Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Google redirects; ATF GooredFix, TDSSKiller unsuccessful


  • This topic is locked This topic is locked
20 replies to this topic

#1 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 16 November 2010 - 08:30 PM

ATF gave result "no files were deleted" even though I "selected all" .
Nothing happened when I executed TDSSKiller- could not find a log file anywhere on c: drive.

Below is the hijack this log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:40:45 PM, on 11/16/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PicPick\picpick.exe
C:\Program Files (x86)\PureText.exe
C:\PROGRA~2\Webshots\315~2.761\webshots.scr
C:\Windows\StartupMonitor.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Windows\SysWOW64\taskcgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files (x86)\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [GMorphCl] "C:\Windows\SysWOW64\taskcgr.exe"
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe
O4 - Global Startup: PureText.lnk = C:\Program Files (x86)\PureText.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsp89d8.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{78AC29D9-6ADF-4F30-82E3-3780E65E0987}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{99185503-0F36-4BD7-AC2E-CC4C6CEAF5F7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{D21CBC08-D694-4C49-A762-67EBC04017BF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{78AC29D9-6ADF-4F30-82E3-3780E65E0987}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{78AC29D9-6ADF-4F30-82E3-3780E65E0987}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - (no file)
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - Unknown owner - C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe (file missing)
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - Unknown owner - C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: MSCamSvc - Unknown owner - (no file)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12829 bytes

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 November 2010 - 11:09 AM

Hi pzinser,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Let's get a different scan.

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 18 November 2010 - 10:19 PM

Tomk, thanks so much for your help. Below is the dds log and the other log file you requested is attached. I'm kind of freaked out about this "google redirect thing". I've just finished restoring my system drive from a bootitng image I created in August, back BEFORE I'd swear I had any redirect problem. Yet I just NOW had another redirect when I clicked on a result from a google search! I do NOT know how that could happen? In any case, thanks again. Phil DDS (Ver_10-11-10.01) - NTFS_AMD64 Run by Phil at 21:09:43.46 on Thu 11/18/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.5569 [GMT -7:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\PicPick\picpick.exe C:\Program Files (x86)\PureText.exe C:\PROGRA~2\Webshots\315~2.761\webshots.scr C:\Windows\system32\SearchIndexer.exe C:\Windows\StartupMonitor.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Secunia\PSI\psi.exe C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Phil\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.cnn.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe mRun: [Run StartupMonitor] StartupMonitor.exe StartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PureText.lnk - C:\Program Files (x86)\PureText.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: {78AC29D9-6ADF-4F30-82E3-3780E65E0987} = 8.8.8.8,8.8.4.4 TCP: {99185503-0F36-4BD7-AC2E-CC4C6CEAF5F7} = 8.8.8.8,8.8.4.4 TCP: {D21CBC08-D694-4C49-A762-67EBC04017BF} = 8.8.8.8,8.8.4.4 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe ================= FIREFOX =================== FF - ProfilePath - FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-6-18 173984] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/04/07 20:01:19];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-12 146928] R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe [2010-6-13 20480] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2009-6-17 17456] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-8 215040] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-4-17 134760] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664] S3 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2010-11-15 3971952] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-6-18 40832] S3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2009-11-28 12096] S3 umpusbvista;Texas Instruments USB Serial Driver;C:\Windows\System32\drivers\umpusbvista.sys [2008-1-5 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736] =============== Created Last 30 ================ 2010-11-19 03:53:10 -------- d-----w- C:\Program Files (x86)\What's my computer doing 2010-11-19 03:40:47 -------- d-----w- C:\Program Files (x86)\Common FilesffdshowEx 2010-11-19 03:39:37 -------- d-----w- C:\Program Files (x86)\Common Files\ffdshowEx 2010-11-19 03:37:59 -------- d-----w- C:\Program Files (x86)\eRightSoft 2010-11-19 03:29:31 -------- d-----w- C:\Users\Phil\AppData\Roaming\picpick_temp 2010-11-19 03:20:06 1147392 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe 2010-11-19 03:20:05 485376 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr 2010-11-19 03:20:05 -------- d-----w- C:\Program Files\MyDefrag v4.3.1 2010-11-19 03:14:33 -------- d-----w- C:\Program Files\iPod 2010-11-19 03:14:31 -------- d-----w- C:\Program Files\iTunes 2010-11-19 03:12:41 -------- d-----w- C:\Users\Phil\AppData\Roaming\Malwarebytes 2010-11-19 03:12:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2010-11-19 03:12:31 -------- d-----w- C:\Program Files\Bonjour 2010-11-19 03:12:31 -------- d-----w- C:\Program Files (x86)\Bonjour 2010-11-19 03:12:30 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-19 03:12:30 -------- d-----w- C:\PROGRA~3\Malwarebytes 2010-11-19 03:12:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-11-19 03:11:04 -------- d-----w- C:\Program Files (x86)\DirPrn 2010-11-19 03:11:00 249856 ------w- C:\Windows\Setup1.exe 2010-11-19 03:10:59 73216 ----a-w- C:\Windows\ST6UNST.EXE 2010-11-19 03:01:01 -------- d-----w- C:\Windows\en 2010-11-19 02:59:10 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2010-11-19 02:59:10 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2010-11-19 02:59:09 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2010-11-19 02:59:09 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2010-11-19 02:56:15 -------- d-----w- C:\Users\Phil\AppData\Roaming\Dropbox 2010-11-19 02:22:33 25048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll 2010-11-19 02:22:33 140248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll 2010-11-19 02:17:28 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{DA95B97C-DF71-4186-BBB9-985A898B407D}\mpengine.dll 2010-11-19 01:54:48 243712 ----a-w- C:\Windows\System32\drivers\ks.sys 2010-11-19 01:52:24 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2010-11-19 01:52:24 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2010-11-19 01:52:23 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2010-11-19 01:52:23 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2010-11-19 01:51:08 463360 ----a-w- C:\Windows\System32\drivers\srv.sys 2010-11-19 01:51:08 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys 2010-11-19 01:51:08 236032 ----a-w- C:\Windows\System32\srvsvc.dll 2010-11-19 01:51:08 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2010-11-19 01:51:07 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2010-11-19 01:51:07 3123712 ----a-w- C:\Windows\System32\win32k.sys ==================== Find3M ==================== 2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe 2010-10-07 19:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll 2010-10-07 19:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe 2010-10-07 19:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll 2010-10-07 19:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2010-09-30 21:25:10 40104 ----a-w- C:\Windows\System32\drivers\ElbyCDIO.sys 2010-09-30 11:18:24 89256 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll 2010-09-27 20:57:44 2826240 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2010-09-23 07:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR 2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL 2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL 2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2010-09-14 13:16:15 125888 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys 2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll 2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec 2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll 2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll 2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll 2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll 2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll 2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll 2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll 2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe 2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll 2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll 2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll 2010-08-05 00:30:05 105 ----a-w- C:\Program Files (x86)\defrag2.bat 2010-02-20 19:25:00 129024 ----a-w- C:\Program Files (x86)\FileTouch.exe 2010-01-12 00:59:39 91648 ----a-w- C:\Program Files (x86)\GoogleDNSHelper.exe 2009-08-21 04:04:00 2078503 ----a-w- C:\Program Files (x86)\Mydefrag gui.exe 2003-08-21 09:00:00 28672 ----a-w- C:\Program Files (x86)\PureText.exe 2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll ============= FINISH: 21:10:08.27 ===============

Attached Files



#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 November 2010 - 10:40 PM

pzinser,

µTorrent and FrostWire
You have µTorrent and FrostWire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.techweb.com/wire/160500554
[url=http://www.internetworldstats.com/articles/art053.htm]http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm


I would recommend that you uninstall µTorrent and FrostWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Did you get a report when you ran Malwarebytes' earlier?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 19 November 2010 - 12:00 AM

Below is the Malwarebytes log. I also attached a screenshot of items detected by Microsoft security essentials. Both programs indicated all threats removed, but the google redirects continue. Thanks. Phil Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5148 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11/18/2010 8:26:15 PM mbam-log-2010-11-18 (20-26-15).txt Scan type: Quick scan Objects scanned: 147658 Time elapsed: 4 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Attached Thumbnails

  • mse_results.jpg


#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 November 2010 - 12:44 AM

pzinser,

That file often comes along with a rootkit. I need more logs.

Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If GMER will not run in normal windows, please run it in Saffe Mode


Next

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Please post back with
  • GMER log
  • both OTL logs

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 19 November 2010 - 07:20 AM

Please note: on the GMER scan, the ONLY boxes checked were Services, Registry, Files, ADS. ALL the other boxed were greyed-out and I was not able to change.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-19 05:53:33
Windows 6.1.7600
Running: sjle0gdc.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPER \xa9 Version 2010.bld.39 (Oct 24, 2010)\SUPER \xa9.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER \xa9 Version 2010.bld.39 (Oct 24, 2010)\SUPER \xa9.lnk 1

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 11/19/2010 5:58:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Phil\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.48 Gb Total Space | 108.62 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 319.18 Gb Total Space | 177.96 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Computer Name: QUADCORE | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Phil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PicPick\picpick.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files (x86)\Webshots\3.1.5.7617\Webshots.scr (Webshots.com)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\PureText.exe (http://www.SteveMiller.net)
PRC - C:\Windows\StartupMonitor.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Phil\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\dbghelp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Users\Phil\AppData\Roaming\Dropbox\bin\msvcp71.dll (Microsoft Corporation)
MOD - C:\Users\Phil\AppData\Roaming\Dropbox\bin\msvcr71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MediaMall Server) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AGCoreService) -- C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (mv2) -- C:\Windows\SysNative\drivers\mv2.sys (UVNC BVBA)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmkbd2) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (msvad_simple) -- C:\Windows\SysNative\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (umpusbvista) -- C:\Windows\SysNative\drivers\umpusbvista.sys (Texas Instruments Inc)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8B 8D 6B 12 5E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/18 20:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/18 20:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/11/18 20:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/11/18 20:22:46 | 000,000,000 | ---D | M]

[2010/02/18 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2010/02/18 19:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/18 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions
[2010/09/05 10:17:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/18 19:40:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/25 19:56:21 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/11/18 19:40:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/01 13:11:30 | 000,000,000 | ---D | M] (Linkwad) -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions\{e1a67d67-2742-438a-85c8-2f6afa274398}
[2010/11/18 19:40:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions\facepad@lazyrussian.com
[2010/10/11 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mozilla\Profiles\snz8bu06.Phil\extensions\support@lastpass.com
[2010/11/18 20:25:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/24 10:51:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/18 20:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/18 20:22:18 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe ()
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 02:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009/04/29 02:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yv12 - yv12vfw.dll File not found

MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe File not found
MsConfig:64bit - StartUpReg: VX3000 - hkey= - key= - C:\Windows\vVX3000.exe (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - Microsoft Windows
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 20:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\What's my computer doing
[2010/11/18 20:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common FilesffdshowEx
[2010/11/18 20:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2010/11/18 20:38:21 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010/11/18 20:38:21 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2010/11/18 20:38:21 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2010/11/18 20:38:21 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010/11/18 20:38:20 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010/11/18 20:38:20 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010/11/18 20:38:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010/11/18 20:38:19 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010/11/18 20:38:19 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010/11/18 20:38:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010/11/18 20:38:18 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010/11/18 20:38:18 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010/11/18 20:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2010/11/18 20:29:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\picpick_temp
[2010/11/18 20:20:06 | 001,147,392 | ---- | C] (J.C. Kessels) -- C:\Windows\SysNative\MyDefragScreenSaver_v4.3.1.exe
[2010/11/18 20:20:05 | 000,485,376 | ---- | C] (J.C. Kessels) -- C:\Windows\SysNative\MyDefragScreenSaver_v4.3.1.scr
[2010/11/18 20:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2010/11/18 20:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/18 20:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/18 20:12:41 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Malwarebytes
[2010/11/18 20:12:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/18 20:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/18 20:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/18 20:12:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/18 20:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/18 20:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/18 20:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirPrn
[2010/11/18 20:11:00 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/11/18 20:10:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/11/18 20:08:44 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\vlc
[2010/11/18 20:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/18 20:06:31 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/18 20:06:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/18 20:06:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/18 20:01:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/18 19:59:10 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/18 19:59:10 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/18 19:59:09 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/18 19:59:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/18 19:58:41 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\Windows Live
[2010/11/18 19:58:09 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/11/18 19:58:09 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/11/18 19:58:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/11/18 19:58:09 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/11/18 19:58:08 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/11/18 19:58:07 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/11/18 19:58:07 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/11/18 19:56:15 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Dropbox
[2010/11/18 19:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/11/18 18:53:29 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/11/18 18:53:29 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/11/18 18:53:28 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/11/18 18:53:28 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/11/18 18:53:27 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/11/18 18:53:25 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/11/18 18:53:25 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/11/18 18:53:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/11/18 18:53:25 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/11/18 18:53:25 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/11/18 18:53:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/11/18 18:53:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/11/18 18:53:23 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/11/18 18:53:21 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/11/18 18:53:21 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/11/18 18:53:20 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/11/18 18:53:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/11/18 18:53:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/11/18 18:53:17 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/11/18 18:53:16 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/11/18 18:53:15 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/11/18 18:53:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/11/18 18:53:15 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/11/18 18:53:14 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/11/18 18:53:09 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/11/18 18:53:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/11/18 18:53:08 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/11/18 18:53:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/11/18 18:53:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/11/18 18:53:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/18 18:53:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/11/18 18:53:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/18 18:53:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/11/18 18:53:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/11/18 18:53:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/11/18 18:53:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/11/18 18:53:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/11/18 18:53:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/11/18 18:52:26 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/11/18 18:52:24 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/11/18 18:52:23 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/11/18 18:52:23 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/11/18 18:51:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/11/16 18:38:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2010/02/20 15:49:23 | 000,129,024 | ---- | C] (WinTestGear) -- C:\Program Files (x86)\FileTouch.exe
[2010/01/17 15:04:07 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Phil\AppData\Roaming\pcouffin.sys
[2010/01/11 18:03:58 | 000,091,648 | ---- | C] (Inverse Karma) -- C:\Program Files (x86)\GoogleDNSHelper.exe
[2009/11/15 20:45:56 | 002,078,503 | ---- | C] (Michael Weiner) -- C:\Program Files (x86)\Mydefrag gui.exe
[2009/11/11 16:19:12 | 000,028,672 | ---- | C] (http://www.SteveMiller.net) -- C:\Program Files (x86)\PureText.exe

========== Files - Modified Within 30 Days ==========

[2010/11/19 05:43:05 | 000,296,448 | ---- | M] () -- C:\Users\Phil\Desktop\sjle0gdc.exe
[2010/11/19 05:42:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 05:42:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 05:39:53 | 000,730,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/19 05:39:53 | 000,628,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/19 05:39:53 | 000,108,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/19 05:35:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/19 05:35:23 | 000,498,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/19 05:35:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/18 22:57:20 | 000,224,144 | ---- | M] () -- C:\Users\Phil\Desktop\mse results.jpg
[2010/11/18 22:49:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/18 21:29:17 | 000,031,744 | ---- | M] () -- C:\Users\Phil\Desktop\sync log visor.doc
[2010/11/18 21:20:45 | 000,026,624 | ---- | M] () -- C:\Users\Phil\Desktop\whatthetech instr.doc
[2010/11/18 21:04:30 | 000,630,272 | ---- | M] () -- C:\Users\Phil\Desktop\dds.scr
[2010/11/18 20:53:10 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\What's my computer doing.lnk
[2010/11/18 20:39:45 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2010/11/18 20:34:14 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/11/18 20:20:07 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\MyDefrag.lnk
[2010/11/18 20:14:52 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/18 20:13:28 | 000,002,025 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/11/18 20:12:34 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 20:11:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/11/18 20:10:59 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/11/18 20:09:41 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/11/18 20:06:29 | 000,001,885 | ---- | M] () -- C:\Users\Phil\Desktop\jv16 PowerTools 2010.lnk
[2010/11/18 19:59:22 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010/11/18 19:51:27 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/11/18 19:46:58 | 000,001,260 | ---- | M] () -- C:\Users\Phil\Desktop\Revo Uninstaller.lnk
[2010/11/18 19:30:16 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/18 19:22:34 | 000,001,959 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/18 19:04:13 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/16 21:06:40 | 000,026,624 | ---- | M] () -- C:\Users\Phil\Desktop\files to download.doc
[2010/11/16 18:38:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2010/11/16 18:29:37 | 001,402,880 | ---- | M] () -- C:\Users\Phil\Desktop\HiJackThis.msi
[2010/11/16 07:26:24 | 000,000,162 | -H-- | M] () -- C:\Users\Phil\Desktop\~$les to download.doc
[2010/11/14 19:29:31 | 000,027,648 | ---- | M] () -- C:\Users\Phil\Documents\Vacations 1994-Present.doc
[2010/11/04 19:05:09 | 000,001,183 | ---- | M] () -- C:\Users\Phil\Documents\wpb 11-10.gdb
[2010/11/04 17:14:20 | 000,017,917 | ---- | M] () -- C:\Users\Phil\Documents\11-4-10 full data.abkprj
[2010/11/02 21:06:33 | 000,131,584 | ---- | M] () -- C:\Users\Phil\Documents\Amy trip total.doc

