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2010/05/04 20:08:31 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Motive
[2010/04/26 22:01:14 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Verizon
[2010/04/26 22:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2010/04/26 22:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2010/04/26 22:01:10 | 000,000,000 | ---D | C] -- C:\Windows\bin
[2010/04/26 15:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
[2010/04/26 15:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010/04/26 14:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010/04/26 14:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/04/26 14:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/26 00:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2010/04/26 00:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2010/04/26 00:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/04/26 00:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/04/24 23:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Stub Installer
[2010/04/24 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\SupportSoft
[2010/04/24 13:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2010/04/24 13:07:02 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\TechWizard
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
Last edited by Knucklepuck_1; July 23rd, 2010 at 12:42 PM.
Reason: double post
-
July 23rd, 2010, 12:43 PM
#14
========== Files - Modified Within 90 Days ==========
[2010/07/23 12:31:40 | 001,835,008 | -HS- | M] () -- C:\Users\Harry\NTUSER.DAT
[2010/07/23 12:28:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2010/07/23 12:08:16 | 000,525,824 | ---- | M] () -- C:\Users\Harry\Desktop\dds.scr
[2010/07/23 11:59:05 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/23 11:59:05 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/23 11:58:46 | 000,000,396 | ---- | M] () -- C:\Windows\lgfwup.ini
[2010/07/23 11:58:38 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\MalwareRemovalBot System Startup.job
[2010/07/23 11:56:00 | 000,743,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/23 11:56:00 | 000,635,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/23 11:56:00 | 000,111,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/23 11:51:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/23 11:51:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/23 11:51:42 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 11:50:35 | 001,721,799 | -H-- | M] () -- C:\Users\Harry\AppData\Local\IconCache.db
[2010/07/22 12:35:33 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/07/22 11:56:42 | 047,735,152 | ---- | M] () -- C:\Users\Harry\Desktop\drweb-cureit.exe
[2010/07/21 00:11:12 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 23:09:26 | 000,068,896 | ---- | M] () -- C:\Users\Harry\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/20 21:09:38 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/20 20:26:03 | 000,002,975 | ---- | M] () -- C:\Users\Harry\Desktop\HiJackThis.lnk
[2010/07/20 20:13:31 | 000,000,120 | ---- | M] () -- C:\Users\Harry\AppData\Local\Sgejokesikome.dat
[2010/07/20 20:13:31 | 000,000,000 | ---- | M] () -- C:\Users\Harry\AppData\Local\Xlerofiboqaxuwi.bin
[2010/07/19 12:04:52 | 000,001,228 | ---- | M] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2010/07/12 22:07:37 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/07/06 00:19:24 | 003,161,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/02 22:37:32 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/07/02 16:12:00 | 000,000,076 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/06/26 20:52:19 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/23 00:40:26 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\OnLive Launcher.lnk
[2010/06/18 18:49:30 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
[2010/06/18 18:47:56 | 000,017,713 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services
[2010/06/18 15:42:16 | 000,001,771 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk
[2010/05/19 02:04:49 | 000,124,744 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/05/14 23:48:07 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Rockstar Neon.scr
[2010/05/14 23:48:07 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Rockstar Neon.scr
[2010/05/14 14:07:21 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\GameSpy Comrade.lnk
[2010/05/13 21:48:43 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/06 10:45:34 | 000,000,695 | -H-- | M] () -- C:\IPH.PH
[2010/05/06 10:45:25 | 000,001,944 | ---- | M] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/05/06 10:45:25 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/05/05 14:33:22 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/05/03 20:13:27 | 000,000,750 | ---- | M] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/26 22:01:02 | 000,002,074 | ---- | M] () -- C:\Users\Harry\Desktop\Search.lnk
[2010/04/26 22:01:02 | 000,002,070 | ---- | M] () -- C:\Users\Harry\Desktop\Home.lnk
[2010/04/26 15:41:56 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\NFL Head Coach.lnk