========== Files Created - No Company Name ==========

[2010/11/19 05:43:02 | 000,296,448 | ---- | C] () -- C:\Users\Phil\Desktop\sjle0gdc.exe
[2010/11/18 22:57:20 | 000,224,144 | ---- | C] () -- C:\Users\Phil\Desktop\mse results.jpg
[2010/11/18 21:29:02 | 000,031,744 | ---- | C] () -- C:\Users\Phil\Desktop\sync log visor.doc
[2010/11/18 21:04:22 | 000,630,272 | ---- | C] () -- C:\Users\Phil\Desktop\dds.scr
[2010/11/18 21:01:27 | 000,026,624 | ---- | C] () -- C:\Users\Phil\Desktop\whatthetech instr.doc
[2010/11/18 20:39:45 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2010/11/18 20:38:21 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010/11/18 20:38:20 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2010/11/18 20:38:20 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010/11/18 20:38:19 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2010/11/18 20:38:19 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2010/11/18 20:38:18 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010/11/18 20:38:18 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010/11/18 20:38:18 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010/11/18 20:14:52 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/18 20:12:34 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 20:09:41 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/11/16 18:29:33 | 001,402,880 | ---- | C] () -- C:\Users\Phil\Desktop\HiJackThis.msi
[2010/11/16 07:26:24 | 000,000,162 | -H-- | C] () -- C:\Users\Phil\Desktop\~$les to download.doc
[2010/11/16 07:26:16 | 000,026,624 | ---- | C] () -- C:\Users\Phil\Desktop\files to download.doc
[2010/11/14 19:26:11 | 000,027,648 | ---- | C] () -- C:\Users\Phil\Documents\Vacations 1994-Present.doc
[2010/11/04 19:05:09 | 000,001,183 | ---- | C] () -- C:\Users\Phil\Documents\wpb 11-10.gdb
[2010/11/04 17:14:20 | 000,017,917 | ---- | C] () -- C:\Users\Phil\Documents\11-4-10 full data.abkprj
[2010/11/02 20:44:13 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/10/31 22:17:05 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/23 11:34:45 | 000,131,584 | ---- | C] () -- C:\Users\Phil\Documents\Amy trip total.doc
[2010/06/13 13:09:28 | 000,001,542 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/06/05 10:36:54 | 000,000,173 | ---- | C] () -- C:\Windows\ConnMgr.ini
[2010/04/26 21:43:15 | 000,000,000 | ---- | C] () -- C:\Windows\PhoneBkExe.INI
[2010/04/13 18:15:12 | 000,000,000 | ---- | C] () -- C:\Windows\EngineExe.INI
[2010/04/12 20:26:21 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI
[2010/04/12 20:25:33 | 000,000,000 | ---- | C] () -- C:\Windows\FileMgrExe.INI
[2010/02/09 17:26:55 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/01/17 15:04:42 | 000,001,173 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\vso_ts_preview.xml
[2010/01/17 15:04:30 | 000,000,034 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\pcouffin.log
[2010/01/17 15:04:07 | 000,099,384 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\inst.exe
[2010/01/17 15:04:07 | 000,007,859 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\pcouffin.cat
[2010/01/17 15:04:07 | 000,001,167 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\pcouffin.inf
[2010/01/14 19:28:57 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2010/01/14 19:28:56 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\PdfPorts.dll
[2010/01/11 18:04:05 | 000,001,312 | ---- | C] () -- C:\Program Files (x86)\GoogleDNSHelper.exe - Shortcut.lnk
[2009/12/13 19:15:28 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2009/12/01 19:47:51 | 000,026,624 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 17:27:53 | 000,000,023 | -HS- | C] () -- C:\Windows\SysWow64\ecfbabcc7_z.dll
[2009/11/15 21:00:26 | 000,000,105 | ---- | C] () -- C:\Program Files (x86)\defrag2.bat
[2009/11/10 17:35:27 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/09 07:09:43 | 000,000,403 | ---- | C] () -- C:\Windows\intuprof.ini
[2009/11/09 07:09:43 | 000,000,078 | ---- | C] () -- C:\Windows\qwimp.ini
[2009/11/09 07:03:37 | 000,001,433 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/08 22:27:52 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/11/08 22:23:35 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV500P.ini
[2009/11/08 20:54:35 | 000,000,039 | ---- | C] () -- C:\Windows\Brpcfx.ini
[2009/11/08 19:03:41 | 000,033,134 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\UserTile.png
[2009/11/08 09:43:55 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/11/07 15:08:59 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/11/07 08:46:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/05 21:56:18 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/05 21:31:46 | 000,872,448 | ---- | C] () -- C:\Users\Phil\AppData\Local\filesync.metadata
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/03 19:58:58 | 000,000,000 | ---- | M] () -- C:\foo.txt
[2010/08/03 19:58:31 | 000,001,015 | R--- | M] () -- C:\logFile.xsl

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/05 05:20:50 | 000,000,221 | -HS- | M] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 17:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX3000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/11/07 13:55:42 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/11/07 13:55:42 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/11/07 13:55:42 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/11/07 13:55:42 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/11/07 13:55:42 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 06:19:39 | 000,000,402 | -HS- | M] () -- C:\Users\Phil\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/18 19:51:27 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2010/06/13 13:08:20 | 000,824,048 | ---- | M] (tzuk) -- C:\Windows\Installer\SandboxieInstall64.exe
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2009/06/10 14:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\SysWOW64\PerfCenterCpl.ico
[2005/08/28 19:51:42 | 000,000,766 | ---- | M] () -- C:\Windows\SysWOW64\Uninstall.ico

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/11/18 19:59:10 | 000,167,473 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/11/19 06:01:00 | 002,621,440 | ---- | M] () -- C:\Users\Phil\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >
[2010/10/14 17:51:14 | 000,000,041 | ---- | M] () -- C:\Users\Phil\Desktop\standby.bat

< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >
[2009/07/13 13:29:26 | 000,000,714 | ---- | M] () -- C:\Windows\SysWOW64\RestartManager.mof
[2009/07/13 13:29:26 | 000,000,176 | ---- | M] () -- C:\Windows\SysWOW64\RestartManagerUninstall.mof

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2009/11/05 19:52:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\3ivx
[2010/01/02 12:44:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint
[2010/01/03 18:23:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acronis
[2010/11/18 19:50:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/11/05 20:27:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGI
[2009/12/22 10:14:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AIM
[2009/12/22 06:22:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/01/31 12:48:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ashampoo
[2010/07/10 14:20:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity
[2009/12/22 06:22:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Autostitch
[2010/11/18 20:12:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/11/18 19:05:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cathy
[2010/11/18 19:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010/11/18 20:39:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/11/18 20:40:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common FilesffdshowEx
[2010/04/07 19:00:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/11/18 20:11:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DirPrn
[2009/11/05 19:44:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes
[2010/04/10 11:35:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2010/11/18 20:37:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eRightSoft
[2010/02/09 17:26:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ffdshow
[2009/12/22 06:22:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FinePixViewer
[2010/08/03 19:58:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Flip Video
[2010/04/07 18:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FotoSketcher
[2010/04/12 19:58:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Foxit Software
[2009/12/22 06:22:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FrostWire
[2009/11/05 19:41:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Garmin
[2010/08/03 20:40:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GFI
[2010/11/18 17:48:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2009/12/22 06:22:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Handspring
[2010/01/30 21:03:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ImgBurn
[2010/07/10 14:01:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/11/18 19:09:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/11/18 20:14:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/11/18 20:06:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/11/14 14:32:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JerMar Software Corp
[2009/12/11 07:30:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JoshMadison
[2010/11/18 20:06:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\jv16 PowerTools 2010
[2010/07/10 14:20:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame for Audacity
[2010/07/17 13:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LastPass
[2010/11/18 20:12:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/18 20:39:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MediaMall
[2009/12/22 06:22:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/06/28 19:30:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Antimalware
[2009/12/22 06:22:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
[2009/11/07 08:45:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/11/18 19:11:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/11/07 14:54:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/12/22 06:22:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2010/06/23 05:49:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/12/22 06:22:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mortens ShutDown
[2010/11/18 19:24:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/18 20:22:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Thunderbird
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/11/05 19:41:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECACHE
[2009/11/23 18:20:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2009/11/05 17:37:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mythicsoft
[2010/01/03 19:31:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NeoSmart Technologies
[2009/12/22 06:22:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\nirCmd
[2010/08/01 14:25:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PicPick
[2010/01/25 20:06:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PS3 Media Server
[2009/12/22 06:22:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Qemu
[2010/02/13 17:00:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Quick Restore Point Maker
[2010/08/01 14:25:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Quicken
[2010/11/18 20:13:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/11/08 10:23:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/12/22 06:22:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Scanner
[2009/11/29 11:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Secunia
[2009/11/08 16:11:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SlySoft
[2010/03/20 13:45:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmillaEnlarger
[2009/12/22 06:22:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarTech.com-ICUSB232PROX
[2010/01/19 07:17:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeraByte Unlimited
[2010/01/18 17:39:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TurboTax
[2010/02/13 17:00:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ultimate Windows 7 Tweaker
[2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/12/22 06:22:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Unlocker
[2010/03/27 12:50:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/06/22 06:22:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009/11/12 19:40:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VMware
[2009/11/05 18:08:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VS Revo Group
[2010/01/18 18:44:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VSO
[2009/12/22 13:08:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Web Publish
[2010/06/13 14:59:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Webshots
[2010/11/18 20:53:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\What's my computer doing
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/12/22 06:22:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Installer Clean Up
[2010/11/18 20:00:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/05/12 05:07:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/18 19:09:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/12/22 06:22:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009/12/22 06:22:56 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry
[2010/04/15 17:29:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ZipZag.v1.80.Cracked-EXPLOSiON
[2010/07/10 14:24:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zoner

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2010/06/28 21:57:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< %SYSTEMDRIVE%\sy\*.* >

< %systemroot%\*.cot >

< %systemroot%\system32\*.html >

< %systemroot%\system32\win32.exe\*.* >

< %systemroot%\System32\9283\*.* >

< %systemroot%\System32\hardpol\*.* /s >

< %systemroot%\Fonts\*.dat >
[2009/06/10 13:44:08 | 009,633,792 | RHS- | M] () -- C:\Windows\Fonts\StaticCache.dat

< %ProgramFiles%\WinNTsystem operation\*.* >

< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >

< %USERPROFILE%\Templates\*.exe >

< %SYSTEMDRIVE%\MSOCache\*.* >

< %systemroot%\inf\win\*.* >

< %SYSTEMDRIVE%\users\*.ini /x >

< %systemroot%\Media\*.exe >

< %systemroot%\Media\*.dll >

< %USERPROFILE%\Desktop\*.exe >
[2010/11/16 18:38:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2010/11/19 05:43:05 | 000,296,448 | ---- | M] () -- C:\Users\Phil\Desktop\sjle0gdc.exe

< %PROGRAMFILES%\*.* >
[2010/08/04 17:30:05 | 000,000,105 | ---- | M] () -- C:\Program Files (x86)\defrag2.bat
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2010/02/20 12:25:00 | 000,129,024 | ---- | M] (WinTestGear) -- C:\Program Files (x86)\FileTouch.exe
[2010/01/11 17:59:39 | 000,091,648 | ---- | M] (Inverse Karma) -- C:\Program Files (x86)\GoogleDNSHelper.exe
[2010/01/11 18:04:05 | 000,001,312 | ---- | M] () -- C:\Program Files (x86)\GoogleDNSHelper.exe - Shortcut.lnk
[2009/08/20 21:04:00 | 002,078,503 | ---- | M] (Michael Weiner) -- C:\Program Files (x86)\Mydefrag gui.exe
[2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Program Files (x86)\PureText.exe

< %systemroot%\system\*.dat >

< %AppData%\AdobeUM\upldrvdrv2\*.* >

< %ProgramFiles%\wiselink\*.* >

< %systemroot%\*.wd >

< %systemroot%\boot\*.* >

< %systemroot%\ime\*.dll /x >

< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >

< %systemroot%\system32\*.INS >

< %SYSTEMDRIVE%\Temporary\*.* >

< %AppData%\AdobeUM\vclvclupl66\*.* >

< %SYSTEMDRIVE%\KEY\*.* /s >

< %SYSTEMDRIVE%\INVRSO\*.* >

< %systemroot%\Config\Audit\*.* /s >

< %ProgramFiles%\facebook\*.* >

< %SystemRoot%\system32\___hptmp\*.* >

< %SystemRoot%\system32\Macromedia\*.* >

< %SystemRoot%\system32\Macrocmp\*.* >

< %systemroot%\ap0calypse_00CD1A40\*.* /s >

< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >

< %systemroot%\cacher\*.* >

< %systemroot%\down\*.* >

< %systemroot%\up\*.* >

< %SYSTEMDRIVE%\bootstartx.exe\*.* >

< %systemroot%\system32\wbem\grpconv.exe >

< %SYSTEMDRIVE%\Zolander\*.* /s >

< %systemroot%\Media_\*.* >

< %systemroot%\SV1\*.* >

< %systemroot%\system32\Hotspot\*.* >

< %systemroot%\java\*.* >

< %systemroot%\system32\JAVA\*.* >

< %systemroot%\system32\syst\*.* >

< %systemroot%\msapps\*.* >

< %systemroot%\Fonts\*.html >

< %systemroot%\WinRecycleb\*.* >

< %systemroot%\system32\PassTools\*.* >

< %USERPROFILE%\Templates\*.txt >

< %systemroot%\system32\cock\*.* >

< %systemroot%\system32\xmldm\*.* >

< %systemroot%\system32\ui\*.* /s >

< %SYSTEMDRIVE%\autorun.inf\*.* /s >

< %ProgramFiles%\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\c\*.* /s >

< %systemroot%\win\*.* >

< %systemroot%\system32\update_flash\*.* >

< %systemroot%\system32\dllcache\*.bak >

< %SYSTEMDRIVE%\wedfwefeee.exe\*.* >

< %SYSTEMDRIVE%\explorxxxx.exe\*.* >

< %USERPROFILE%\My Documents\Windows\*.* /s >

< %ProgramFiles%\Application\*.* >

< %systemroot%\Help\*.exe >

< %systemroot%\system32\dllcache\*.bat >

< %systemroot%\system32\User\*.* >

< %systemroot%\system32\eifrest\*.* >

< %SYSTEMDRIVE%\directory\*.* /s >

< %systemroot%\system32\programs\*.* >

< %systemroot%\ProNet\*.* >

< %systemroot%\Tasks\svchost\*.* >

< %systemroot%\system32\UAs\*.* >

< %systemroot%\*.cab >

< %SYSTEMDRIVE%\ciaxxxxxxx.exe\*.* >

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath >

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter >
"EnabledV8" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main|DEPOff /rs >

< HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Driversx >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Driversx64 >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install /s >

< HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers >

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate]

< HKLM\Software\Policies\Microsoft\Windows\System\Scripts /s >

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = yes

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 11/19/2010 5:58:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Phil\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.48 Gb Total Space | 108.62 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 319.18 Gb Total Space | 177.96 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Computer Name: QUADCORE | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}" = Microsoft Image Composite Editor
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B25BFFC9-FF51-44F2-9E46-4D93849C836F}" = SyncToy 2.0 (x64)
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 5.0.0.609
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"MyDefrag_is1" = MyDefrag v4.1.2
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.442 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E105942-593C-4C48-AB3D-BEC2124F5FCE}" = Garmin City Navigator Europe NT 2008
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{234C4ED9-65DE-4FB4-8000-E2381FA24F4E}" = MapSource - MetroGuide North America v6
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}" = Greeting Card Factory Deluxe 8.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F702F22-A623-4B6A-41BD-420700558223}_is1" = What's my computer doing 1.xx
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D5872B2-E811-4C55-9781-81D7A3C6AC87}" = PlayOn
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{65EB09A3-993B-401E-8936-C9708CBFAB26}" = FinePixViewer YTUPL
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{C713C8B5-F0E1-401D-AE9B-3AB0E180D626}" = WinDriversBackup
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 1.96
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"AIM_7" = AIM 7
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Audacity_is1" = Audacity 1.2.6
"CloneDVD2" = CloneDVD2
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Foxit Reader" = Foxit Reader
"FrostWire" = FrostWire 4.13.1.7 BETA
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"ImgBurn" = ImgBurn
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{234C4ED9-65DE-4FB4-8000-E2381FA24F4E}" = MapSource - MetroGuide North America v6
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Picasa 3" = Picasa 3
"PicPick" = PicPick
"Qemu" = Qemu 0.7.2 (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.90
"Secunia PSI" = Secunia PSI
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"ST6UNST #1" = Karen's Directory Printer
"Starry Night Enthusiast 6" = Starry Night Enthusiast 6
"StarTech.com-ICUSB232PROX" = StarTech.com-ICUSB232PROX
"SUPER ©" = SUPER © Version 2010.bld.39 (Oct 24, 2010)
"TBIView_is1" = TBIView 4.03b
"TurboTax 2009" = TurboTax 2009
"Unlocker" = Unlocker 1.8.8
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VMware_Player" = VMware Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"LastPass" = LastPass (uninstall only)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 November 2010 - 09:35 AM

pzinser,

Double click on OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes

:OTL
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe File not found
O33 - MountPoints2\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009/04/29 02:02:01 | 000,270,336 | R--- | M] (LG Electronics)

:Services

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 19 November 2010 - 06:22 PM

As requested-

All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D9F03FA-7A94-11D3-BE81-0050048385D1}\ not found.
File {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Acronis Scheduler2 Service\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd4d7b67-c9b5-11de-848a-806e6f6e6963}\ not found.
File move failed. E:\BlueBirds.exe scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Phil\Desktop\cmd.bat deleted successfully.
C:\Users\Phil\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43383 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Phil
->Temp folder emptied: 116334710 bytes
->Temporary Internet Files folder emptied: 6367974 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57376 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41480190 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 142528384 bytes

Total Files Cleaned = 293.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11192010_171608

Files\Folders moved on Reboot...
File move failed. E:\BlueBirds.exe scheduled to be moved on reboot.
C:\Users\Phil\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2356.log moved successfully.

Registry entries deleted on Reboot...

#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 November 2010 - 06:45 PM

pzinser,

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove


#11 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 19 November 2010 - 10:07 PM

eset log is below. For what it's worth, I'm still getting redirects, along with new un-prompted tabs opening. I had to upload the last 2 replies here from another computer as the infected machine "timed-out" or something to that effect. The file listed below is from 2006, from another machine, and never caused a problem before. F:\Data\Archive\video converters 4-06\rmconverter.exe probably a variant of Win32/Agent.DGHSXKF trojan

#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 November 2010 - 11:28 PM

pzinser,

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

F:\Data\Archive\video converters 4-06\ rmconverter.exe <===this file

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

MBRCheck
Please download MBRCheck.exe to your desktop.

  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

Please download Rootkit Unhooker and save it on your desktop.
  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers and Stealth Code,
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning, it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 20 November 2010 - 12:58 AM