[2010/04/26 14:06:56 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/04/24 23:46:45 | 000,000,000 | -H-- | M] () -- C:\Users\Harry\Documents\Default.rdp
[2010/04/24 13:08:45 | 000,002,975 | ---- | M] () -- C:\Users\Harry\Desktop\Vz In-Home Agent.lnk
[2010/04/24 13:08:40 | 000,001,853 | ---- | M] () -- C:\Users\Harry\Desktop\FiOS Information.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/23 12:08:16 | 000,525,824 | ---- | C] () -- C:\Users\Harry\Desktop\dds.scr
[2010/07/22 11:54:51 | 047,735,152 | ---- | C] () -- C:\Users\Harry\Desktop\drweb-cureit.exe
[2010/07/21 00:11:12 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 20:26:03 | 000,002,975 | ---- | C] () -- C:\Users\Harry\Desktop\HiJackThis.lnk
[2010/07/20 20:21:31 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\MalwareRemovalBot System Startup.job
[2010/07/20 20:13:31 | 000,000,120 | ---- | C] () -- C:\Users\Harry\AppData\Local\Sgejokesikome.dat
[2010/07/20 20:13:31 | 000,000,000 | ---- | C] () -- C:\Users\Harry\AppData\Local\Xlerofiboqaxuwi.bin
[2010/07/20 17:21:08 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/19 12:04:52 | 000,001,228 | ---- | C] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2010/07/02 22:37:32 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/06/26 20:52:19 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/23 00:40:26 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\OnLive Launcher.lnk
[2010/06/18 18:49:30 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 32-bit.lnk
[2010/06/18 15:42:16 | 000,001,771 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk
[2010/05/14 14:07:21 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\GameSpy Comrade.lnk
[2010/05/13 21:48:43 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/09 23:45:28 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/05/06 10:45:25 | 000,001,944 | ---- | C] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/05/05 14:33:22 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/05/03 20:13:26 | 000,000,750 | ---- | C] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/04/26 22:01:02 | 000,002,074 | ---- | C] () -- C:\Users\Harry\Desktop\Search.lnk
[2010/04/26 22:01:02 | 000,002,070 | ---- | C] () -- C:\Users\Harry\Desktop\Home.lnk
[2010/04/26 15:41:56 | 000,000,750 | ---- | C] () -- C:\Users\Public\Desktop\NFL Head Coach.lnk
[2010/04/26 14:06:56 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/04/24 23:46:45 | 000,000,000 | -H-- | C] () -- C:\Users\Harry\Documents\Default.rdp
[2010/04/24 13:08:45 | 000,002,975 | ---- | C] () -- C:\Users\Harry\Desktop\Vz In-Home Agent.lnk
[2010/04/24 13:08:40 | 000,001,853 | ---- | C] () -- C:\Users\Harry\Desktop\FiOS Information.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/12/28 17:27:12 | 000,000,076 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/17 20:48:51 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/11/03 17:17:41 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\NxExtensions.dll
[2009/11/03 16:58:32 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/03 16:58:32 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/30 23:26:30 | 000,747,130 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/30 02:19:37 | 000,000,396 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/10/30 02:05:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/07/20 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Azureus
[2009/12/03 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PlayFirst
[2010/04/07 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\StreamTorrent
[2010/04/24 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\TechWizard
[2010/04/11 21:56:27 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\wootalyzer
[2010/07/23 11:58:38 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\MalwareRemovalBot System Startup.job
[2009/07/14 01:08:49 | 000,013,672 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/07/23 11:51:42 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 10:45:34 | 000,000,695 | -H-- | M] () -- C:\IPH.PH
[2010/04/26 22:00:30 | 000,000,549 | ---- | M] () -- C:\NTDClient.log
[2010/07/23 11:51:52 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys
[2010/07/20 21:09:38 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\scrrun.dll
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 21:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:CvAKsyZohZFvtw1TqhDM3fsAp
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B337D07E
@Alternate Data Stream - 1151 bytes -> C:\ProgramData\Microsoft:C9j9HLS95jdgCGyGGfY8U3XY
< End of report >
-
July 23rd, 2010, 12:45 PM
#15
OTL Extras logfile created on: 7/23/2010 12:29:46 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Harry\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 82.91 Gb Total Space | 32.90 Gb Free Space | 39.68% Space Free | Partition Type: NTFS
Drive D: | 100.59 Gb Total Space | 82.72 Gb Free Space | 82.24% Space Free | Partition Type: NTFS
Drive E: | 282.16 Gb Total Space | 68.21 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
Drive F: | 3.98 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 232.88 Gb Total Space | 15.00 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEELPEN2
Current User Name: Harry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