Below are jotti and mbr results. 2 different computers could not access the provided link for rootkit scanner (see attached screenshot). I found an alternate download site but got an error message when launching the program (see same attached sceen shot). Thanks. Jotti's malware scan This file has been scanned before. The results for this previous scan are listed below. Filename: rmconverter.exe Status: Scan finished. 0 out of 18 scanners reported malware. Scan taken on: Thu 13 May 2010 21:16:21 (CET) Permalink Additional info File size: 2387351 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: e045708bf8fa0ab49f23c421bd7557ff SHA1: 0f83245026fe11e62bcc61e01f6c94320eb13d96 Packer (Drweb): UPX Packer (Kaspersky): Armadillo, UPX Scanners [ArcaVir] 2010-05-13 Found nothing [G DATA] 2010-05-13 Found nothing [Avast! antivirus] 2010-05-13 Scanner unavailable [Ikarus] 2010-05-13 Found nothing [Grisoft AVG Anti-Virus] 2010-05-13 Found nothing [Kaspersky Anti-Virus] 2010-05-13 Found nothing [Avira AntiVir] 2010-05-13 Found nothing [ESET NOD32] 2010-05-13 Found nothing [Softwin BitDefender] 2010-05-13 Found nothing [Panda Antivirus] 2010-05-13 Found nothing [ClamAV] 2010-05-13 Found nothing [Quick Heal] 2010-05-13 Found nothing [CPsecure] 2010-05-13 Found nothing [Sophos] 2010-05-11 Found nothing [Dr.Web] 2010-05-13 Found nothing [VirusBlokAda VBA32] 2010-05-12 Found nothing [Frisk F-Prot Antivirus] 2010-05-13 Found nothing [VirusBuster] 2010-05-13 Found nothing [F-Secure Anti-Virus] 2010-05-13 Found nothing MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: EP43-UD3L Logical Drives Mask: 0x00001e3d Kernel Drivers (total 214): 0x02C55000 \SystemRoot\system32\ntoskrnl.exe 0x02C0C000 \SystemRoot\system32\hal.dll 0x00BA2000 \SystemRoot\system32\kdcom.dll 0x00C2F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C73000 \SystemRoot\system32\PSHED.dll 0x00C87000 \SystemRoot\system32\CLFS.SYS 0x00CE5000 \SystemRoot\system32\CI.dll 0x00E3E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EE2000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EF1000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F48000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F51000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F5B000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F8E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F9B000 \SystemRoot\System32\drivers\partmgr.sys 0x00FB0000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x01044000 \SystemRoot\System32\drivers\volmgrx.sys 0x010A0000 \SystemRoot\system32\DRIVERS\pciide.sys 0x010A7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x010B7000 \SystemRoot\System32\drivers\mountmgr.sys 0x010D1000 \SystemRoot\system32\DRIVERS\atapi.sys 0x010DA000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x01104000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x0110F000 \SystemRoot\system32\drivers\fltmgr.sys 0x0115B000 \SystemRoot\system32\drivers\fileinfo.sys 0x01220000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0116F000 \SystemRoot\System32\Drivers\msrpc.sys 0x013C3000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0146D000 \SystemRoot\System32\Drivers\cng.sys 0x014E0000 \SystemRoot\System32\drivers\pcw.sys 0x014F1000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014FB000 \SystemRoot\system32\drivers\ndis.sys 0x01400000 \SystemRoot\system32\drivers\NETIO.SYS 0x011CD000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01602000 \SystemRoot\System32\drivers\tcpip.sys 0x00DA5000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0180F000 \SystemRoot\system32\DRIVERS\timntr.sys 0x018BF000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0190B000 \SystemRoot\System32\Drivers\spldr.sys 0x01913000 \SystemRoot\system32\DRIVERS\sbp2port.sys 0x01930000 \SystemRoot\System32\drivers\rdyboost.sys 0x0196A000 \SystemRoot\System32\Drivers\mup.sys 0x0197C000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01985000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x019BF000 \SystemRoot\system32\DRIVERS\disk.sys 0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x00FC5000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x00E00000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x01800000 \SystemRoot\System32\Drivers\Null.SYS 0x019F8000 \SystemRoot\System32\Drivers\Beep.SYS 0x013DD000 \SystemRoot\System32\drivers\vga.sys 0x00C00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x013EB000 \SystemRoot\System32\drivers\watchdog.sys 0x01460000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01200000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01209000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01212000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01030000 \SystemRoot\System32\Drivers\Npfs.SYS 0x02CF1000 \SystemRoot\system32\DRIVERS\tdx.sys 0x02D0F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02D1C000 \SystemRoot\system32\drivers\afd.sys 0x02DA6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02DEB000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x02DF6000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02C00000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02C26000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys 0x02C3A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02C49000 \SystemRoot\system32\DRIVERS\serial.sys 0x02C66000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02C81000 \SystemRoot\system32\drivers\vpcvmm.sys 0x02CD8000 \SystemRoot\system32\DRIVERS\termdd.sys 0x040FA000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x0414B000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04157000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x04162000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x0416E000 \SystemRoot\System32\drivers\discache.sys 0x0417D000 \SystemRoot\System32\Drivers\dfsc.sys 0x0419B000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x041AC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x041D2000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04889000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x04EA0000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04F94000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04FDA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04800000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x0480D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04863000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x04039000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x04874000 \SystemRoot\system32\DRIVERS\fdc.sys 0x04077000 \SystemRoot\system32\DRIVERS\serenum.sys 0x04083000 \SystemRoot\system32\DRIVERS\parport.sys 0x040A0000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x040BE000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x040CD000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x040DC000 \??\C:\Windows\system32\drivers\VMkbd.sys 0x044FE000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x04521000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x0452E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x0453E000 \SystemRoot\system32\drivers\povrtdev.sys 0x04549000 \SystemRoot\system32\drivers\portcls.sys 0x04586000 \SystemRoot\system32\drivers\drmk.sys 0x045A8000 \SystemRoot\system32\drivers\ks.sys 0x045EB000 \SystemRoot\system32\drivers\ksthunk.sys 0x04400000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x04416000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0443A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04446000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x04475000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04490000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x044B1000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x044CB000 \SystemRoot\System32\Drivers\pcouffin.sys 0x044E0000 \SystemRoot\system32\DRIVERS\swenum.sys 0x044E2000 \SystemRoot\system32\DRIVERS\umbus.sys 0x05087000 \SystemRoot\system32\DRIVERS\vpcusb.sys 0x050A4000 \SystemRoot\system32\DRIVERS\usbrpm.sys 0x050B3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x050B5000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys 0x050BD000 \SystemRoot\system32\DRIVERS\VMNET.SYS 0x050C7000 \SystemRoot\system32\DRIVERS\vpchbus.sys 0x05103000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0515D000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x05168000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0517D000 \SystemRoot\system32\drivers\HdAudio.sys 0x000B0000 \SystemRoot\System32\win32k.sys 0x051D9000 \SystemRoot\System32\drivers\Dxapi.sys 0x05000000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x0501D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0502B000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x05037000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x05040000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x05053000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x0506E000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00520000 \SystemRoot\System32\TSDDD.dll 0x019D5000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x051E5000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x040E7000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x051F1000 \SystemRoot\System32\Drivers\BrUsbSer.sys 0x02870000 \SystemRoot\System32\Drivers\Brserid.sys 0x00740000 \SystemRoot\System32\cdd.dll 0x00990000 \SystemRoot\System32\ATMFD.DLL 0x028BC000 \SystemRoot\system32\drivers\luafv.sys 0x028DF000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0x028F6000 \SystemRoot\system32\drivers\WudfPf.sys 0x02A01000 \SystemRoot\system32\DRIVERS\VX3000.sys 0x02917000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x02928000 \SystemRoot\system32\drivers\usbaudio.sys 0x02943000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys 0x02953000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02968000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x06643000 \SystemRoot\system32\drivers\HTTP.sys 0x0670B000 \SystemRoot\system32\DRIVERS\bowser.sys 0x06729000 \SystemRoot\System32\drivers\mpsdrv.sys 0x06741000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0676E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x067BC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x067DF000 \??\C:\Windows\system32\drivers\hcmon.sys 0x06600000 \??\C:\Windows\system32\drivers\vmci.sys 0x06618000 \??\C:\Windows\system32\drivers\VMparport.sys 0x06A66000 \??\C:\Windows\system32\drivers\vmx86.sys 0x06B3C000 \SystemRoot\system32\drivers\peauth.sys 0x06BE2000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06A00000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06A2D000 \??\C:\Program Files\Sandboxie\SbieDrv.sys 0x06A52000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06BED000 \??\C:\Windows\system32\drivers\vmnetuserif.sys 0x06620000 \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys 0x02980000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl 0x02800000 \SystemRoot\System32\DRIVERS\srv2.sys 0x029AB000 \SystemRoot\System32\Drivers\fastfat.SYS 0x07240000 \SystemRoot\System32\DRIVERS\srv.sys 0x072D6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x07378000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x07383000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0x76DF0000 \Windows\System32\ntdll.dll 0x48210000 \Windows\System32\smss.exe 0xFF110000 \Windows\System32\apisetschema.dll 0xFFB50000 \Windows\System32\autochk.exe 0xFF080000 \Windows\System32\shlwapi.dll 0xFEFA0000 \Windows\System32\oleaut32.dll 0xFEF90000 \Windows\System32\nsi.dll 0xFEF80000 \Windows\System32\lpk.dll 0xFEF00000 \Windows\System32\difxapi.dll 0x76CF0000 \Windows\System32\user32.dll 0xFEDD0000 \Windows\System32\wininet.dll 0xFED00000 \Windows\System32\usp10.dll 0xFEB80000 \Windows\System32\urlmon.dll 0xFDDF0000 \Windows\System32\shell32.dll 0xFDD50000 \Windows\System32\clbcatq.dll 0xFDCB0000 \Windows\System32\msvcrt.dll 0xFDBD0000 \Windows\System32\advapi32.dll 0xFD970000 \Windows\System32\iertutil.dll 0xFD860000 \Windows\System32\msctf.dll 0x76FC0000 \Windows\System32\psapi.dll 0xFD730000 \Windows\System32\rpcrt4.dll 0xFD700000 \Windows\System32\imm32.dll 0xFD4F0000 \Windows\System32\ole32.dll 0x76BD0000 \Windows\System32\kernel32.dll 0xFD450000 \Windows\System32\comdlg32.dll 0xFD430000 \Windows\System32\imagehlp.dll 0x76FB0000 \Windows\System32\normaliz.dll 0xFD410000 \Windows\System32\sechost.dll 0xFD3C0000 \Windows\System32\ws2_32.dll 0xFD1E0000 \Windows\System32\setupapi.dll 0xFD170000 \Windows\System32\gdi32.dll 0xFD120000 \Windows\System32\Wldap32.dll 0xFCFB0000 \Windows\System32\crypt32.dll 0xFCF70000 \Windows\System32\wintrust.dll 0xFCED0000 \Windows\System32\comctl32.dll 0xFCEB0000 \Windows\System32\devobj.dll 0xFCE70000 \Windows\System32\cfgmgr32.dll 0xFCE00000 \Windows\System32\KernelBase.dll 0xFCDF0000 \Windows\System32\msasn1.dll 0x76FA0000 \Windows\SysWOW64\normaliz.dll Processes (total 63): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 404 csrss.exe 456 C:\Windows\System32\wininit.exe 472 csrss.exe 520 C:\Windows\System32\services.exe 552 C:\Windows\System32\lsass.exe 560 C:\Windows\System32\lsm.exe 644 C:\Windows\System32\winlogon.exe 748 C:\Windows\System32\svchost.exe 836 C:\Windows\System32\svchost.exe 912 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe 992 C:\Windows\System32\atiesrxx.exe 464 C:\Windows\System32\svchost.exe 368 C:\Windows\System32\svchost.exe 664 C:\Windows\System32\svchost.exe 1160 C:\Windows\System32\svchost.exe 1192 C:\Windows\System32\atieclxx.exe 1328 C:\Windows\System32\svchost.exe 1484 C:\Windows\System32\spoolsv.exe 1528 C:\Windows\System32\svchost.exe 1628 C:\Windows\System32\taskhost.exe 1768 C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe 1920 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2024 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1368 C:\Windows\System32\svchost.exe 1676 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe 1540 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 1844 C:\Program Files\Sandboxie\SbieSvc.exe 2104 C:\Windows\System32\svchost.exe 2168 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 2268 C:\Windows\SysWOW64\vmnat.exe 2320 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2416 C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe 2440 C:\Windows\SysWOW64\vmnetdhcp.exe 2488 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2668 unsecapp.exe 2760 WmiPrvSE.exe 2936 WUDFHost.exe 3056 C:\Windows\System32\svchost.exe 3172 C:\Windows\System32\dwm.exe 3208 C:\Windows\explorer.exe 3376 C:\Program Files\Microsoft Security Essentials\msseces.exe 3384 C:\Windows\WindowsMobile\wmdc.exe 3392 C:\Program Files (x86)\PicPick\picpick.exe 3412 C:\Program Files (x86)\PureText.exe 3620 C:\Program Files (x86)\Webshots\3.1.5.7617\Webshots.scr 3656 C:\Windows\System32\svchost.exe 3672 C:\Windows\StartupMonitor.exe 3792 C:\Windows\System32\SearchIndexer.exe 2328 C:\Windows\System32\svchost.exe 360 C:\Program Files\Windows Media Player\wmpnetwk.exe 3148 dllhost.exe 4192 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 960 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 4400 C:\Windows\System32\audiodg.exe 4580 C:\Windows\System32\SearchProtocolHost.exe 4876 C:\Windows\System32\SearchFilterHost.exe 4996 C:\Windows\System32\notepad.exe 344 C:\Users\Phil\Desktop\MBRCheck.exe 3276 C:\Windows\System32\conhost.exe 3036 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06001e00 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000024`a4c94000 (NTFS) PhysicalDrive0 Model Number: WDCWD5000AAJS-00A8B2, Rev: 01.03B01 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: CCF356FEC6D9BBB29EF3EF1E4270A2B799955EA4 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!

Attached Thumbnails

  • rkunhookerle_screenshot.jpg


#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 November 2010 - 03:07 PM

pzinser,

Ignore RKU for now. MBRCheck found what we were looking for.

Okay, second run of MBRCheck.

The MBR has been rewritten.

Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#15 pzinser

pzinser

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 20 November 2010 - 03:28 PM

Below is the latest result of MBRcheck. I no this is a no-no but when I couldn't run RKU I did some poking around on the error message and found a thread on a different forum that had the same type machine config, problems, troubleshooting routine, etc. as me. I ran OTL with some custom parameters listed, followed by a successful (this time!) running of TDSKiller. An MBR trojan was found and eliminated. At this point, things seem to be running normally, with no google redirects, new tab popups, or other odd behavior since this fix. I think I'm OK now. If the log below looks OK to you, can we "suspend" further troubleshooting for 24 hours, to be sure nothing re-occurs, and then close the topic if I'm still OK?? Thanks so much for your help. Phil MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: EP43-UD3L Logical Drives Mask: 0x0000003d Kernel Drivers (total 214): 0x02C65000 \SystemRoot\system32\ntoskrnl.exe 0x02C1C000 \SystemRoot\system32\hal.dll 0x00BBC000 \SystemRoot\system32\kdcom.dll 0x00C46000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C8A000 \SystemRoot\system32\PSHED.dll 0x00C9E000 \SystemRoot\system32\CLFS.SYS 0x00CFC000 \SystemRoot\system32\CI.dll 0x00E23000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EC7000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00ED6000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F2D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F36000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F40000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F73000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F80000 \SystemRoot\System32\drivers\partmgr.sys 0x00F95000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x010E7000 \SystemRoot\System32\drivers\volmgrx.sys 0x01143000 \SystemRoot\system32\DRIVERS\pciide.sys 0x0114A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x0115A000 \SystemRoot\System32\drivers\mountmgr.sys 0x01174000 \SystemRoot\system32\DRIVERS\atapi.sys 0x0117D000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x011A7000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x011B2000 \SystemRoot\system32\drivers\fltmgr.sys 0x01000000 \SystemRoot\system32\drivers\fileinfo.sys 0x01234000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01014000 \SystemRoot\System32\Drivers\msrpc.sys 0x013D7000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01072000 \SystemRoot\System32\Drivers\cng.sys 0x01200000 \SystemRoot\System32\drivers\pcw.sys 0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014DA000 \SystemRoot\system32\drivers\ndis.sys 0x01400000 \SystemRoot\system32\drivers\NETIO.SYS 0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01603000 \SystemRoot\System32\drivers\tcpip.sys 0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x018E5000 \SystemRoot\system32\DRIVERS\timntr.sys 0x01995000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x019E1000 \SystemRoot\System32\Drivers\spldr.sys 0x01800000 \SystemRoot\system32\DRIVERS\sbp2port.sys 0x0181D000 \SystemRoot\System32\drivers\rdyboost.sys 0x01857000 \SystemRoot\System32\Drivers\mup.sys 0x01869000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01872000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x018AC000 \SystemRoot\system32\DRIVERS\disk.sys 0x015CC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x00FAA000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x00DBC000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x0121B000 \SystemRoot\System32\Drivers\Null.SYS 0x01224000 \SystemRoot\System32\Drivers\Beep.SYS 0x013F1000 \SystemRoot\System32\drivers\vga.sys 0x00FD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x00E00000 \SystemRoot\System32\drivers\watchdog.sys 0x0122B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x00E10000 \SystemRoot\system32\drivers\rdpencdd.sys 0x00E19000 \SystemRoot\system32\drivers\rdprefmp.sys 0x00DE9000 \SystemRoot\System32\Drivers\Msfs.SYS 0x00C00000 \SystemRoot\System32\Drivers\Npfs.SYS 0x00C11000 \SystemRoot\system32\DRIVERS\tdx.sys 0x00C2F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02CB8000 \SystemRoot\system32\drivers\afd.sys 0x02D42000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D87000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x02D92000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D9B000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02DC1000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys 0x02DD5000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys 0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02C38000 \SystemRoot\system32\drivers\vpcvmm.sys 0x02C8F000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03EAB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03EFC000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03F08000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03F13000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x03F1F000 \SystemRoot\System32\drivers\discache.sys 0x03F2E000 \SystemRoot\System32\Drivers\dfsc.sys 0x03F4C000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03F5D000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03F83000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04877000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x04E8E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04F82000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04FC8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04FEC000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x04800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04856000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03F99000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x03E00000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x04867000 \SystemRoot\system32\DRIVERS\fdc.sys 0x03E3E000 \SystemRoot\system32\DRIVERS\serenum.sys 0x03E4A000 \SystemRoot\system32\DRIVERS\parport.sys 0x03E67000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03E85000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03E94000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03FD2000 \??\C:\Windows\system32\drivers\VMkbd.sys 0x03FDD000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x02CA3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x02DE4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x02DF4000 \SystemRoot\system32\drivers\povrtdev.sys 0x042F9000 \SystemRoot\system32\drivers\portcls.sys 0x04336000 \SystemRoot\system32\drivers\drmk.sys 0x04358000 \SystemRoot\system32\drivers\ks.sys 0x0439B000 \SystemRoot\system32\drivers\ksthunk.sys 0x043A1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x043B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x043DB000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04200000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0422F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0424A000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x0426B000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04285000 \SystemRoot\System32\Drivers\pcouffin.sys 0x0429A000 \SystemRoot\system32\DRIVERS\swenum.sys 0x0429C000 \SystemRoot\system32\DRIVERS\umbus.sys 0x042AE000 \SystemRoot\system32\DRIVERS\vpcusb.sys 0x042CB000 \SystemRoot\system32\DRIVERS\usbrpm.sys 0x042DA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x042DC000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys 0x042E4000 \SystemRoot\system32\DRIVERS\VMNET.SYS 0x044A8000 \SystemRoot\system32\DRIVERS\vpchbus.sys 0x044E4000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0453E000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x04549000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0455E000 \SystemRoot\system32\drivers\HdAudio.sys 0x000D0000 \SystemRoot\System32\win32k.sys 0x045BA000 \SystemRoot\System32\drivers\Dxapi.sys 0x045C6000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x045E3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x045F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x04400000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x04409000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x04437000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00550000 \SystemRoot\System32\TSDDD.dll 0x00680000 \SystemRoot\System32\cdd.dll 0x00910000 \SystemRoot\System32\ATMFD.DLL 0x04445000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x04462000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x0446E000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x0447F000 \SystemRoot\System32\Drivers\BrUsbSer.sys 0x0281E000 \SystemRoot\System32\Drivers\Brserid.sys 0x02A01000 \SystemRoot\system32\DRIVERS\VX3000.sys 0x0286A000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x0287B000 \SystemRoot\system32\drivers\luafv.sys 0x0289E000 \SystemRoot\system32\drivers\usbaudio.sys 0x028B9000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0x028D0000 \SystemRoot\system32\drivers\WudfPf.sys 0x028F1000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys 0x02901000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02916000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0292E000 \SystemRoot\system32\drivers\HTTP.sys 0x02800000 \SystemRoot\system32\DRIVERS\bowser.sys 0x04483000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0624E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0627B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x062C9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x062EC000 \??\C:\Windows\system32\drivers\hcmon.sys 0x062F8000 \??\C:\Windows\system32\drivers\vmci.sys 0x06310000 \??\C:\Windows\system32\drivers\VMparport.sys 0x06318000 \??\C:\Windows\system32\drivers\vmx86.sys 0x06CF1000 \SystemRoot\system32\drivers\peauth.sys 0x06D97000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06DA2000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06DCF000 \??\C:\Program Files\Sandboxie\SbieDrv.sys 0x06C00000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06C12000 \??\C:\Windows\system32\drivers\vmnetuserif.sys 0x06C1C000 \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys 0x06C28000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl 0x06C53000 \SystemRoot\System32\DRIVERS\srv2.sys 0x07224000 \SystemRoot\System32\DRIVERS\srv.sys 0x072BA000 \SystemRoot\System32\Drivers\fastfat.SYS 0x072F0000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0x07331000 \SystemRoot\system32\DRIVERS\psi_mf.sys 0x073AB000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x073B6000 \SystemRoot\System32\Drivers\vmusb.sys 0x777C0000 \Windows\System32\ntdll.dll 0x477F0000 \Windows\System32\smss.exe 0xFFAE0000 \Windows\System32\apisetschema.dll 0xFFD90000 \Windows\System32\autochk.exe 0xFFA80000 \Windows\System32\Wldap32.dll 0xFECF0000 \Windows\System32\shell32.dll 0xFECC0000 \Windows\System32\imm32.dll 0xFEB40000 \Windows\System32\urlmon.dll 0xFEA10000 \Windows\System32\rpcrt4.dll 0xFE940000 \Windows\System32\usp10.dll 0x77990000 \Windows\System32\psapi.dll 0xFE810000 \Windows\System32\wininet.dll 0xFE790000 \Windows\System32\shlwapi.dll 0xFE710000 \Windows\System32\difxapi.dll 0xFE6F0000 \Windows\System32\sechost.dll 0x776A0000 \Windows\System32\kernel32.dll 0xFE650000 \Windows\System32\comdlg32.dll 0x775A0000 \Windows\System32\user32.dll 0x77980000 \Windows\System32\normaliz.dll 0xFE630000 \Windows\System32\imagehlp.dll 0xFE590000 \Windows\System32\clbcatq.dll 0xFE580000 \Windows\System32\nsi.dll 0xFE510000 \Windows\System32\gdi32.dll 0xFE500000 \Windows\System32\lpk.dll 0xFE2F0000 \Windows\System32\ole32.dll 0xFE250000 \Windows\System32\msvcrt.dll 0xFE170000 \Windows\System32\advapi32.dll 0xFE060000 \Windows\System32\msctf.dll 0xFDF80000 \Windows\System32\oleaut32.dll 0xFDF30000 \Windows\System32\ws2_32.dll 0xFDD50000 \Windows\System32\setupapi.dll 0xFDAF0000 \Windows\System32\iertutil.dll 0xFDA50000 \Windows\System32\comctl32.dll 0xFDA10000 \Windows\System32\wintrust.dll 0xFD9A0000 \Windows\System32\KernelBase.dll 0xFD830000 \Windows\System32\crypt32.dll 0xFD7F0000 \Windows\System32\cfgmgr32.dll 0xFD7D0000 \Windows\System32\devobj.dll 0xFD7C0000 \Windows\System32\msasn1.dll 0x77120000 \Windows\SysWOW64\normaliz.dll Processes (total 69): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 408 csrss.exe 472 C:\Windows\System32\wininit.exe 492 csrss.exe 528 C:\Windows\System32\services.exe 548 C:\Windows\System32\lsass.exe 556 C:\Windows\System32\lsm.exe 660 C:\Windows\System32\svchost.exe 708 C:\Windows\System32\winlogon.exe 788 C:\Windows\System32\svchost.exe 852 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe 932 C:\Windows\System32\atiesrxx.exe 1004 C:\Windows\System32\svchost.exe 332 C:\Windows\System32\svchost.exe 424 C:\Windows\System32\svchost.exe 1060 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1304 C:\Windows\System32\spoolsv.exe 1332 C:\Windows\System32\svchost.exe 1472 C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe 1604 C:\Windows\System32\atieclxx.exe 1636 C:\Windows\System32\taskhost.exe 1712 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1852 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1900 C:\Windows\System32\svchost.exe 1928 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe 1108 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 1200 C:\Program Files\Sandboxie\SbieSvc.exe 1420 C:\Windows\System32\svchost.exe 1648 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 1836 C:\Windows\SysWOW64\vmnat.exe 1556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2212 C:\Windows\SysWOW64\vmnetdhcp.exe 2240 C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe 2296 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2568 unsecapp.exe 2752 WmiPrvSE.exe 2928 C:\Windows\System32\svchost.exe 2592 C:\Windows\System32\dwm.exe 688 C:\Windows\explorer.exe 3116 C:\Windows\System32\taskeng.exe 3196 C:\Program Files\Microsoft Security Essentials\msseces.exe 3204 C:\Windows\WindowsMobile\wmdc.exe 3256 C:\Windows\System32\svchost.exe 3316 C:\Program Files (x86)\PicPick\picpick.exe 3332 C:\Program Files (x86)\PureText.exe 3484 C:\Windows\System32\SearchIndexer.exe 3564 C:\PROGRA~2\Webshots\315~2.761\Webshots.scr 3588 C:\Program Files (x86)\Secunia\PSI\psi.exe 3616 C:\Windows\StartupMonitor.exe 3940 C:\Program Files\Windows Media Player\wmpnetwk.exe 1512 C:\Windows\System32\svchost.exe 4460 dllhost.exe 4756 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 2532 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe 4192 C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe 1956 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4564 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 2148 C:\Windows\System32\audiodg.exe 4076 WmiPrvSE.exe 2412 C:\Windows\System32\taskeng.exe 2624 C:\Windows\System32\SearchProtocolHost.exe 2056 C:\Windows\System32\SearchFilterHost.exe 2740 taskhost.exe 4652 C:\Users\Phil\Desktop\prev mal tools\MBRCheck.exe 2708 C:\Windows\System32\conhost.exe 4556 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06001e00 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000024`a4c94000 (NTFS) PhysicalDrive0 Model Number: WDCWD5000AAJS-00A8B2, Rev: 01.03B01 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E Done!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users